A report published by Tala Security, a provider of tools for securing browser sessions, suggests an increased level of integration between web services has resulted in applications that are significantly less secure than most IT organizations appreciate.
The Tala Security report finds only 30% of the websites analyzed had implemented security policies, with only 1.1% of websites being found to have effective security in place.
The report also finds 92% of websites expose data to an average of 17 domains, including credit card transactions and personally identifiable information (PII) data such as credentials. The analysis indicates this data is exposed to nearly 10 times more downstream domains than intended by the website owner.
Tala Security CEO Aanand Krishnan said the report makes it apparent that despite increased awareness of cybersecurity, many organizations continue to be victimized by attacks that successfully harvest credit card data.
Given the current increased dependency on digital business processes in the wake of the COVID-19 pandemic, it’s not feasible for IT organizations to roll back applications. However, there is a clear need to ensure the security controls that are made available in most modern browsers are enforced, said Krishnan.
In theory, at least, adoption of best DevSecOps processes should lead to more of those controls being enforced. Unfortunately, DevSecOps is still a nascent trend. Cybersecurity teams are still pretty much on their own when it comes to ensuring the appropriate cybersecurity controls have been put in place. Given the rate at which new applications are being added to websites, that’s a daunting challenge. As a result, many organizations are betting the revenue they gain via the web outweighs any of the potential risks. However, the penalties associated with mishandling sensitive data are rising as well. It may now only be a matter of time before privacy regulations alter the risk-versus-reward equation surrounding web application security to the point where a fundamental change in behavior finally occurs.
Click here to go to the original author and source to this story.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .