Risk Management July 14, 2015
By Dave McMillen < 1 min read

In today’s fast-paced business world there’s an ever-growing need for quick changes to web content. This used to be the responsibility of webmasters who created HTML code, JavaScript modules and plugins on the fly, but therein lay a fundamental problem: a crucial task depended on a small handful of people. The process had to be decentralized, so a new method was developed: the web content management system, or CMS.  Today, the most popular web CMS platforms – WordPress, Joomla and Drupal – account for 75 percent of the market, and it is common for one or more to be included as a standard feature of web hosting services. Their status attests to their popularity and effectiveness, but CMS platforms also have security issues.

This report, researched and written by the IBM Managed Security Services Threat Research group, examines how web content management systems are vulnerable to cyber attack and provides steps that can be taken to mitigate risks.

Read the complete research report: Understanding the risks of content management systems

Dave McMillen
Senior Threat Researcher, IBM X-Force

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he was part of a core team of six IBMers...

More from Risk Management
Risk Management   March 28, 2023

Remote Employees: Update Your Routers (and More WFH IT Tips)

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations regarding remote work.However, the truth is that most employees don’t think about their IT infrastructure until something goes wrong. In many cases, this can leave an employee stranded and unable to complete their tasks. In a worst-case scenario, this reactionary…

Risk Management   March 27, 2023

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

Risk Management   March 24, 2023

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Data Protection   March 23, 2023

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature
Your browser doesn't support HTML5 audio
Press play to continue listening
00:00 00:00