Cybersecurity Awareness Month is a good time to remind ourselves that the responsibility to secure the customer experience goes beyond our infrastructure and out to the browser. For organizations that are passionate about protecting their customers, browser-based attacks are particularly frustrating because the impact directly affects customers. While some browser-based attacks such as web skimming steal customer data and thus victimize both the organization and the users, other attacks leverage an organization's website to attack the customers or to attack another organization entirely.
Browser-based attacks occur when attackers inject malicious code into components that are served up onto a website. All modern websites include third-party scripts, and attackers have successfully injected code into several. Recent examples of browser-based attacks include Magecart and the ongoing proliferation of cryptomining malware.
Consider the different ways that a browser-based attack can impact your organization, impact your users, or impact organizations you don't even know. As you assess the threat of browser-based attacks, know that attackers:
You may feel challenged to protect customers from browser-based attacks due to lack of control over a customer's environment (their browser usage, their settings, their permissions, whether they click on the link, etc.). However, you must reduce the risk by:
As attackers focus more on the client-side, organizations must consider the impact of script and browser vulnerabilities more broadly. Work the above scenarios into your threat modeling and think about how to best protect your customers and their experiences with your site. Applications continue to be the most common path for attackers; don't let browser-based attacks be your weak link.
Download Forrester's complimentary guide to learn how and why Zero Trust is the best way to defend your business.
This post was written by Principal Analyst Sandy Carielli and originally appeared here.