Security News > 2022 > July > Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss

Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy implications when it comes to both compliance/regulatory concerns, like HIPAA or PCI DSS 4.0.

The government agency points out that sensitive health information combined with the shadowy data security practices used by technology companies is extremely problematic, with most customers having little or no knowledge of how their data is collected, what data is collected, how it is used, or how it is protected.

The security industry has repeatedly proven how easy it is to re-identify anonymized data by combining several datasets to create a clear picture of the end user's identity.

Client-side security researchers advise several approaches for identifying and mitigating these two primary risks.

Synthetic user interaction is logged and monitored, followed by behavioral analyses and logic injection into each page to gather the information that is difficult to collect manually, including form data, the data third-party scripts have access to, trackers that are deployed and their activities, and any forms or third-party scripts transferring data across national boundaries.

Security professionals with expertise on the client side are strongly advising organizations in industries such as financial services, media/entertainment, e-commerce, healthcare, and technology/SaaS that have multiple front-end web applications to understand client-side security and how client-side risks may impact their business.

News URL

https://thehackernews.com/2022/07/security-experts-warn-of-two-primary.html