Control Supply Chain Threats In Your Website

Modern organisations depend on online transactions. In an ongoing pursuit to improve the digital experience, websites become extremely complex. They typically include content from dozens of third parties used for analytics, advertising, chatbots, payment gates and more. You end up trusting a lot of external parties. With this comes opportunities for attackers to abuse that trust by compromising your digital supply chain and inject malicious code into your website. This allows bad actors to perform attacks such as harvesting credit card information and other sensitive information. This was seen with the Magecart attack campaign which resulted in British Airways receiving hefty fines for that data breach. While every customer will have a different risk depending on their use of third party content, defining the risk and associated controls should be included in every risk assessment.