How pronounced is the risk of client-side attacks?
We analyzed thousands of the world's largest websites and you won't like the answer...
3rd party risk mitigation is a top cyber security concern. But are you focused on the risk introduced through your website supply chain? What does this risk look like and how are adversaries exploiting this supply chain as a vector of attack? Is this risk ubiquitous across the web, across your industry, does it represent a material risk to your organization?
Our research suggests that we have a problem that needs to be moved to the top of your priority list - and we'd like to give you a first look at a new report that draws from analysis of thousands of the top websites across the world. The data is eye opening and will be helpful in establishing a benchmark for your organization.
JavaScript is a programming language that allows developers to make the client-side portion of a web application faster, richer, and more interactive for users, often using 3rd party code from dozens of supply chain partners. While 3rd party script adds valuable application functionality at low cost, it is inherently risky. This is effectively shadow code running on your web properties, given 100% trust by default as opposed to the zero-trust you are striving for – and it is used in thousands of websites. It opens up a vector of attack that can lead to fraudulent transactions, stolen credit card information, pilfered PII, PHI and other forms of sensitive data - it makes client-side attacks possible.
Client-side attacks, such as formjacking, credential harvesting, digital skimming and Magecart, were first recorded in 2014, and have been on the rise ever since. This is an under-reported, over-looked and often neglected aspect of web app cybersecurity. As a result, client-side attacks are becoming more frequent (100s of client-side attacks in 2021 and already 100s in 2022). These attacks have cost some of the world’s largest brands tens of millions in security response costs and fines and judgements.
Watch this recording as we extract insights from a multi-industry report on the ubiquitous nature of client-side risk. Be the first to get a look at this data and receive the full report. We'll:
- walk through a quantitative analysis of the client-side code used by the world’s top 4,300 websites
- detail how this code is opening up the door to client-side attacks
- conduct an examination of types of client-side attacks
- provide an understanding of potential impacts on compliance
- give you benchmarks by industry to help you assess your own condition
