This keeps coming up over and over. The latest example is GoDaddy:
GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won’t face any immediate consequences for its many alleged acts of omission.
As one of the world's largest web-hosting companies, and a registry and registrar with about 82 million domain names in its care, one would assume GoDaddy would be adept at applying software updates and monitoring security-related events in its hosting environment to protect its millions of customers and the visitors to their websites from online threats.
But according to a Wednesday statement from the FTC, “GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats, and misled customers about the extent of its data security protections on its website hosting services.”
So what triple-propellorhead security tech did they miss? Basics like security log analysis tools, multi-factor authentication on login, missing security patches, and not maintaining an inventory of their systems. This is all Security 101. Actually, it may be Security Pre-K.
If you use GoDaddy's hosting you might want to consider an alternative.
3 comments:
Thanks for the info, we will be taking our site down post haste.
juvat
Juvat, this seems to be a long going problem. I wouldn't yank down your site, but rather plan a migration.
Moving it was what I meant to say.
Post a Comment