�
PREDICTIVE INTELLIGENCE
A perfect storm for supply chain attacks
Modern web architecture delivers a rich user experience , but it is also a perfect infrastructure for supply chain attacks . Aanand Krishnan , Founder and CEO , Tala Security , tells us why it matters and what you can do about it . oday ’ s websites
T are essentially a conglomeration of web-enabled assets , a massive global supply chain that nobody really thinks about as such . And that ’ s a Big Data security and privacy problem with explosive potential . Why ?
A significant portion of the sensitive customer data collected by enterprises is entered by the customer themselves , via a web browser . Think credit card details , social security numbers , address , ID , logins etc . Most enterprises are doing a fine job of securing that information after the customer has entered it , but what about what ’ s happening while they ’ re entering it ?
What you don ’ t know can hurt you
Many website owners seem unaware that the third-party JavaScript integrations powering their rich web experience are simultaneously exposing them to data theft and cyberattack . Whether it ’ s chatbots , marketing analytics or messaging , 58 % of the content that displays on customer browsers is delivered by third-party JavaScript integrations – a website supply chain operating outside the owner ’ s span of control in 98 % of websites , according to Tala Security ’ s Global Data at Risk : 2020 State of the Web Report .
What happens when these integrations share sensitive information with third , fourth , fifth-and-beyond parties outside your organisation ’ s control ? Even trusted , whitelisted domains like Google Analytics can be leveraged to exfiltrate data .
And that ’ s before we even think about cyberattacks like Magecart , credit card skimming , cross-site scripting ( XSS ): these attacks happen as your customer is entering their sensitive details . What makes them so effective is that they can go undetected for months or even years .
Everything happens in the browser ( the ‘ client-side ’), nothing impedes the transaction in any way , so the customer carries on , the retailer receives its payment and no one spots anything . Until they do .
The average website integrates almost 40 third-party JavaScripts , enabling a supply chain that has the potential to
Aanand Krishnan , Founder and CEO , Tala Security
The challenge for all businesses embracing Digital Transformation is that the trust ecosystem inevitably involves thirdparties .
become a perfect storm for enterprise data security and privacy .
When it comes to online transactions , trust is everything
• 62 % of consumers aren ’ t confident their personal data is secure with retailers .
• 52 % of customers who experienced fraud on their card said it left them with a negative perception of the retailer , even when it wasn ’ t the retailer ’ s fault .
The challenge for all businesses embracing Digital Transformation is that the trust ecosystem inevitably involves third-parties : the products and services behind the chatbots , analytics tools and marketing services . www . intelligentciso . com
33