Twitter Apparently Hasn’t Paid For Employee Charitable Donations Made In 2022…. WTF?

Posted in Commentary with tags on April 1, 2023 by itnerd

Twitter is a real gong show under Elon Musk. But you knew that. However, this Tweet from Zoe Schiffler of Platformer takes the gong show to another level:

Really? Elon’s literally stealing money from charities. Even by the standards that Elon operates under, that’s a new low. Even for him.

To give you some perspective about how much cash we’re talking about here, there’s this:

Now if you expand Shiffler’s Tweet, Twitter claims that they are “is “actively working” to get the money to the NGOs.” But clearly Elon doesn’t want to cut the cheque, otherwise we wouldn’t be here talking about it. And I am willing to go out on a limb to say that now this is public, I am 50/50 as to whether he will because embarrassment and humiliation doesn’t seem to affect him.

You have to wonder if there is nothing that Elon won’t do at this point.

The FDA Now Requires Stronger Cyber Security In Medical Devices 

Posted in Commentary with tags on April 1, 2023 by itnerd

Yesterday, the FDA published new guidelines strengthening the cybersecurity levels of products used by healthcare providers that are connected to the internet. This comes after years of concerns that these devices could be hit by attacks endangering lives, which was highlighted by a September 2022 report by Proofpoint’s Ponemon Institute that linked a 20% increase in mortality rates due to cyber-attacks targeting healthcare organizations.

According to a guidance, applicants seeking approval for new medical devices must:
 

  • Submit a plan designed to address possible cybersecurity issues
  • Outline a process to provide regular security updates and patches
  • Provide “a software bill of materials,” including commercial, open-source and off-the-shelf software components

The new FDA guidelines come a couple of months after security experts at Sonar found three vulnerabilities in OpenEMR, and more recently, KillNet was observed targeting healthcare applications hosted using the Microsoft Azure infrastructure.

George McGregor, VP, Approov had this to say:

“This is a major step forward in strengthening cybersecurity defenses in healthcare in the USA (something that we have been campaigning for as a leading provider of mobile security solutions)  A key element of the guidelines for medical devices is that companies must have a plan in place for “postmarket”  runtime protection.  

“Another welcome aspect of the requirements is that they explicitly state that cyber defenses must be able to be updated rapidly if and when required. This requires security administration to be a key element of the operational plan, including the ability to update policies as new vulnerabilities are uncovered and rotate secrets and keys quickly in the event that they are stolen. “

I am glad to see that the FDA is taking this step as attacks on healthcare are are thing as evidenced by the attack on Sick Kids hospital last year. Because sooner or later one of these attacks will affect patient care in a severe way if nothing is done.

The Canadian Government Put Strings On The Rogers/Shaw Merger….. Not That It Makes A Difference….

Posted in Commentary with tags , , on April 1, 2023 by itnerd

Yesterday the Rogers/Shaw merger got approved by the Canadian government. That means less competition and higher prices for Canadians. But if you believe the Canadian government (Spoiler alert: I don’t) there are guardrails in place to make sure that this is a good deal for Canadians. Here’s the TL:DR for your perusal:

“As part of these agreements and conditions, Videotron:

  • Will offer plans that are comparable to those currently available in Quebec, and offer options at least 20% cheaper than those made available by the major players;
  • Cannot transfer the Freedom Mobile licences for a period of ten years;
  • Will have to expand its 5G wireless network in Freedom Mobile’s pre-existing operating territory within two years;
  • Will expand mobile service into Manitoba via the use of a signed Mobile Virtual Network Operator (MVNO) agreement or other means and offer plans comparable to what it offers in Quebec; and,
  • Will increase data allotments of existing Freedom Mobile customers by 10% as a near-term bonus while it invests to bring down prices overall.

“Separately, Rogers will also be subject to strict and legally binding commitments requiring them to make major investments to improve connectivity within the next 5 years, including:

  • Creating 3,000 new jobs in Western Canada and maintaining them for a minimum of 10 years after the closing date;
  • Establishing a Western headquarters in Calgary and maintaining it for a minimum of 10 years after the closing date;
  • Investing $1 billion to expand broadband Internet access, at speeds of at least 50/10 megabits per second, and 5G mobile service in areas where it is not currently available;
  • Investing at least $2.5 billion to enhance its 5G network in Western Canada, and $3 billion in additional network service expansion projects; and,
  • Expanding access to low-cost broadband Internet plans and launching a new low-cost mobile offering for low-income Canadians.

