As part of the ongoing battle for eyeballs, marketing departments implement tracking technologies that encroach on customer privacy, while digital assets are cobbled together from third-party technology to accelerate time-to-market.
There are hundreds of companies providing website testing, engagement tracking, social tracking, content creation, etc. Most of them are startups that rely on Amazon Web Services (AWS) for IT, or have outsourced the creation of some, if not all, of their production code. These companies invest heavily in engineering, marketing and sales – and know little about cyber security.
For instance, hundreds of leading online brands use a social engagement tracking service called Gigya, which suffered a breach in 2014 that gave hackers access to their DNS. Instantly, thousands of sites connecting to Gigya, including NHL.com and NBC.com, were temporarily under control of the Syrian Electronic Army (SEA).
The downstream effect of these types of breaches, which can impact tens, hundreds, or even thousands of web properties, can be devastating from both a reputational and liability standpoint if they result in monetary fraud or leaked personal information.
According to a recent Ponemon report, almost 69% of consumers have left a website because of security concerns.
In fact, two-thirds of the time, consumers blamed security when they had a poor experience on a brand’s website. Specifically, 67 percent said they lose trust in a site when pages load slowly, and 3 out of 4 worry about security when site performance is sluggish.
The bottom-line for website operators is clear, consumers measure a brand’s online presence based on the performance and safety they experience, even though third-party providers like Gigya may be the source of problems that affect consumers.
While responsibility for protecting corporate digital assets falls squarely on the shoulders of IT security teams, their control and administration falls in a grey area. Marketing generates digital assets, but is not responsible for the cyber security behind campaigns, lead gen, tracking, etc.
The challenge for IT security is ensuring that digital assets including websites and apps, even those that use third party services, are safe for consumers to visit and download. This is a new and more difficult mission, and one that greatly impacts the bottom line of any business.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...