More than 99% of websites use third-party scripts, but only one in three can detect potential problems that could lead to digital skimming and Magecart attacks.
The findings from our third annual survey for PerimeterX on the risks from Shadow Code has just been published. As with the previous two years, the survey looked at the extent and impact of third-party scripts and open-source libraries that are used in web applications in organizations across industries. These scripts and libraries—often added without approvals or security validation—can introduce hidden risks into the organization and make it challenging to ensure data privacy and comply with various privacy regulations.
The key takeaways from the 2021 research are:
- Nearly all websites contain third-party code. Over 99% of respondents reported that their website uses at least one third- party script, and almost 80% said that these scripts account for 50-70% of the content in a typical website.
- Code changes are frequent, but undetected. Over 50% of respondents state that the third-party scripts running on their web properties change four or more times every year. However, only 34% have the ability to detect changes or updates made on their website that could potentially lead to a security problem.
- Visibility is lacking. Website owners lack the visibility into third-party code to know for certain that their site is safe from cyberattack. Nearly 50% of respondents could not definitively say their website had not been subject to a cyberattack.
- Client-side data breaches have severe consequences. More than half of respondents named brand damage, loss of corporate reputation, loss of future revenue, and potential lawsuits as “huge” or “major” problems resulting from an attack.
- Security professionals have an urgent need to manage third-party code risk. 75% of respondents intend to purchase solutions to address website script vulnerabilities within the next 12 months.
