Business-facing websites lag far behind consumer-facing websites in security and user experience, a study by analysis firm Quocirca has revealed.
Consumer-facing websites are typically ahead in areas such as continuous distributed-denial-of-service (DDoS) protection, fraud detection, threat intelligence, and security information and event management systems, according to the report commissioned by Neustar.
The report is based on interviews with 300 senior European IT managers on the challenges they face and the measures they take to ensure domain performance and security.
Almost all European organisations interact with customers online and all recognise security is important because an organisation’s online domain is an essential part of its overall reputation.
However, despite the potential brand damage if a website’s security is compromised, many business-facing organisations rely on outmoded malware defence and intrusion detection systems (IDS), the study showed.
Just 71% of business-facing organisations use continuous DDoS protection compared with 87% of consumer-facing businesses.
More on security and outsourcing
- Finding the best Siem system for an outsourced IT environment
- Preventing SQL injection attacks when using outsourced developers
- Outsourcing security services
- Security is top focus in outsourced healthcare identity management
- Outsourcing security issues: Managing outsourced software development
There is a 16% difference between the two groups of organisations when it comes to the use of fraud-detection technology, with just 66% of business-facing organisations deploying the systems available.
Exceptions were malware detection and blocking, as well as IDS, where levels of deployment were relatively high by both types of organisation.
Benefits of outsourced security services
In contrast, consumer-facing organisations show greater website maturity and are more likely to protect their online assets with outsourced, state-of-the-art cloud-based security services.
Having access to the excess capacity to provide emergency protection, for example during a DDoS attack, only really makes sense as an on-demand service, the report said.
“With their greater tendency to outsource management of on-demand services in general, consumer-facing organisations consider security to be part of a service-level agreement from their outsourcer and would not expect to pay for it separately,” said analyst and director at Quocirca Bob Tarzey.
Lessons can clearly be learned from consumer-facing organisations operating at the sharp end of cyber space
Rodney Joffe, Neustar
He believes the tendency of consumer-facing organisations to outsource services has helped to heighten their domain maturity.
“By outsourcing, the more mature consumer-facing organisations have, in effect, freed themselves of both technology and security burdens to focus on business issues,” said Tarzey.
The corporate focus needs to be about making it less appealing to cyber attack the business, and more appealing to go elsewhere, according to Neustar senior vice-president and technologist Rodney Joffe.
“Lessons can clearly be learned from consumer-facing organisations operating at the sharp end of cyber space.
“The key to protecting your online domain successfully is not to be able to outwit your cyber attacker, it is about outperforming your competitors with better protection, thereby reducing the return on investment for attackers,” he said.
Covering the UK, German and French markets, the Quocirca report concludes the modern consumer is an increasingly capricious individual who is growing less tolerant with poor service.
For this reason, the report said consumer-facing organisations have had their hands forced, compelling them to develop a more mature, robust online presence.