After analyzing the security posture of the Alexa top 1000 websites, the survey revealed that website data risk is on the surge, but most of the website owners fail to deploy necessary security precautions to defend against client-side attacks.
Other key findings include:
- Despite increasing numbers of high-profile breaches, forms found on 92% of websites expose data to an average of 17 domains. This is PII, credentials, card transactions, and medical records. While most users would reasonably expect this data to be accessible to the website owner’s servers and perhaps a payment clearing house, Tala’s analysis shows that this data is exposed to nearly 10X more domains than intended. Nearly one-third of websites studied expose data to more than 20 domains
- Over 99% of websites are at risk from trusted, whitelisted domains like Google Analytics. These can be leveraged to exfiltrate data, underscoring the need for continuous PII leakage monitoring and prevention. This has significant implications for data privacy, and by extension, GDPR and CCPA
- 30% of the websites analyzed had implemented security policies – an encouraging 10% increase over 2019
Aanand Krishnan, Founder and CEO of Tala Security, said, “Websites generate massive volumes of high-value data, making them a primary target for attackers. The fundamental issue with the way today’s websites is that user data is greatly exposed to third-party applications and services and that data leakage is occurring even from trusted third-party resources. It’s imperative that organizations keep security top-of-mind and pay much closer attention to what has become a pervasive attack vector.”