News industry websites are at a higher risk of user-data breach or data misuse compared to other industries, the 2019 Feroot User Security and Privacy report found.
Key findings include:
- News websites use twice as many externally controlled scripts and tools compared to the other industries monitored, as 92 percent of major news websites across North America, the UK and Germany use ad trackers that are participating in automatic cross-border data transfer and is the only industry consistently sending user behavior data to Russia;
- An average of 21 web trackers are active on any given website at any time creating a new and increasing surface area for an attack through chatbots, analytics, ad tech tools and others. (News industry hosts an average of 40 trackers per site while the tech industry hosts an average of 25 trackers per site.)
- 90 percent of e-commerce login pages are susceptible to attack and can potentially provide external tools with unrestricted visibility of user passwords.
Hidden activities of third-party tools and scripts expose up to 97 percent of organizations to theft of customer data. Because these technologies rely heavily on outside services managed by third- and fourth-party vendors, they open the organization to a new surface attack area, in particular, the Man-in-the-middle (MITM) attack vector. This area requires ongoing monitoring due to the fact that the externally controlled scripts are often introduced through the user browser (or the client side) rather than the tools themselves.