Copyright Bee Ware 2013

For more information : www.bee-ware.net/en

About Bee Ware: Bee Ware is a European provider of solutions for security and availability of Web applications. Bee Ware’s i-Suite solution provides

organizations of all sizes with the means to ght the growing threats that can impact their activity while ensuring optimum quality of service and

performance.

Sources: Bee Ware, Economie et Société, IDC, Infographics Mania, Internet Retailer, IVIZ, Les Echos,

MMcAfee, Opinion Way, OWASP, Ponemon Institut, SANS Institute, UNODC, White Hat.

From A User Perspective

60% of people use the same password across multiple sites

55% of companies are concerned with identity theft

49% of users do not use complex passwords or do not change them regularly

From A Company Perspective

73%

90%

30%

99%

42%

8/10websites have serious vulnerabilities

of organizations have been hacked at least once through insecure web applications

of detected hacking incidents are never disclosed to the general public

of the hacked organizations already knew their vulnerability

of logs are reviewed or monitored only when alerts are raised

of intrusions result from the exploitation of known vulnerabilities

On the User Side

Do not use personal information in passwords

Use different passwords for your various accounts

Setup 2-factor authentication whenever possible

Do not use public computers or personal smartphones to access corporate sensitive data

1

2

3

4

On the Application Side

Secure all web administration domains with SSL protocol (https)

Do not settle for default conguration of accounts and proles in network and security products

Delete all default accounts from your IT pproducts

Adjust your security policies to the criticalityof the information

Apply xes and updates to your web applications and infrastructure frequently and regularly

Do not trust HTTP referrers (too easy to forge)

UUse a web application rewall specically congured for your environment

Secure web application admin zones by restricting authorized IP addresses

Validate data entry on the server side (rather than client)

Reduce information disclosing by changing AApache ServerTokens and by creating secureerror messages

11

12

13

14

15

16

17

18

19

20

On the Server Side

Use root account only when necessary

Use Private Networks for internal server trafficwhenever possible

Log every admin access with time stamp and name of every user

Monitor web traffic for any unusual traffic or aor activity

Run local and remote security scans on a regular basis

Test out your backups

5

6

7

8

9

10

$ 1 trillion

$ 3.5 billion

$ 2,86 million

Total estimated cost of cyber criminality: up to $1 trillion a yearIdentity theft generates $1 billion per year

The cost related to data loss and theft in France is approximately

$ 2,86 million per “incident”

Online fraud cost totaled $3.5 billion in 2012 for e-retailers

Security Policy

of organizations do not have a formal documented security policy in place35%

Cloud & SaaS

AgreeDisagreeNeutral

45%22%

33%

The potential security risks introduced by cloud computing and SaaS far outweigh the benets

Increasing volume of threats and/or attacks 63%

Increasing sophistication of attacks 61%

Complexity of security solutions 53%

The most frequently quoted challenges

Security Challenges

64% Difficulty in securing web applications60% Web 2.0 use

by employees

The most important challenges over the next 12 months

20 tips

Consequences

Major Web Security Risks

AN OVERVIEW OF WEB SECURITY

Data presented and consolidated by Bee Ware