Some of the most egregious findings were:
97 percent of the websites contain outdated web software.
24 percent of the websites contain known and exploitable vulnerabilities.
76 percent and 73 percent of the websites are not compliant with GDPR and PCI DSS, respectively.
100 percent of the mobile apps contain at least five external software frameworks.
100 percent of the mobile apps contain at least two vulnerabilities.
This translated into 47 percent of the airports studied receiving a C grade, meaning there were security vulnerabilities or several serious misconfigurations found; 11 percent got a B, several minor issues or insufficient security hardening; 14 topped out with an A or A+ with the latter meaning there were no issues and the former only a few minor problems discovered.
When it comes to cybersecurity Amsterdam, Helsinki and Dublin were ranked the three safest airports by Immuniweb, but overall these facilities fared poorly when it came to protecting their websites, mobile platforms and systems. The study found 97 of the world’s 100 largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, dark web exposure or code repositories leaks.