Are you responsible for 3rd-party risk management and/or for securing your company’s web presence? If so, then you have a blind side that could bite you big. It comes in the form of Magecart attacks like formjacking, digital skimming and credential harvesting.
And it’s time you take that blind side seriously.
Your blind side
Remember the movie “The Blind Side,” based on the book by Michael Lewis? It includes a flashback to a career-ending pro football play – one that I’ll never forget – in which quarterback Joe Theismann is blindsided by linebacker Lawrence Taylor.
“He doesn’t see Taylor leap, both arms over his head, and fill the sky behind him. Theismann prides himself on his ability to stand in the pocket and disregard his fear. He thinks this quality is a prerequisite in a successful NFL quarterback. . . What happened to the ball, and to the person holding the ball, was just the final link in a chain of events that began well before the ball was snapped.
“At the beginning of the chain that ended Joe Theismann’s career was an obvious question:
“Who was meant to block Taylor?”– The Blind Side by Michael Lewis
Picture yourself as the Joe Theismann of your company’s web security. You’ve invested plenty in shoring up the assets you’re responsible for – so much so, that you might think you’ve got all the angles covered. You update your web apps and apply patches to your servers religiously. You put in place everything necessary to defend your servers from incoming threats. With such rigorous security, you’re confident you can focus on driving your company’s transactional or e-commerce site without fear of a successful attack.
At the beginning of that chain of events is an obvious question: Who was meant to block that attack?
3rd Party Risk is 3rd Party Risk
We’ve posted recently about the digital supply chain and how can you mitigate your 3rd-party risk.
You rely on traditional web security to mitigate the risk of attackers compromising your server through malicious activity. But this 3rd-party client-side risk is one that can easily blindside you, stepping around your traditional defenses and attacking from the pass-rushing, catch-you-by-surprise side.
That’s why we look at this as a 3rd-party risk management issue. Addressing vulnerability and 3rd-party client-side risk is not some completely new security domain demanding that you study, budget for and create headcount to deal with. Your organization is already investing in 3rd-party risk management, and this is another source of the same kind of risk.
The Source Defense approach
Fortunately, the Source Defense platform offers you an easy to way to manage 3rd-party risk in your digital supply chain and prevent attacks from your blind side.
- No burden on staff — Cybersecurity teams are stretched thin as it is. Source Defense is a low-impact, low-effort way to protect your blind side. It doesn’t add to the burden on your staff or force you to attract and train more security talent.
- Prevention instead of detect-and-alert — Source Defense uses real-time sandbox isolation to prevent client-side attacks that originate in the digital supply chain your site depends on.
- No management headaches — You accept policy recommendations as necessary. Source Defense continually monitors and updates protection instead making you implement and maintain it.
Malicious actors have wasted no time this year. Formjacking, a common type of client-side web attack, was already grabbing headlines on the first workday of 2022, with a single compromise that affected more than 100 real estate sites.
As you mull over your cybersecurity priorities in 2022, look at mitigating the 3rd-party risk from client-side web attacks as a low-effort, top-5 priority. It’s another form of the risk management you already undertake and a solid use of your already-allocated budget for mitigating 3rd party risk this year.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.