User Security and Privacy Report Finds Vulnerabilities in Web Trackers and the Rise in Cross-border Data Transfers and Access to User Login Credentials

User Security and Privacy Report Finds Vulnerabilities in Web Trackers and the Rise in Cross-border Data Transfers and Access to User Login Credentials
28.06.2019 01:56 pm

User Security and Privacy Report Finds Vulnerabilities in Web Trackers and the Rise in Cross-border Data Transfers and Access to User Login Credentials

Security

User-side security monitoring system Feroot today released its 2019 User Security and Privacy Report examining the hidden behaviors of external third- and fourth-party tools on the user-side for websites and web apps. Of the 13 different industries and government agency websites worldwide reviewed, the report found that:

  • 92% of major news websites across North America, the UK and Germany use ad trackers that are participating in automatic cross-border data transfer and is the only industry consistently sending user behavior data to Russia;
  • An average of 21 web trackers are active on any given website at any time creating a new and increasing surface area for an attack through chatbots, analytics, ad tech tools and others. (News industry hosts an average of 40 trackers per site while the tech industry hosts an average of 25 trackers per site.)
  • 90% of e-commerce login pages are susceptible to attack and can potentially provide external tools with unrestricted visibility of user passwords.

What this means:

The challenges faced by most security professionals is the constant growth of the tech stack: third- and fourth-party vendors, web trackers, and homegrown technology tools are always in flux as new tools and trackers are added daily for marketing and sales purposes. This poses ongoing data security and privacy threats because side-loaded code can be modified by third-parties at any time opening the possibility for a Man-in-the-middle (MITM) attack vector.

“The rise in regulatory scrutiny and increase of data breaches worldwide demonstrates the need for companies to be more vigilant about the type of data they collect and of the integrity of all parties that have access to user data, ultimately ensuring data is protected from potential theft,” said Ivan Tsarynny, Feroot CEO. “We are alarmed at how often data transfers and data collection by third-party tools go undetected. Attack surface area now includes all marketing and customer service third-party services. Security and privacy teams need to track where and by whom data is being stored, processed, and transferred, to prevent recurring and devastating breaches.”

Feroot scanned more than 1.1 million unique web pages across 365 organizational websites in 13 different industries focusing on the US, Canada, UK, France, Spain, and Germany, including government agencies, to take a closer look at:

  • Automated personal data collection and cross-border data transfers on public facing websites and web apps;
  • Data collection practices of web tracking tools across industries;
  • The impact of third- and hidden fourth-party tools and behavior tracker activities on GDPR, CCPA, PCI-DSS, HIPAA, and other obligations.

Simulated visits were conducted between April 19 and May 31, 2019, using the Feroot user- (client) side security monitoring system, and were repeated multiple times, limited to approximately 90 pages per website per day. For the full report visit here.

Related News

Semafone to Host Webinar on How to Implement Frictionless Payments in Omnichannel Contact Centers

Semafone®, the leading provider of data security and compliance solutions for call and contact centers, will host its next... Read more »

Acronis Announces a $147 Million Investment Round Led by Goldman Sachs

Acronis, a global leader in cyber protection... Read more »

Attacks using IoT devices and Windows SMB escalate in 2019

Cyber criminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report, “Attack Landscape H1 2019”. The report... Read more »

Exness partners up with Sumsub for fraud protection assistance and globally inclusive AML compliance

Scalable automated solution Sumsub provides trading market giant... Read more »

F-Secure Countercept continues to win trust from US enterprises

F-Secure Countercept, an award-winning managed detection and response (MDR) solution from cyber security provider F-Secure, has won the trust of another US-based enterprise in... Read more »

Do you take cards? Payment cards still rule in a cashless society

As the UK fast progresses towards a cashless society, consumers have made it clear they are not prepared to give up their bank cards. Research by ... Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel