It’s time to get out of the box on the server side: stop leaving the client side open to attack
By source of defense
Cybersecurity’s historic obsession with server-side security blinds too many organizations to an attack vector that has the potential to destroy customer trust, ruin brands, and cost tens to hundreds of millions of dollars. in fines and judgments.
In 2020 alone, there were 425 such attacks per month. It is an almost ubiquitous threat vector that affects over 95% of websites worldwide. Sounds like another hornet’s nest to deal with, right? It is, but closing that gap is probably the easiest thing you’ve ever tackled in your career.
The COVID-19 pandemic has ushered in a new normal where consumers are flocking online to conduct financial business, e-commerce, book travel, plan leisure, and more. And with the barrier of entry for cybercriminals being so low, the volume and pace of customer-side attacks will only heat up. Now is the time to consider client-side security and protection of web applications against these attacks.
Since the first reported Magecart attack in 2014, there have been millions of successful client-side attacks. In 2018, client-side attacks were up 72% year over year. Today, client-side attack kits can be purchased on the dark web and their complexity has increased dramatically, resulting in a steady rhythm of alerts and warnings from the FBI, PCI Council, and Department of Homeland Security.
To date, the list of victims of client-side attacks reads like a who’s who of online brands in e-commerce: Macy’s, Ticketmaster, BestBuy, British Airways, Claire’s, Warner Music and Mission Health, among others. No organization, regardless of industry or security budget, is immune to client-side attacks. Why?
Firewalls and WAFs are not enough – Source Defense offers the solution
With Source Defense Protect, you have a simple, effective, easy-to-deploy, and easy-to-manage solution to the client-side security problem.
Source Defense forces third-party scripts to load in an isolated virtual page on the client side. This isolation allows third parties to behave in a controlled environment, allowing Source Defense to allow or deny behavior based on the best security protocols, data privacy policies, and standardized rules we have in place.
Virtual pages are an exact replica of the original pages, excluding what third parties are not meant to see. We monitor all third-party scripting activity on virtual pages. If the activity is within the limits of what they are authorized to do, we will transfer it from the virtual page to the original page. If not, we’ll keep their activity on the virtual pages isolated from the user and send a report to the e-commerce website owner, alerting them to third-party scripts that have violated their security policy.
With client-side attacks on the rise, ensuring that your customer’s payment and personal information is protected should be a priority if you want to avoid the implications of a data breach.
Source Defense Protect can protect your website against the growing threat of Magecart, Formjacking and other digital skimming cyberattacks:
- Isolate scripts from the page
- Avoid Harmful Activities
- Apply best practices
- Improving Websites Safely
- Continue to benefit from third parties
The message It’s time to think outside the box on the server side:
Stop Leaving the Client Side Open to Attack appeared first on Source Defence.
*** This is a Security Bloggers Network syndicated blog from Blog – Source Defense written by [email protected]. Read the original post at: https://sourcedefense.com/resources/its-time-to-think-outside-the-server-side-boxstop-leaving-the-client-side-wide-open-to-attack/