98 percent of top US websites not prepared against attacks
Most sites use forms to collect PII and financial data from the user. This form data is defined by the website owner's code architecture to be intentionally sent to an average of 1.6 domains. However, in reality, due to the reliance on third-party integrations, form data is exposed to an average of 15.7 third-party domains.
"The number one enemy of enterprise website security is lack of awareness about what's 'under the hood' from an integration and architecture standpoint. This is basically a website's 'supply chain'," says Aanand Krishnan, founder and CEO of Tala Security. "The fundamental issue with the way today's websites are secured is that user data is greatly exposed to third-party applications and services that have not been properly vetted. While Magecart is the most well-known, there are many other attacks that leverage client-side vulnerability. It's imperative that organizations keep security top-of-mind and expand their perspective on what has become a pervasive attack vector -- the organization's website."
You can find out more in the full report which is available from the Tala site.