sb-au logo
Story image

It's time to pick up the pace on HTTPS encryption, survey finds

30 May 2017

Less than half of internet sites support HTTPS, despite it being a 'must have' for all businesses, according to a new report from web optimisation provider SEMrush.

The company conducted data on 100,000 anonymous websites and 45% of them supported HTTPS. While the sample was small, many of them supposedly used the secure protocol.

9% of those websites still had insecure pages with password input fields - even though Google requires that any website that collects passwords should be encrypted.

The company says that even minor errors in HTTPS implementation can cost them in user security factors and Google attention.

Last year Google announced that as of January this year, Chrome started marking HTTP pages that collected passwords or credit cards as non-secure, as part of an effort to mark all HTTP sites as non-secure.

That implementation can come down to using mixed content, which means that browsers will warn users about loading insecure content, which can impact the user experience and user confidence. 50% of all analysed websites fell into that trap.

The company also found that 50% of websites that were moving to HTTPS still included errors through internal links to HTTP pages.

8% of analysed websites had an HTTP homepage that didn't match its HTTPS version. While this isn't much of a problem for those websites that support HSTS, those that don't could find that they encounter page competition, traffic loss and poor placement.

At the certificate level, 2% had expired SSL (Secure Socket Layer) certificate, and 6% of websites had a certificate registered to the wrong name. SSL certificates are used to make sure a connection between browser and server is secure, and also stops information from being stolen.

It's out with the old, as 3.6% of websites had an old security protocol, and SNI-related errors accounted for 0.56% of websites.

And it's in with the new: The study found that 86% of analysed websites didn't support HSTS (HTTP Strict Transport Security), although the technology is relatively new.

Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Link image
Data is an organisation's most significant asset - here's how to protect it
Data resilience strategies are becoming more crucial as more value is ascribed to a company's data. If it's not stored securely and cost-effectively, expect problems.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More