Benjamin Hosack
read

Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here.  A LOT of websites have not yet patched and are at risk of being hacked.

What is a Patch?

A patch is a minor software update released by software vendors to address functional or security issues in the older version of software. As can be seen with SUPEE-8788, the details of the issues addressed are listed by Magento so that admins can understand what is being addressed with the patch.

Why is Patching Important?

Patches are released to specifically address issues in the software – and when those issues are security issues, the patch is very important in order to effectively protect your online business from being exploited through the security vulnerabilities published with the patch.
Magento website security scan
As a digital forensic investigator, we assist a considerable number of websites that have been hacked and lost highly valuable information, including:

  • Client personal data
  • Payment Card Data

In a large proportion of cases, the website could have easily avoided having been hacked by simply keeping their patches up to date.

WebScan Statistics

Our latest WebScan statistics show the following:

  • 79% of the websites are At Risk using out of date software, specifically missing key security patches.
  • 23% are confirmed hacked and have credit card harvesting malware on their websites.
  • Only 20% have up to date software.

While patching does not prevent all hacks from occurring, it certainly ensures that your software is as secure as the vendors can make it.

If you’re unsure of your website’s current security status, please go ahead and check your site on WebScan.

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.