Is your business safe?
The problem with client-side security is that most businesses are unprepared to deal with these new tactics. Even worse, many don’t notice that they’ve been hacked for days – weeks, or even months.
High Profile Victims
- British Airways
Attack lasted 16 days, 380,000 customers affected.
Website was compromised for over 1 month.
40,000 customers were affected over 9 months.
Customers were vulnerable for over 19 months.
Understanding the Magecart threat
In recent months Magecart has been regularly described as the Number 1 Threat in Cyber Security.
Whilst your customers browse and purchase on your website, scripts are loaded from third parties.
If a third party is compromised, hackers then have a way to write scripts affecting your website.
Hackers can then intercept customer card details without you even noticing.
Defending against the threat
To counter this new threat, some providers advocate locking down client-side code. This includes restricting access for third-party scripts and whitelisting or creating policies for where data is sent.
These are valid ways to protect your website. However, restrictive policies can be time-consuming and frustrating to manage.