With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks - click-jacking, digital skimming, formjacking, defacement, "Magecart" - exists for any organization collecting sensitive data or conducting transactions through their web properties. Attacks of this type have done damage to some of the biggest brands in the world - costing household names like British Airways tens of millions - and they happen by the hundreds per month. Already in 2022, we've seen headlines of major client-side attacks like the one that hit Segway - potentially impacting nearly a million consumers.
This is an area of exposure introduced through your own code, and by your partners, that can only be addressed at the client-side. It remains widely unaddressed, as focus in website security to this point has been on securing the server side.
Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each.
Our Senior Supporter Presentation will be led by Source Defense. In Person & Live-streamed.
Answer Source Defense polling questions here: biz.bo/040679
Schedule a 1:1 meeting with Source Defense here: https://meetings.salesloft.com/sourcedefense/mariahbarton
Raffle prize: Garmin Dash Cam
Learn About Source Defense
Source Defense is a security, compliance and performance optimization platform for any website that collects sensitive data or is transaction oriented. It addresses a ubiquitous gap in the management of 3rd party digital supply chain risk with a zero-trust model that extends security beyond the network to the edge/client-side. Source Defense is the leader in what Gartner has dubbed “web application client-side protection.” The platform currently protects leading organizations in the financial, healthcare, hospitality, and retail markets from the threat of JavaScript based attacks such as Magecart, digital skimming, credential harvesting and click-jacking. Source Defense secures nearly one billion transactions and prevents nearly two billion compliance policy violations per quarter.
These attacks – introduced through both proprietary code and by the dozens of 3rd party supply chain partners typically found on these sites – represent a real and material risk. Hundreds of millions have already been lost in response costs, fines and judgements.
Consider the example of British Airways – whose own experience with a Magecart attack resulted in an initial $200m+ fine (reduced to $20m during the pandemic) for GDPR non-compliance, and the urgency of addressing this problem is clear. With a patented approach to prevention, Source Defense eliminates the threat of these attacks by extending security to the client-side (where JavaScript is executed outside of any server-side protections), brokering the access of both proprietary and 3rd party JavaScript, and applying tailored controls around sensitive data.
