Why You Need User Interface Protection
Cyber-crime is at an all-time high. As the number of possible attacks evolves and expands, the financial and reputational fallout from data breaches is intensifying. Today’s organizations face virtually relentless assaults from hacker teams, criminal syndicates, unsavory competitors, nation-states and hacktivists. And, as the digital frontier continues to advance, companies can no longer afford to ignore any aspect of cyber-security, especially those facets often neglected, such as the user interface (UI).
The Impact of Cyber-crime
In a joint report by GCHQ and the UK National Crime Agency published earlier this year, it was revealed that the threat posed by cyber-criminals has matured significantly over the past 12 months as they continue to take advantage of the efficient, reliable, and relatively inexpensive IT infrastructure offered in Western European countries.
These findings align with a study from Cybersecurity Ventures, the world’s leading researcher and publisher covering the global cyber economy, who reported that, in 2016 alone, ransomware attacks rose by over 300%.
Today, unprecedented numbers of hackers are actively scheming to compromise digital assets and business data, drawn by the prospect of greater financial reward. Cyber-crime perpetrated through the UI now accounts for 10% of all data breaches, and attacks such as man-in-the-middle and man-in-the-browser are on the rise. This places corporate intellectual property, revenue, and reputation in great peril, yet, research indicates that many businesses are failing to respond appropriately.
How to Tackle Cyber-crime
In the same study from Cybersecurity Ventures, it was found that more than 90% of corporate executives say they aren’t prepared to handle a major cyber-attack. This trend was summarised by Vicky Papapetrou, a director of the EY EMEIA Cybersecurity Centre of Excellence, who said, “almost wherever we turn, we see business executives who are understating the risks,” adding, “too many companies still treat cyber-security as an IT risk and tend to overlook or understate business risks.”
Addressing cyber risks requires conscious effort. Companies need to know the sources of vulnerability, and how they can be exploited, to adequately protect their data. While recent high-profile breaches have helped improve public understanding of attacks such as malware, ransomware, DDoS, and phishing, threats to other areas of business, such as the user interface, remain virtually unknown.
What is User Interface Protection?
User interface protection refers to the security measures organizations must employ to defend themselves against attacks perpetrated “in-the-browser”.
Man-in-the-middle and man-in-the-browser are examples of such cyber-attacks which, if undetected, can cause extensive economic damage, particularly in the case of a financial business where the economic incentive for hackers is large.
But, despite research suggesting that at least 10% of all cyber-attacks are focused in this area, current estimates have found that up to 80% of organizations have taken no action to protect themselves.
What Happens if You Don’t Protect the UI?
Failure to protect the UI provides easy access for cyber-criminals and allows them to infiltrate web browsers to modify web pages, transaction content, or insert additional transactions all completely covertly.
This form of content manipulation can be severe. While many companies have come to understand phishing scams, in which an unsuspecting user is directed to a fake website through a link in an email or some other notification, “in-the-browser” attacks occur when the victim has entered the URL into the browser independently.
On the surface, interactions and transactions are taking place normally, with expected prompts and password requirements, but underneath hackers are monitoring, modifying, and exploiting the information for personal or financial gain, at the expense of both the user and organization.
The COVID-19 has escalated the situation and hackers and scammers are using the chaos on their behalf to create more global damage. The facts that many people work and study from home means less security and easier acces for hackers and scammers. Many businesses are dealing with attacks and even hospitals have been hit. Read more here
Newest insight on attacks
A new attack technique has spotted since late 2018 where the attacker get acces to eCommerce payment sites through 3-party retailers. This is an new and fairly unknown technique, but is extremely effective and dangerous since bigger companies usually have a lot of 3-party suppliers / partners with acces to the website and the suppliers doesn’t have the necessary security because they are small. Once the attackers are in they can view everything and by that steal user credentials. This has so far lead to attacks on 800+ retailers in 2019 – the biggest incident being the attack on British Airways that costed them a £183M fine, 380.000 stolen credit-cards and ~50% market value. Read more here
How to Protect the UI
Cyber-security is governed by hard realities. This fact best summed up by Earl Perkins, research vice president at Gartner, during the Gartner Security & Risk Management Summit 2017, who said: “you can’t protect everything equally… you have to find a way to control only what matters.”
The UI is a feature that can and should be controlled. CodeSealer is a user interface protection solution that specializes in eliminating in-the-browser vulnerabilities. Recognized by Gartner as a financial fraud detection strategy for user interface protection, CodeSealer is perfectly placed to offer the protection from UI-based cyber-attacks that has become necessary in today’s environment.