Specialists from the Swiss company ImmuniWeb conducted an analysis of the cybersecurity level of the 100 world’s largest airports (in Asia, Europe, North America, Australia, Africa and South America). According to the study, 97 of the 100 largest airports in the world use vulnerable sites and web applications and may be subject to other security threats.
These threats are associated with vulnerable web applications and mobile programs, improperly configured public cloud services, or data leaks.
97% of airport sites run on outdated software, 24% contain known and exploited vulnerabilities, 76% and 73% of websites do not meet the GDPR and PCI DSS standards, respectively, and 24% do not have SSL encryption or use the outdated SSLv3 protocol.
Assessing the security level of the main websites, experts assigned a maximum rating of A+ (not a single problem was found) to only three airports, 15 received a rating of A (some small problems), 11 – B (a number of small problems), 47 – C (vulnerabilities and serious problems ) and 24 – F (known and exploited vulnerabilities). 53 sites operated on outdated software, 38 contained vulnerable components, 10 used an outdated content management system, and 6 used vulnerable CMS.
Regarding web application firewalls (WAFs), only 55% of the main websites and 40% of the subdomains of the world’s largest airports are protected by WAFs.
A cloud service scan revealed Amazon Web Services S3’s public cloud storage at 12 airports. Three airports used unprotected buckets, which contained a significant amount of confidential data.
During the study, the experts identified the 3 safest international airports that successfully passed all the checks: Amsterdam Schiphol Airport, Helsinki-Vantaa Airport and Dublin Airport.
It is also worth noting that last year state hackers attacked companies more often than before – and airports are the most important infrastructure objects: in the era of active cyber warfare, air passengers can become hostages of cyber-terrorist states.
How to Reduce the Risks (ImmuniWeb recommendations):
- Implement a continuous security monitoring system with the detection of anomalies to spot intrusions, phishing, and password re-use attacks.
- Run a continuous discovery and inventory of your digital assets, visualize your external attack surface and risk exposure with an Attack Surface Management (ASM) solution enhanced with Dark Web and code repositories monitoring.
- Implement a holistic, DevSecOps-enabled application security program to test and remediate your web and mobile applications, APIs and OSS in a timely manner.
- Implement a third-party risk management program encompassing continuous monitoring of your vendors and suppliers going beyond a paper-based questionnaire.
- Invest into security awareness of your personnel, explain the risks of using professional emails on third-party resources, gamify anti-phishing training and reward the best learners.