sb-as logo
Story image

It's time to pick up the pace on HTTPS encryption, survey finds

30 May 2017

Less than half of internet sites support HTTPS, despite it being a 'must have' for all businesses, according to a new report from web optimisation provider SEMrush.

The company conducted data on 100,000 anonymous websites and 45% of them supported HTTPS. While the sample was small, many of them supposedly used the secure protocol.

9% of those websites still had insecure pages with password input fields - even though Google requires that any website that collects passwords should be encrypted.

The company says that even minor errors in HTTPS implementation can cost them in user security factors and Google attention.

Last year Google announced that as of January this year, Chrome started marking HTTP pages that collected passwords or credit cards as non-secure, as part of an effort to mark all HTTP sites as non-secure.

That implementation can come down to using mixed content, which means that browsers will warn users about loading insecure content, which can impact the user experience and user confidence. 50% of all analysed websites fell into that trap.

The company also found that 50% of websites that were moving to HTTPS still included errors through internal links to HTTP pages.

8% of analysed websites had an HTTP homepage that didn't match its HTTPS version. While this isn't much of a problem for those websites that support HSTS, those that don't could find that they encounter page competition, traffic loss and poor placement.

At the certificate level, 2% had expired SSL (Secure Socket Layer) certificate, and 6% of websites had a certificate registered to the wrong name. SSL certificates are used to make sure a connection between browser and server is secure, and also stops information from being stolen.

It's out with the old, as 3.6% of websites had an old security protocol, and SNI-related errors accounted for 0.56% of websites.

And it's in with the new: The study found that 86% of analysed websites didn't support HSTS (HTTP Strict Transport Security), although the technology is relatively new.

Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More