Endpoint Security: Could CMSs Pose Problems?
In today’s fast-paced business world – especially in retail, where products change daily, even hourly – there’s an ever-growing need for quick changes to web content.
And in the current e-commerce climate, the barrier for bringing a product to market is so low that many companies rely on unverified plug-ins and outdated CMSs instead of trained developers, according to Catania.
Unverified, Untested Plug-ins, and Endpoint Security
If CMSs could pose endpoint security problems, unverified plug-ins may be a large part of the problem. And the problems may seem particularly acute when it comes to e-commerce sites. Software supply-chain security is only as good as the weakest link.
“Mentioning e-commerce systems, automated imports from vendor sites have recently become popular, and they could be built into the CMS or in the form of a plug-in,” said Nikolai Tenev, enterprise applications developer and CEO of DigidWorks, a development agency and provider of enterprise and management software. “This is dangerous because the site you’re importing from might have bad data in its database.”
Keep in mind, Tenev says, that plug-ins are a lot less tested and inspected for bugs and intentional hacks. So MSSPs could easily see why they are a potential threat when operating websites for customers. And in most cases, plug-ins are developed by third parties. So they could have embedded malware, like a cryptominer, for example.
Credential Stuffing and Endpoint Security
And while CMSs could pose endpoint security problems for content management personnel generally, high-level administrators could be at an even greater risk with their larger public profiles, which makes them appealing phishing targets. This would not be as big a problem if they practiced prudent password protocols, but they’re only human after all, and tend to reuse their credentials.
“Administrators themselves are the greatest risk of WCMS platforms,” said Michael Wilson, CTO at Enzoic, cybersecurity and fraud prevention specialists. “They reuse login credentials on different systems and make them easy for hackers to guess. This allows attackers to …