Key findings of the Tala website security report
The same report found that over 99% of sites are vulnerable to website security risks associated with trusted vendors code such as Google Analytics despite such scripts being vulnerable to exfiltration data in violation of GDPR and CCPA regulations.
Despite the shortcomings, 30% of websites applied various website security measures, which was a 10% increase from the past year. However, only 1.1% of the analyzed sites applied effective website security measures. Additionally, this was a decline of 11% compared to 2019.
The adoption of ineffective website security measures could give domain owners a false sense of security. This situation could encourage them to collect more sensitive information believing their sites were secured. The result would be more sensitive information leaking to third-parties.
Mitigating client-side data security threats
Leveraging browser-based website security controls would help reduce the risk of data leakage from websites. Website owners should adopt methods such as Content Security Policies (CSP) as well as Subresource Integrity (SRI) to create a future-proof solution to website security without sacrificing the user experience. Owners should also monitor data leakages from their websites and take corrective actions to protect their user data. According to Krishnan, user data is greatly exposed to various threats, and organizations should pay closer attention to the pervasive attack vector occasioned by trusted third-party resources.