Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk - and security effectiveness is declining.
The global pandemic has seen the web take center stage. Banking, retail, lifestyle and healthcare are just some of the sectors that have seen large spikes in traffic, a trend that’s expected to become permanent.
But how well equipped are the world’s top websites to defend against the accompanying surge in client-side attacks? New research by Tala indicates a troubling lack of the security controls needed to mitigate the risk of data leakage.
Key findings from the Global Data at Risk: 2020 State of the Web Report are cause for concern:
Unintentional data exposure is increasing
In real terms, significant volumes of sensitive data are at risk from both theft and data leakage - and effective controls are rarely applied. For example, our analysis indicates that form data exposure is growing, despite multiple high-profile breaches:
- Form Data, found on 92% of websites, expose data to an average of 17 domains - 10X more than intended.
To the casual observer, the phrase ‘form data’ might not sound too serious but this is PII, credentials, card transactions, medical records...the kind of data you’d reasonably expect to be accessible to a website owner’s servers, and perhaps a payment clearing house - not unintentionally to multiple third-party integrations. Finding a number nearly 10x greater is shocking. This seeming lack of awareness provides some insight into how and why attacks like Magecart, formjacking and card skimming continue largely unabated.
Standards-based security controls can prevent client-side attacks, but our research shows that they’re not widely deployed: just 30% of the Alexa top 1000 websites had implemented security policies and, of these, only 1.1% were found to have effective security in place, an 11% decline from 2019.
Where do we go from here?
Tala Security protects hundreds of millions of browser sessions every month from critical and growing threats, such as data leakage, cross-site scripting (XSS), Magecart, website supply-chain attacks, clickjacking and others. It does this by automating the deployment and dynamic adjustment of browser-native, standards-based security controls such as Content Security Policy (CSP), Subresource Integrity (SRI), HTTP Strict Transport Security (HSTS) and other web security standards.
The activation of browser-native security controls provides comprehensive security without requiring any changes to the application code and almost no impact to website performance. Tala serves large website operators in verticals such as financial services, online retail, payment processing, hi-tech, fintech and education.
To understand your risk exposure to Data Leakage including Magecart and other client-side vulnerabilities request a free comprehensive website risk assessment or demo today to gain thorough insight into how these threats impact your website and web applications today.
Download your copy of Global Data at Risk - 2020 State of the Web Report today!