He said that the figure could be as high as 90% because of the lack of security in HTML pages. Hare-Brown cited a statement from analyst firm Gartner that in the future 75% of attacks will be launched via the Web, rather than from inside companies.
Hare-Brown advised firms to run regular penetration tests and look to external security systems to address this weakness. The browser can be a hacking tool when it has a feature that allows users to examine the HTTP scripting for Web pages. He said, "The Web site needs a protective mechanism in place to mitigate risk. It needs to be easily updated because new vulnerabilities appear as new features are added to existing pages."
Ed Barlow, technical director of application layer security specialist KaVaDo, said companies tend to deploy Web pages with scant regard to security.
He warned that cut-and-paste code from hacker sites can allow even low-grade hackers to gain administrator rights on some systems, which could leave firms open to prosecution under the data protection legislation.