83% of Execs Think Their Sites Are at Risk of Breach. They’re Probably Right


By Marty Greenlow, CEO, Ensighten

In 2019, company websites are more than just branding and marketing collateral. They’re primary business assets that serve as key mechanisms for lead generation, customer engagement and journey nurturing. As the volume and value of data moving through these powerful platforms continues to grow, so does the risk of data loss and breach.

All enterprises that collect data online are vulnerable to data leakage and cyberattack. Fortunately, such incidents are preventable through the proper implementation of marketing security measures. Unfortunately, as new research has uncovered, most enterprises haven’t fully implemented policies related to client-side website security of customer data. The result is a significant level of vulnerability among today’s global enterprises.

In a recent survey of 200 marketing, security, IT and corporate executives, Ensighten found that most executives (83 percent, in fact) believe their companies could be at risk of a data security breach. However, just over 33 percent of executives say they’ve fully implemented policies related to client-side website security of customer data. Let’s take a look at why those concerns are very much warranted—and why the lack of preparedness is particularly alarming.

Advanced Website Integrations, Heightened Vulnerabilities

The functionalities housed within the average enterprise website are both varied and complex. That comes as little surprise, given the role that company websites today play in not only branding, but also lead generation and other detailed marketing activities and mechanics. A vast majority of survey respondents reported that their companies’ websites feature advanced functionalities, including:

  • Payment processing (83 percent)
  • Customer log-in (75.5 percent)
  • Registration services (72.5 percent)
  • Chat capabilities (67 percent)
  • Social media functionality (60 percent)
  • Customer tracking for advertising purposes (55.5 percent)

The above features are necessary when it comes to meeting customer demands in today’s digital ecosystem. However, each and every one of the above functionalities enables third-party exchange of consumer data. Any time there’s a third-party exchange of consumer data, security risks to that data increase.

Locking Down Sensitive Data

While all points of customer data exchange are susceptible to leakage and breach, certain ones stand out as particularly attractive targets. As you might imagine, forms that enable the exchange of sensitive customer data, especially payment information, are particularly vulnerable to external incursions due to the value that cybercriminals derive from such data. In 2018, we saw a particularly sharp rise in incidents of form-jacking, which a method used by cybercriminals to steal visitors’ credit card details and other personal information from the payment forms on e-commerce websites.

At the head of these malicious campaigns is a consortium of hackers called Magecart. Last year, this group executed form-jacking attacks on numerous high-profile brands. Groups like Magecart are not only tenacious, but they’re also alarmingly sophisticated. Thus, it’s more important than ever for companies to safeguard their websites to prevent form-jacking and other growing threats to customer data.

Unfortunately, groups like Magecart will continue to succeed in their efforts until proactive, real-time data security measures become the rule, not the exception, among today’s enterprises. Given that our survey found only about a third of today’s enterprises consider themselves to be protected against such incidents, we still have a long way to go on the journey to secure customer data.

Control of customer data starts with a full understanding of a company’s website integrations and the additional vulnerabilities that come with them, but true prevention of leakages and breaches requires companies to take that understanding even further. Periodic manual audits of website integrations are not sufficient from a preventive standpoint. Shoring up data vulnerabilities requires the implementation of systems that can identify, monitor and securely manage all third-party integrations on websites. In today’s customer-centric, privacy-aware world, the risks revealed by Ensighten’s recent survey cannot be allowed to persist. It is time for executives to move beyond awareness and take action to shore up their customer data and, in doing so, safeguard the future of their enterprises at large.