How to Secure Your Website Against Data Leakage: A Look at Upcoming Threats in the New Year

November 4, 2019 - Ensighten

With a rapidly evolving threat landscape, we look at the biggest concerns for organizations in 2020 and how you can protect customer PII.

 

When it comes to today’s cyberthreat landscape, organizations are under attack from many different directions. Cyberattacks have grown exponentially in scope, scale and complexity in recent years.

Business leaders are so concerned by the current threat that European and North American executives recently named cyberattacks as the number one risk facing their business. The World Economic Forum (WEF)’s Regional Risks for Doing Business 2019 report notes that business leaders face “a very challenging portfolio of potential threats” and they should “re-evaluate their underlying view of the global risk environment and make greater efforts to strengthen their corporate agility and resilience.”

It is expected that 2019 will be the worst year on record for data breaches, with more than 3,800 incidents reported within the first six months of the year alone, up 54 percent on 2018. Out of those data breaches, three are included in the top ten largest of all time.

The most common cause of data exposure? Web-based attacks, accounting for 79 percent of incidents involving compromised records.

This is important as website security can often be overlooked as it happens ‘outside of the firewall’ of an organization. However, the effects of data leakage can be catastrophic – just ask any of the global brands that have made headlines for losing customer data over the past couple of years. They have encountered reputational damage, loss of business and market value, as well as facing the prospect of huge regulatory penalties.

This pressure will only intensify from January 1, 2020, when the California Consumer Privacy Act (CCPA) will take effect. Inspired by the European Global Data Protection Regulation (GDPR), the bill grants rights to California residents to be informed on how companies collect and use their data and allows consumers to request for their personal data to be deleted, among other protections.

To avoid crippling lawsuits, fines and brand damage, it is vital that any kind of data leakage is prevented and all areas of data collection comply fully with the CCPA mandates.

 

What can be done to prevent data leakage?

Firstly, organizations face a battle when it comes to preventing data leakage as hackers increasingly set their sights on ecommerce websites.

Digital Payment Card Skimming (DPCS), or formjacking, now accounts for most web breaches. This is where criminals inject malicious JavaScript code to steal credit card details and other information from the payment forms on checkout pages of ecommerce websites. According to F5 Labs, in 2019 formjacking payment cards made up 71 percent of web breaches, and 12 percent of known breaches in total. Worryingly, this looks set to continue into 2020 and beyond.

Third-party website technologies provide a common backdoor for cybercriminals to gain access to data collected via the website - through a chat bot, support app or shopping cart software for example. According to a 2018 survey by the Ponemon Institute, 59 percent of companies have experienced a data breach caused by one of their vendors or third parties.

However, there are solutions available and investing in a comprehensive website security solution now could save your company millions in lost business if you suffer a breach. Any solution should form part of a layered, holistic approach to cybersecurity – one that recognises the importance of web security as much as protecting the network.

Proactive monitoring and protection are essential. The Ensighten MarSec™ platform can monitor, identify and protect against data leakage and cyberattacks with real-time website monitoring that can check for and block unapproved technologies which could have unauthorized access to customer data.

The threat landscape will continue to evolve at a rapid pace in 2020, with the attack surface area spreading out to your client-facing applications. With the risk of cyberattacks the number one concern to businesses today, it is vital you act now to prevent the potentially disastrous effects of data leakage on your organization.