Secure Your Content

Secure Your Content

Prevent Defacement

Prevent Defacement

Prevent Malvertising

Prevent Malvertising

Prevent User Hijacks

Prevent User Hijacks

All it takes is one rogue script

Just like in other industries, attacks that use an organization’s website as a point of entry are common. However, what makes the online media and content publishing industry unique is the fact that the sector itself can serve as a vector for launching attacks, due to the large number of people who use its services. Another difference is that hackers want to take down media targets because it brings them a lot of attention. They may not have a lot of money but they have another important currency – information. A bigger concern for media and content publishers is that hackers could opt to spread misinformation, or so-called “fake news.” The risk remains, especially as media and content publishers often get the news before it is technically news. Information that was under embargo or a non-disclosure agreement would certainly be the holy grail for hackers who understand the value of knowing tomorrow’s news, today.

Hardly any other industry is going through digital transformation as deep as media and content publishers:

  • 72% of all media companies are changing their business model in order to keep up with the digital revolution – compared with an average of only 64% in the rest of the economy.
  • 85% of media companies are adapting their existing products and services, and 80% are offering completely new ones. For comparison: in the overall market, the numbers are only 57% and 40%, respectively.

Media and content publishers live and die at the hands of traffic and user engagement. They therefore have to offer an optimized user experience. Whether they are using a desktop, tablet and mobile devices, users must be able to navigate the website smoothly, to know at each point where they are and to be able to clearly understand the structure. Every click and view results in massive amounts of data, which offers media and content companies a competitive advantage and unique insights. Sadly, it is also a magnet for cyber criminals.

Over the past decade, dozens of media companies, ranging from prestigious publications to social media platforms, have seen company and private user data exposed. One reason is that billions of people have accounts with media companies. As more and more people consume their news online, the ground for cybercriminals continues to expand. Another reason is that media companies often rely on external vendors. Even if the media companies themselves are confident in their security processes, it is hard to track how safe 3rd parties are.

Given the digital transformation that the media and content publishing industry is undergoing, user experience and a feature-rich website are very important. Websites in the industry, therefore, rely on an ever-expanding ecosystem of 3rd party suppliers to enhance and personalize user experience, increase engagement, track their customers’ journey and behaviors, and so on. These 3rd party tools offer great benefits, but also provide attackers with an attractive gateway for malicious activities such as Formjacking, Magecart, JS Skimming and more. Malicious code may be injected into your website or run on end-users’ browsers without their knowledge. The more such tools are used, the more risks media and content publishers’ websites take. Instead of hacking the websites themselves, hackers often attack the 3rd party plugins and use their Javascript to hitchhike onto the website. Checking the security perimeter of any media and content publisher website is simply not enough. A website is affected by the security perimeter of all of the 3rd party tools it uses – and it has no control over what’s happening outside the 3rd party circle: there are 4th, 5th and 6th party circles that most website owners are not even aware of. 

There are many different types of attacks aimed at online media and content publishers:

  • Payment card skimming
  • Keylogging
  • Form field manipulation
  • Web injection
  • Phishing
  • Content defacement
  • Clickjacking
  • Malware and ransomware distribution
  • Watering hole attacks

Formjacking is The New #1 Threat

Formjacking and Magecart attacks can be very wide-ranged and affect millions of people at once, or they can be highly targeted and affect a very specific group of people. This is also one of the reasons why they are so difficult to detect.

The major implications of such attacks include:

Compliance:

People’s personal data is just that – personal. When media and content publishers fail to protect it from loss, damage or theft it is more than an inconvenience. That’s why laws and regulations are very clear – when you are entrusted with personal data, you must look after it. Every website in the media and content landscape is required to meet certain standards in order to be considered “in compliance,” and fines can be levied against a business or its owner if they fail to comply. 

Financial solvency:

If breached, a business has a whole host of other problems that will impact its bottom line. This usually involves hiring additional personnel to investigate the breach, stop it, and prevent it from happening in the future. The business may have to pay for a forensic investigation, data recovery services, credit monitoring for impacted parties, and more.

Customer trust:

Media and content publishers are heavily dependant on the trust of their customer base,  particularly when it comes to acquiring new customers. This is because they know that these customers can easily leave: a data breach is a quick way to convince customers to go elsewhere, where their personal information or other sensitive data will be secure. Surveys reveal that 64% of consumers confess to be unlikely to do business again with a company from which their personal data was stolen.

Customers put a lot of trust in the online media and content publishers they interact with. Earning customers’ trust is crucial for maintaining a long-lasting relationship, and once lost, earning it back is a very difficult task. 

Damage to brand reputation:

To protect the brand and ensure a safe browsing experience, online media and content publishers must establish and maintain a strong website security posture. Reputation is a fragile thing – it takes years to build, and moments to destroy. When a breach occurs, the target audience feels betrayed and angry. The initial cost can be seen in the form of lawsuits, but there is a far greater cost that can last years. Furthermore, this can negatively affect the business reputation of each person on the executive team and hinder their future endeavors. Stocks drop, the team is affected, and revenues plummet. Unlike a fine, which can be paid and forgotten, reputation cannot be fixed so easily. 

Source Defense helps media and content publishers balance superb customer experience alongside critical security, without compromising website performance or stability. We use real-time JavaScript sandboxing technology to create virtual pages that isolate the 3rd party scripts from the website. The virtual pages are an exact replica of the original ones, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original one. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the website owner, alerting them of the 3rd party scripts that had violated their security policy. This real-time prevention eliminates the 3rd party’s ability to interact directly and maliciously with the page. 

With attacks on media and content publishers on the rise, ensuring that your customers’ personal information is protected should be a priority if you want to avoid the implications of a data breach. Contact us to learn how the Source Defense V.I.C.E real prevention solution will protect your website from the growing threat of Magecart, Formjacking, and other digital skimming cyberattacks:

  • Isolating scripts from the page
  • Evading harmful activities
  • Applying best practices
  • Securely enhancing websites
  • Keep benefiting from 3rd parties

ABOUT SOURCE DEFENSE

Source Defense helps online retailers balance superb customer experience with critical security, without compromising website performance or stability. We create virtual pages that isolate the 3rd party scripts from the eCommerce website. The virtual pages are an exact replica of the original pages, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original page. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the eCommerce website owner, alerting them of the 3rd party scripts that violated their security policy.

3rd Parth Scripts Flow with Source Defense

Free Website Exposure Check