More than 99% of websites use third-party scripts, but only one in three can detect potential problems that could lead to digital skimming and Magecart attacks
PerimeterX, the leading provider of solutions that secure digital businesses against automated fraud and client-side threats, released “Shadow Code: The Hidden Risk to Your Website,” the third annual survey conducted with Osterman Research on the use of Shadow Code in web applications.
“While awareness is growing about the consequences of successful cyberattacks and most organizations claim to have addressed the risks of Shadow Code, digging deeper into our survey responses shows there is a false sense of security. Organizational security review processes are insufficient, capabilities to automatically detect changes have low adoption, and other means of assessing threats from code vulnerabilities are not up to the task,” said Brian Uffelman, VP and Security Evangelist, PerimeterX.
Third-party scripts and open source libraries are typically used for ad tracking, payments, customer reviews, chatbots, tag management, social media integration or other helper libraries that simplify common functions. However, the unmanaged use of Shadow Code — scripts and libraries often added without approvals or ongoing security validation — introduces hidden risks into an organization, making it challenging to avoid the risk of a data breach, ensure data privacy and comply with various privacy regulations.
Key findings include:
Not surprisingly, more than half of respondents named brand damage, loss of corporate reputation, loss of future revenue and potential lawsuits as “huge” or “major” problems resulting from an attack.
The report includes statistics on websites that use third-party codes and scripts, frequency of code updates, vulnerability and visibility levels, and the use of technology solutions to manage third-party script and open source vulnerabilities.
“It’s imperative that organizations review how they detect and manage risks to web applications. For the third straight year, our research continues to shed light on these critical issues for digital businesses. The percentage of respondents who suspect their website may have been attacked — but lack the visibility to state definitively — grew from 40% in 2020 to 48% in 2021. Respondents seem more willing to take active steps to mitigate these risks, with 75% stating that they intend to purchase solutions to address website script vulnerabilities within the next 12 months,” said Michael Sampson, senior analyst with Osterman Research.
The survey was conducted during May and June 2021 with a total of 501 organizations in the United States across a range of industries including retail and e-commerce, financial services, travel and hospitality, media and entertainment, gaming and delivery services. All of the survey respondents were security professionals or developers who are familiar with the way that third-party scripts are used by their organizations.
- PerimeterX Third Annual Analysis Report Reveals False Sense of Security
- Check all news and articles from the latest Security news updates.