Why marketing security is your first line of defense against data leaks
Your website is one of your business’ most valuable assets. It not only provides a powerful tool for engagement with customers – and potential customers – it is a powerful marketing platform and a source of data into user behavior, preferences and Personally Identifiable Information (PII).
For a marketer, the more data you can gather on visitors to your website, the better you can craft campaigns and target individuals. Moreover, you may be entrusted with sensitive customer data such as names, addresses, credit card details, passwords and other personal information.
The massive threat of data loss
With the volume and value of customer data under the spotlight, the risk of data loss and data leaks looms large. Unfortunately, in 2019 all enterprises that collect data online are still vulnerable to cyberattack. The threat is now so prevalent that in its Global Risks Report, the World Economic Forum (WEF) recently put large scale cyberattacks as the fifth biggest threat facing our world today, ranking only three places down from climate change.
In addition, 82 percent of companies that the WEF questioned believe the risk of cyber-attacks leading to data theft and data leakage will increase in 2019.
Elsewhere, the 2019 Thales Data Threat Report – Global Edition says 60 percent of organizations globally have already experienced a data breach at some point in their history, with 30 percent experiencing a breach within the past year alone. The US had the highest number of data breaches of all breaches globally in the last three years (65 percent) as well as in the last year (36 percent).
What are the threats to your website?
While much of the current talk around the importance of cybersecurity focuses on securing the company network, some of the biggest breaches in recent years have occurred after an organization’s website was compromised, leading to valuable data being stolen. This is due, in part, to websites – and website security – falling under the remit of the marketing department as opposed to the IT team and website secuirty not being something marketing departments are tasked with solving. This is an oversight that cyber criminals can readily exploit.
It is vital that all businesses are aware of the vulnerabilities across their marketing platforms and can prevent or mitigate risk effectively.
Formjacking (Magecart’s MO)
We’ve all heard how criminals can use a device to ‘skim’ your credit card details from an ATM; formjacking is a web-based equivalent of this. Also called digital payment card skimming (DPCS), hackers inject malicious code onto a website – often through a third-party technology – and harvest customers’ financial information when they make an online purchase.
At the heart of these attacks is a consortium of hackers called Magecart, which in 2018 executed numerous high-profile attacks on the likes of Ticketmaster, along with retailers Newegg, Kitronik and VisionDirect.
An average of almost 5,000 websites per month fell victim to a formjacking attack during 2018, according to the 2019 Symantec Internet Security Threat Report.
The most common type of cyberattack in 2018; cryptojacking sees hackers inject browser-based cryptomining code into a website to illegally mine for cryptocurrencies. This is causing significant problems for any business, as cryptojacking impacts website availability and performance, which can lead to a loss of customer conversion and revenue.
Both formjacking and cryptojacking follows a trend of web-based hacking, meaning the user no longer needs to download malicious software to be impacted by it.
Third-party entry system
For a marketer, third-party tags or code like social media buttons, ad trackers and chatbots are useful for improving and tracking the customer experience, but they can also throw a wide door open to cyberattacks and data leaks.
Fallout of a data breach
At the same time, regulatory pressure and financial penalties are increasing for data loss. The post data-breach fallout may also include business disruption, class-action lawsuits, executive firings, reputational damage and diminished market value of the organization.
However, compliance rates for Payment Card Industry Data Security Standard (PCI DSS) – the standard for organizations that handle branded credit cards – are falling. Verizon’s 2018 Payment Security Report reveals that almost half of organizations assessed were not fully compliant, and that the average number of controls failed rose to the highest level seen since 2012.
What can I do to secure my website from hackers and data leaks?
Ensighten’s website security solution (MarSec™) offers real-time control of business and customer data on your website or web properties and apps, to prevent leakages of data and PII. It enables your company to cut through the confusion of third-party suppliers and gain insight into who has access to what customer data. MarSec™ also ensures that data stays private, secure and that governance is enforced, preventing exposure and risk.
Website Security offers:
- Third-party technology control: Whitelist only approved vendors to operate, as well as help manage and update policies in real time
- Data Masking and redaction: Mask or redact sensitive data strings
- Client-side security control: Extends protection beyond the company network to potential vulnerable areas that can be overlooked