What Is Marketing Security?

Why marketing security is your first line of defense against data leaks

Your website is one of your business’ most valuable assets. It not only provides a powerful tool for engagement with customers – and potential customers – it is a powerful marketing platform and a source of data into user behavior, preferences and Personally Identifiable Information (PII).

For a marketer, the more data you can gather on visitors to your website, the better you can craft campaigns and target individuals. Moreover, you may be entrusted with sensitive customer data such as names, addresses, credit card details, passwords and other personal information.

The massive threat of data loss

With the volume and value of customer data under the spotlight, the risk of data loss and data leaks looms large. Unfortunately, in 2019 all enterprises that collect data online are still vulnerable to cyberattack. The threat is now so prevalent that in its Global Risks Report, the World Economic Forum (WEF) recently put large-scale cyberattacks as the fifth biggest threat facing our world today, ranking only three places down from climate change.

In addition, 82 percent of companies that the WEF questioned believe the risk of cyber-attacks leading to data theft and data leakage will increase in 2019.

Elsewhere, the 2019 Thales Data Threat Report – Global Edition says 60 percent of organizations globally have already experienced a data breach at some point in their history, with 30 percent experiencing a breach within the past year alone. The US had the highest number of data breaches of all breaches globally in the last three years (65 percent) as well as in the last year (36 percent).

What are the threats to your website?

While much of the current talk around the importance of cybersecurity focuses on securing the company network, some of the biggest breaches in recent years have occurred after an organization’s website was compromised, leading to valuable data being stolen. This is due, in part, to websites – and website security – falling under the remit of the marketing department as opposed to the IT team and website secuirty not being something marketing departments are tasked with solving. This is an oversight that cyber criminals can readily exploit.

It is vital that all businesses are aware of the vulnerabilities across their marketing platforms and can prevent or mitigate risk effectively.

Formjacking (Magecart’s MO)

We’ve all heard how criminals can use a device to ‘skim’ your credit card details from an ATM; formjacking is a web-based equivalent of this. Also called digital payment card skimming (DPCS), hackers inject malicious code onto a website – often through a third-party technology – and harvest customers’ financial information when they make an online purchase.

At the heart of these attacks is a consortium of hackers called Magecart, which in 2018 executed numerous high-profile attacks on the likes of Ticketmaster, along with retailers Newegg, Kitronik and VisionDirect.

An average of almost 5,000 websites per month fell victim to a formjacking attack during 2018, according to the 2019 Symantec Internet Security Threat Report.

Cryptojacking

The most common type of cyberattack in 2018; cryptojacking sees hackers inject browser-based cryptomining code into a website to illegally mine for cryptocurrencies. This is causing significant problems for any business, as cryptojacking impacts website availability and performance, which can lead to a loss of customer conversion and revenue.

Both formjacking and cryptojacking follows a trend of web-based hacking, meaning the user no longer needs to download malicious software to be impacted by it.

Third-party entry system

Access to websites often happens via a third-party vendor or supplier – Ponemon research shows 59 percent of companies have experienced a data breach caused by one of their third parties. In the case of Ticketmaster, Magecart exploited a chatbot from a third-party customer support company, via an injection of malicious JavaScript.

For a marketer, third-party tags or code like social media buttons, ad trackers and chatbots are useful for improving and tracking the customer experience, but they can also throw a wide door open to cyberattacks and data leaks.

Fallout of a data breach

At the same time, regulatory pressure and financial penalties are increasing for data loss. The post data-breach fallout may also include business disruption, class-action lawsuits, executive firings, reputational damage and diminished market value of the organization.

However, compliance rates for Payment Card Industry Data Security Standard (PCI DSS) – the standard for organizations that handle branded credit cards – are falling. Verizon’s 2018 Payment Security Report reveals that almost half of organizations assessed were not fully compliant, and that the average number of controls failed rose to the highest level seen since 2012.

What can I do to secure my website from hackers and data leaks?

Forty-one percent of enterprises have already experienced a marketing security incident. To prevent this happening to your organization, it is essential to ensure that your website, and any sites it interacts with to process transactions (such as secondary payment processors), are protected from a potential injection of malicious JavaScript.

Ensighten’s website security solution (MarSec™) offers real-time control of business and customer data on your website or web properties and apps, to prevent leakages of data and PII. It enables your company to cut through the confusion of third-party suppliers and gain insight into who has access to what customer data. MarSec™ also ensures that data stays private, secure and that governance is enforced, preventing exposure and risk.

Website Security offers:

• Data leak prevention: Inspects the onward content contained within JavaScript requests
• Third-party technology control: Allow only approved vendors to operate, as well as help manage and update policies in real time
• Data Masking and redaction: Mask or redact sensitive data strings
• Client-side security control: Extends protection beyond the company network to potential vulnerable areas that can be overlooked

With a real-time website security strategy and enforcement tools, enterprises can prevent data leakage and unauthorized access to customer data via malicious JavaScript injection, formjacking and other client-side attacks. This ensures every aspect of your business is secure, providing you with complete peace of mind and protection for your organization.