Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
May 9, 2019
Research finds 11.5 percent of sites that capture Personally Identifiable Information (PII) are doing so insecurely, potentially breaching GDPR guidelines
LONDON, UK – May 09, 2019 – One year after the EU General Data Protection Regulation (GDPR) went into effect, RiskIQ, the digital attack surface management leader, has discovered that 1 in 10 PII capturing websites belonging to the top 10 UK financial services organizations are still doing so without adequate security measures, potentially breaching GDPR guidelines. While this is down from the 27 percent of sites identified a year ago, it is still far from the required 0 percent.
Across 48,949 active websites, RiskIQ research found that out of 4,512 sites capturing PII through data entry points accessible by site visitors, 11.5 percent of these sites (522 sites) are capturing PII insecurely. This equates to an average of 52 sites per organization.
A PII capturing website is one which accepts user input that can identify an individual. Examples of PII include input data such as name, address, date of birth, email address and login credentials. In addition to web pages with data entry fields, the research also extends to pages with iframes and pop-up windows that populate during a browser session and accept data. RiskIQ identifies these by referencing the Document Object Model (DOM) of each page of a web site. This method is language agnostic and identifies PII capture regardless of the site language.
RiskIQ research found:
Insecure sites are defined as those websites that capture data in clear text using the HTTP protocol or sites with certificate issues, such as expired certificates, misconfigured certificates or using old and untrusted certificates. The findings highlight one of the key challenges businesses face in the protection of PII, as required by GDPR.
“This research shows that organizations are continuing to make progress in ensuring that personal data entered online is collected in a secure manner,” said Fabian Libeau, VP EMEA at RiskIQ. “However, that we still see instances serves to highlight that there is more to be done. Most organizations are continuing to expand their web presence and it’s vitally important that they maintain a complete inventory of those sites and the PII collecting pages they contain.”
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Venture. Visit https://www.riskiq.com or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/
© 2019 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.
Front Lines Media