Recently, Stephen Ward, CMO at Source Defense sat down for a podcast interview with Josh Marpet, Executive Director at RM-ISAO, and Paul Asadoorian, Founder at Security Weekly to: 

  • Explore the threat of client-side attacks
  • Dive into real-world examples of the material impact they have caused
  • Pinpoint effective approaches to mitigate this risk with the pros and cons of each

Watch the 60-min Security Weekly podcast recording on Managing Shadow Code & the Blind Side in 3rd Party Risk

Or, read ahead for a high-level synopsis of the podcast interview right here. 

What Risks are You Overlooking in Your 3rd Party Risk Management?

With all of your focus and investment on 3rd party risk management, there is likely still a blind side that remains unaddressed. It is a risk introduced by the 3rd party digital supply chain partners you rely upon (and the nth parties they work with) to power and enhance your website. From plug-ins to widgets and forms, cybercriminals use your digital supply chain as an attack vector to infiltrate browser sessions and steal sensitive customer data via JavaScript-based attacks. 

This is an area of exposure introduced through your own code, and by your partners, that can only be addressed on the client-side. While it remains widely unaddressed, this is an area that needs to be moved to the top of your priority list — both for its potential to cause material losses in the form of response costs and fines and judgments and for the ease in which it can be mitigated. 

The Threat of JavaScript-Based Attacks Exists for Any Organization Conducting Transactions or Collecting Sensitive Data from Web Properties

3rd party cyber risk is an area of major concern across all industries. But if that’s the case, how are major enterprises still being affected by client-side attacks? The answer is simple — with so many priorities to focus on, the client-side has been overlooked. But it can’t be any longer, and any 3rd party risk management effort that doesn’t take into account the organization’s mission-critical web properties isn’t complete. While client-side attacks may not garner the same headline focus as ransomware, they remain a daily threat. Household names like British Airways have been affected by client-side attacks costing them tens of millions in the process. Already in 2022, we’ve seen headlines of major client-side attacks like the one that hit Segway, potentially impacting nearly a million consumers. 

The reality is that the threat of JavaScript-based attacks — clickjacking, digital skimming, formjacking, site defacement, “Magecart” — is widespread and exists for any organization collecting sensitive data or conducting transactions through their web properties. 

Mitigate Your 3rd Party Risk with Source Defense

Source Defense is the industry leader in web application client-side protection. The Source Defense Client-Side Web Application Security Platform acts to: 

  • Shed light on all 3rd, 4th and nth parties in your website digital supply chain 
  • Uncover security risks and compliance policy violations introduced by these parties 
  • Sandbox all JavaScript running from these partners and apply policy controls over their behaviors 
  • Prevent client-side attacks with a low-burden, easy to use solution that takes days to test, a few simple weeks to implement, and immediately provides security and compliance benefits 

Final Thoughts

The client-side needs to be a critical area of focus in your 3rd party risk management effort. It is low-hanging fruit that has the potential to cause excessive damage to your business’ reputation and bank account. You need low-burden risk mitigation that is quick and effective. Source Defense can help.

Request a demo to mitigate 3rd party risk and take the threat off the table.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.