In my decade working in the cybersecurity industry, I’ve developed quite a few fond memories learning from talented security professionals. In 2015, I found myself working with Andy Pendergast at ThreatConnect. (As a little background, Andy is one of the fine folks who developed the Diamond Model for Intrusion Analysis. He is considered to be a veritable cybersecurity encyclopedia among his peers.) At the time, I was new to cyber threat intelligence (CTI).

​​In a world in which commerce, business, and information are driven almost exclusively by the internet, protecting both consumers and data is critical. Over the past few months I’ve spent a significant amount of time researching front-end and client-side security to understand the pitfalls of the JavaScript programming language and how businesses can protect themselves from JavaScript-based cyber attacks.

Few programming languages generate the same love-hate relationship as JavaScript. For many websites, JavaScript (JS) is a critical coding component that drives client-side programming. Yet JS is also extremely vulnerable to attack since it is easy for hackers to input query strings into website code to access, steal, or contaminate data. Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your clients and customers.

I recently spoke to a Chief Information Security Officer (CISO) who explained that he disliked marketing and saw it as a risk and cost center to his business. He seemed to believe that everything his company’s marketing team did on its website was a risk and even called some standard marketing practices “reckless.” I get it. To those who are unfamiliar with marketing, a lot of what marketers do can seem strange and intimidating.

Imagine it’s December—the biggest sales time of the year. Your e-commerce site is up and running, complete with a robust and diverse inventory for buyers. A few days into the shopping season, you notice an unusually high number of cart abandonments and quite a few customers leaving after viewing a couple of different web pages. You check the web pages. They look fine—in fact, better than fine. (You spent a little extra this year improving the graphic design.) Everyone is stumped.

Today, businesses live or die by their digital presence. Crafting the best digital experience means putting the end user first, which requires a delicate balance of technology and innovation. To achieve this balance, businesses make use of third-party code, tools, and cloud services combined with their own technology to drive down time to market. As a result, most modern web applications are a culmination of first-party and third-party technologies delivered from the cloud.

News reports on attacks on the “supply chain” are becoming an almost every-day occurrence. First there was SolarWinds, then Kayesa, followed by countless other large and small supply chain attacks. Global businesses, economies, and lives are intricately connected to each other through applications and the internet. When critical systems are attacked and operations are affected, the downstream problems quickly become apparent.

Yes. There really are 10 fairly easy ways to improve your website security and protect your customers at the same time. But first, you may be asking “Why do I need to worry about my website security? Aren’t web applications safe? What could possibly go wrong?” We’re not in the business of peddling FUD (fear, uncertainty, and doubt), but… let’s be frank.

There’s a natural tension within most companies: marketing wants to get stuff out, while IT and security are focused on protecting the business. These waters between marketing and security can be treacherous, and a recent challenge we observed in a large U.S.-based northeastern bank, illustrates the issue well. Like many financial institutions, mobile and web banking are a critical and core component of the business model.