Open Source CMS Brings Major Security Risks

When weighing the costs and benefits of various content management system (CMS) platforms, corporate leaders and IT managers consider many factors, especially cost and ease of use. All too often, leaders and managers put concerns over security at the bottom of the pile. When hackers strike an open source CMS platform, however, the costs quickly pile up — and become a major headache.

CMS platforms are an essential part of doing business in today’s economy. Companies large and small need these vital tools to manage their content. This can run the gamut from a collection of articles on a website to sensitive information about clients, much of which can be very valuable to hackers.

Open source software and platforms do not have the comprehensive security features that companies like QMS offer. By their very nature, open source software has no central leadership team to fix security flaws — and no one in the system has the incentive to close off dangerous security vulnerabilities.

This has led to widespread vulnerabilities across the top open source platforms. According to one report, as many as 73 percent of one popular open source CMS platform’s users have easily-identifiable security vulnerabilities. Just as important, hackers can easily understand the code that underpins these platforms, making it easy for them to find these vulnerabilities and exploit them.

Adding to the risk, the free plugins that many businesses find attractive are security vulnerabilities themselves. Because a different developer creates every plugin, additional security flaws can quickly arise when these are attached to a platform. The result is chaos — and a vacuum that hackers can easily fill.

For most corporate leaders and IT managers, the “free” label attached to open source CMS platforms is their most attractive quality. And it’s true that companies can find significant cost savings from adopting these platforms.

However, it’s important to consider that, when it comes to open source CMS platforms, you really do get what you pay for. With so many security vulnerabilities, open source CMS platforms can easily go from a corporate cost-cutting tool to a corporate disaster.

If hackers target your company, take your website offline, or compromise sensitive data, the result is an expensive mess. And the cost to clean up that situation is often significantly higher than the savings from switching to an open source CMS platform in the first place.

Consider, for instance, what happens when a company’s website goes down. Customers can’t access content, so they switch to other companies, costing businesses revenue. A prolonged outage can dent public perceptions of reliability and damage your brand. Worst of all, some outages are associated with viruses that install on clients’ and prospective clients’ systems. Clearly, the damage can be immense.

Many people naively think that hackers will never target their business. “Why would anyone hack my website?” is a very common question. But hacking is on the rise globally, and even small businesses are not immune.

Motivated by access to valuable information, a desire to cause mischief, or myriad other reasons, hackers are making their impact felt around the world. And they are frequently using open source CMS platforms to do so.

In April, for example, hackers affiliated with Islamic extremist groups attacked the websites of Australian small businesses. In the wake of these attacks, these hackers left behind extremist messaging and imagery.

While that case may seem extreme, it’s clear that hacking is affecting small business in Australia and around the world. No business, small or large, is immune.

Against that backdrop, open source CMS platforms — riddled with security vulnerabilities and without a central authority responsible for security — are a risk that businesses cannot afford.

At QMS, enterprise security is our top priority. Our dedicated team is constantly working to keep our platform secure and eliminate vulnerabilities that might affect our clients. As a testament to our commitment to enterprise security, QMS has repeatedly passed security and penetration testing carried out by large enterprise businesses that have hired our company.

We’re proud of that record of security and reliability. And our record is one that open source content management systems simply can’t match.

Article References:

https://securityintelligence.com/cms-hacking-2014-by-the-numbers/ 
https://www.incapsula.com/blog/cms-security-tips.html
http://www.abc.net.au/news/2016-04-15/pro-islamic-state-cyber-group-hack-websites-of-small-businesses/7329858