98% of Alexa 1000 websites have not adopted sufficient client-side cybersecurity measures to prevent threat actors from attacking the websites to carry out personal, financial and credential theft, a recent study by Tala Security found. This risk is elevated during the holiday season when ecommerce sales and cybercriminial activity related to online shopping skyrocket.
One major issue is the fact that when users fill out web forms, the data they provide is usually exposed to far more domains than necessary. On average, the number of domains with access to form data is 10 times higher than the website owner meant it to be. Another risk stems from the fact that most websites use a high number of often poorly secured third-party integrations – 31 integrations per website on average.
Tala Security CEO Aanand Krishnan says the research shows that “online merchants and website owners must recognize the critical need for client-side security. The fundamental driver of online commerce — consumer trust — is at stake as attackers target widespread client-side vulnerabilities to steal credentials, credit card numbers, financial data and other PII.”
Read more: Cybercriminals targeting e-commerce website vulnerabilities this holiday season
