"Half of Web Owners Don't Know if Their Site Has Been Attacked"

Researchers at PermiterX discovered that nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach. The web app security vendor polled 501 organizations across multiple verticals to compile its latest report, called Shadow Code: The Hidden Risk to Your Website.  According to the researchers, the challenge for these firms is the extensive use of third-party sources for code, many of which obtain their code in turn from other third parties. The researchers claimed that 99% of firms use this extensive software supply chain for web functionality, including ad tracking, payments, customer reviews, chatbots, tag management, social media integration, and helper libraries that simplify common functions. Almost 80% of respondents said that these third-party scripts and open source libraries account for 50-70% of the capability in their website. Nearly half of the respondents (48%) could not say whether their site had been attacked, up from 40% in 2020.  PerimeterX argued that shadow code scripts and libraries added without IT oversight or security vetting is a challenge that could introduce hidden risks to the organization. Although respondents claimed to understand shadow code, only a quarter (25%) said they perform a security review for every script modification, and only a third (33%) automatically detect potential problems.

Infosecurity reports: "Half of Web Owners Don't Know if Their Site Has Been Attacked"