The first line of defence for website security

(Image credit: Pixelcreatures/Pixabay)

For businesses around the globe it is becoming increasingly difficult to protect their data online. Whether it be from a data breach, ransomware attack, phishing scam or any of the other ways cybercriminals are targeting businesses of all sizes. 

Now that GDPR has gone into effect, businesses are more accountable than ever for the data they hold about their customers and large fines can be levied against them if they fail to protect user data.

To better understand the threats business websites face from attackers, TechRadar Pro sat down with Ensighten’s Chief Revenue Officer Ian Woolley.

Are businesses on the brink of a website security crisis?

GDPR has held a magnifying glass up to data security in Europe, focussing in on businesses’ relationship with consumers and how they use and collect data. Despite the onus placed on becoming compliant, businesses have a long way to go towards sufficient data governance.

One of the biggest issues is that businesses aren’t aware of the security risks to their customer facing marketing platforms such as websites and mobile apps, where customers share personal information and payment details. This data is of huge value to the business but also to criminals looking to score customer data. Inadequate security of these consumer touch points means businesses aren’t in a position to prevent potential attacks and are vulnerable to a breach.

The majority of organisations don’t have sight of the entire company, and therefore have possible cracks in their security strategy without knowing. This is reinforced by our research, investigating the views and attitudes of enterprises on marketing security, finding 41 per cent of enterprises had already experienced a marketing security incident and nearly half (46%) believe they are at risk of a website data breach.

Businesses need to thoroughly assess and identify the weak links that could trip them up. As such, organisations need to appoint a team to look at security holistically so that no stone is left unturned. This way, resource and investment will not only support the protection of cybersecurity and the traditional network but also the marketing platforms where consumers share their data. We call this Marketing Security (MarSecTM).

What causes website data breaches?

When a company has third-party technologies on its website that it does not control, it can open a window to potential hackers, which can lead to data theft and the exposure of customer Personally Identifiable Information (PII).

Breaches can occur through third-party tags and technologies such as chat capabilities. If customer data or PII isn’t anonymised correctly or if it’s passed to another company without the business’ knowledge or consent, a breach can arise.

When speaking to enterprises regarding their own experiences including the factors most likely to cause a data breach, malware (24%) and human error (24%) came out on top. When it came specifically to marketing security, poor management systems (39%) and insufficient budgets (38%) were the most common challenges to blame for enterprises’ security vulnerabilities. These excuses aren’t going to protect an organisation's reputation when their consumers’ data is stolen. The priority must be to prevent a breach or leak - investing in technology to audit and protect data held on websites and apps is essential to mitigate risk and keep consumers’ data safe.

With just 27 per cent of enterprises’ total security budget being spent on marketing security currently,  the vast majority of businesses are opening up their most valuable data to criminals.

These  hackers prey on poorly protected websites and other marketing platforms. No company is safe, just one gap could result in a devastating breach.

Are there solutions or steps businesses can take to prevent a data breach?

More onus needs to be placed on companies to look at security holistically. Currently, teams are working in silos. By working together, marketing, technology and security teams, can join the dots and fill the cracks which could prevent a data leak.

If a business is unable to whitelist quality vendors and ensure that third parties on their site can’t capture sensitive information, then a change is needed. The starting point is conducting an audit and seeking help to rectify any vulnerabilities.

With a real-time MarSec™ strategy and enforcement tools, businesses can easily prevent data leakage and unauthorised sharing of PII, while complying with GDPR and other data privacy regulations.

Ultimately, it’s not enough to just put a security strategy and process in place. Constant governance and tweaking strategies to mitigate risk and protect customers’ data is vital.

Ian Woolley, Chief Revenue Officer of Ensighten

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.