1. Security
June 9, 2017updated 12 Jun 2017 9:57am

News and sports websites are under threat from cyber criminals

News and sports websites have poor levels of security against hackers compared to non-media industries, according to a report published on Friday in the Journal of Cyber Security Technology.

The research revealed that less than 10 percent of news and sports websites use basic security protocols such as HTTPS and TLS.

A team cyber-security experts analysed the security protocols used by the top 500 sites in various industries and online sectors.

“As time goes by, all encryption gets weaker because people find ways around it,” professor Alan Woodward, a cyber-security expert at the University of Surrey, told the BBC.

“We tested the University of Surrey’s website using a site called Security Headers a couple of weeks ago and it got an A,” he explained, “but it’s only a C now,” he added.

What type of websites have adopted the best and worst security protocols?

Financial organisations as well as technology companies ensured that they were well-protected against cyber criminals.

“In the financial sector, almost every one of the sites we looked at had encrypted links”, professor Woodward said, “but even in retail the adoption of the very latest standards is low.”

The report found that just 25 percent of e-commerce websites used Transport Layer Security (TLS) software, which provides tools including digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors.

However, fewer than 8 percent of news and sports websites had adopted TLS, the report said.

Some of the most sophisticated security software available, such as HSTS, which automatically diverts users away from accessing an unsecured version of a website on to the encrypted version instead was adopted by hardly any news or sports websites.

“It’s like news and sport content providers don’t value the security of their content,” professor Woodward noted.

“They’re leaving themselves vulnerable to attacks like cross-site scripting, where an attacker can pretend something’s come from a website when it hasn’t.”

On Thursday, the al-Jazeera media network, a Qatar-based broadcaster was hit with a “cyber attack on all systems, websites and social media platforms.”

“There were attempts made on the cyber security of Al Jazeera but we are combating them and currently all our entities are operational,” said a senior al-Jazeera employee told Reuters.