Narayan AmmachchiAround 92% of websites, including the ones run by distinguished brands, provide cyber attackers with access to customer data knowingly or unknowingly, according to a study by Silicon Valley-based cybersecurity firm Tala Securities.
According to the report, JavaScript, one of the major integrations in most websites, is in fact the weakest link and has many loopholes. Cybercriminals are making the most of this vulnerability.
There are many tools and solutions to fix it, yet site owners don’t seem to notice, according to the report.
Cyber-attacks have increased significantly ever since the coronavirus outbreak plunged the global economy into turmoil. Therefore, today sensitive data, like PII and credit card information, is at more risk than ever before, says the report.
“Every piece of code running on websites…….can modify, steal, or leak, information via client-side attacks enabled by JavaScript.” However, the report says, the majority of global brands have failed to deploy adequate security controls to guard against client-side attacks.
The authors of the report go on to say that sometimes legitimate applications leak or steal data without the knowledge of website owners.
JavaScript powers many features of a website, including images, style sheets, fonts, media, and content.
“JavaScript powers today’s rich, highly customized web experience and enables digital transformation across all industry sectors. The fact that it remains largely unguarded is both surprising and disappointing.” said Aanand Krishnan, Founder and CEO of Tala Security.
“Websites generate massive volumes of high-value data, making them a primary target for attackers. The fundamental issue with the way today’s websites are secured is that user data is greatly exposed to third-party applications and services and that data leakage is occurring even from trusted third-party resources.”
Add comment