All it takes is one rogue script
Just like in other industries, attacks that use an organization’s website as a point of entry are common. However, what makes the online media and content publishing industry unique is the fact that the sector itself can serve as a vector for launching attacks, due to the large number of people who use its services. Another difference is that hackers want to take down media targets because it brings them a lot of attention. They may not have a lot of money but they have another important currency – information. A bigger concern for media and content publishers is that hackers could opt to spread misinformation, or so-called “fake news.” The risk remains, especially as media and content publishers often get the news before it is technically news. Information that was under embargo or a non-disclosure agreement would certainly be the holy grail for hackers who understand the value of knowing tomorrow’s news, today.
Hardly any other industry is going through digital transformation as deep as media and content publishers:
- 72% of all media companies are changing their business model in order to keep up with the digital revolution – compared with an average of only 64% in the rest of the economy.
- 85% of media companies are adapting their existing products and services, and 80% are offering completely new ones. For comparison: in the overall market, the numbers are only 57% and 40%, respectively.
Media and content publishers live and die at the hands of traffic and user engagement. They therefore have to offer an optimized user experience. Whether they are using a desktop, tablet and mobile devices, users must be able to navigate the website smoothly, to know at each point where they are and to be able to clearly understand the structure. Every click and view results in massive amounts of data, which offers media and content companies a competitive advantage and unique insights. Sadly, it is also a magnet for cyber criminals.
Over the past decade, dozens of media companies, ranging from prestigious publications to social media platforms, have seen company and private user data exposed. One reason is that billions of people have accounts with media companies. As more and more people consume their news online, the ground for cybercriminals continues to expand. Another reason is that media companies often rely on external vendors. Even if the media companies themselves are confident in their security processes, it is hard to track how safe 3rd parties are.
There are many different types of attacks aimed at online media and content publishers:
- Payment card skimming
- Form field manipulation
- Web injection
- Content defacement
- Malware and ransomware distribution
- Watering hole attacks
Formjacking is The New #1 Threat
Formjacking and Magecart attacks can be very wide-ranged and affect millions of people at once, or they can be highly targeted and affect a very specific group of people. This is also one of the reasons why they are so difficult to detect.
The major implications of such attacks include:
People’s personal data is just that – personal. When media and content publishers fail to protect it from loss, damage or theft it is more than an inconvenience. That’s why laws and regulations are very clear – when you are entrusted with personal data, you must look after it. Every website in the media and content landscape is required to meet certain standards in order to be considered “in compliance,” and fines can be levied against a business or its owner if they fail to comply.
If breached, a business has a whole host of other problems that will impact its bottom line. This usually involves hiring additional personnel to investigate the breach, stop it, and prevent it from happening in the future. The business may have to pay for a forensic investigation, data recovery services, credit monitoring for impacted parties, and more.
Media and content publishers are heavily dependant on the trust of their customer base, particularly when it comes to acquiring new customers. This is because they know that these customers can easily leave: a data breach is a quick way to convince customers to go elsewhere, where their personal information or other sensitive data will be secure. Surveys reveal that 64% of consumers confess to be unlikely to do business again with a company from which their personal data was stolen.
Customers put a lot of trust in the online media and content publishers they interact with. Earning customers’ trust is crucial for maintaining a long-lasting relationship, and once lost, earning it back is a very difficult task.
Damage to brand reputation:
To protect the brand and ensure a safe browsing experience, online media and content publishers must establish and maintain a strong website security posture. Reputation is a fragile thing – it takes years to build, and moments to destroy. When a breach occurs, the target audience feels betrayed and angry. The initial cost can be seen in the form of lawsuits, but there is a far greater cost that can last years. Furthermore, this can negatively affect the business reputation of each person on the executive team and hinder their future endeavors. Stocks drop, the team is affected, and revenues plummet. Unlike a fine, which can be paid and forgotten, reputation cannot be fixed so easily.
With attacks on media and content publishers on the rise, ensuring that your customers’ personal information is protected should be a priority if you want to avoid the implications of a data breach. Contact us to learn how the Source Defense V.I.C.E real prevention solution will protect your website from the growing threat of Magecart, Formjacking, and other digital skimming cyberattacks:
- Isolating scripts from the page
- Evading harmful activities
- Applying best practices
- Securely enhancing websites
- Keep benefiting from 3rd parties
ABOUT SOURCE DEFENSE
Source Defense helps online retailers balance superb customer experience with critical security, without compromising website performance or stability. We create virtual pages that isolate the 3rd party scripts from the eCommerce website. The virtual pages are an exact replica of the original pages, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original page. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the eCommerce website owner, alerting them of the 3rd party scripts that violated their security policy.