“These agreements are subject to significant financial damages for non-compliance: up to $200 million in the case of Videotron and up to $1 billion in the case of Rogers. These agreements will be released publicly and are subject to annual reporting requirements.

“Should the parties fail to live up to any of their commitments, our government will use every means in our power to enforce the terms on behalf of Canadians.

Now that all sounds good and the potential fines sound big. Not to mention the potential fines are meant to encourage Videotron and Rogers to do everything on this list. But call me a skeptic, I really don’t see any of this bringing about more competition and lower prices. The problem with the Canadian telco space is that it’s an oligopoly. And this deal does nothing to address that. Until the folks in Ottawa figure out that there has to be a big foreign player that is allowed to enter the Canadian market, Canadians will continue to pay among the highest prices for their telco services.

GM Will Dump Apple CarPlay For Google In EV Vehicles Simply To Make A Few Extra Bucks

Posted in Commentary with tags , , on March 31, 2023 by itnerd

I have to admit that I was trying to find a non cynical way of speaking to this story from Reuters. But I can’t so I am going to call it out for what it is. Let’s start with this:

General Motors plans to phase out widely-used Apple CarPlay and Android Auto technologies that allow drivers to bypass a vehicle’s infotainment systems, shifting instead to built-in infotainment systems developed with Google for future electric vehicles.

Apple CarPlay and Android Auto systems allow users to mirror their smartphone screens in a vehicle’s dashboard display.

GM’s decision to stop offering those systems in future electric vehicles, starting with the 2024 Chevrolet Blazer, could help the automaker capture more data on how consumers drive and charge EVs.

GM is designing the on-board navigation and infotainment systems for future EVs in partnership with Alphabet Inc’s Google.

This decision doesn’t seem to affect gas powered vehicles. But GM has committed to not making gas powered vehicles in 2035. So read into that what you will.

The question is why would GM go this route. Here’s why:

Buyers of GM EVs with the new systems will get access to Google Maps and Google Assistant, a voice command system, at no extra cost for eight years, GM said. GM said the future infotainment systems will offer applications such as Spotify’s music service, Audible and other services that many drivers now access via smartphones.

“We do believe there are subscription revenue opportunities for us,” Kummer said. GM Chief Executive Mary Barra is aiming for $20 billion to $25 billion in annual revenue from subscriptions by 2030.

That’s right, it’s all about the Benjamins. I am guessing that GM traded having CarPlay in their cars to get Google to help GM to do something that would result in a recurring revenue stream. Because recurring revenue is what all the cool kids want these days.

The thing is GM is going to regret this.

Android Auto and Apple CarPlay are must haves when buying a new car. In my mind, deleting Apple CarPlay is going to make a lot of Apple fans simply say “There’s no Apple CarPlay in this EV? Over to the competition I will go.” But the flip side to that is that they might be counting on being like Tesla where they don’t use Apple CarPlay and Android Auto, but their cars still sell. Though many Tesla owners who want CarPlay have used a hack to get it. Ditto for Android Auto. That implies that these are features that at least some Tesla owners want. Despite what Elon Musk may think.

Don’t be surprised if GM reverses course if their EV sales aren’t what they think they should be relative to the market, and when they dive into why, this decision to dump Apple CarPlay comes up as a factor. It may take a few years to get there. But I am sure that they will regret this decision.

Rogers/Shaw Takeover Approved By Federal Government… And This Will Cost Canadians

Posted in Commentary with tags , on March 31, 2023 by itnerd

Bad news. The news is out that the merger of Rogers and Shaw has been approved by the Canadian government:

Federal Industry Minister Francois-Philippe Champagne is set to make an announcement this morning about Rogers Communications Inc.’s proposed $26-billion purchase of Shaw Communications Inc.

A senior government official, speaking on the condition they not be named in order to discuss matters not yet made public, says the minister will discuss the transfer of wireless licences at a news conference before the stock market opens.

The deal was first announced more than two years ago and has been awaiting regulatory approval since then.

A full-scale purchase of Shaw by Rogers raised competition concerns, and the original deal has been revised to include the sale of Shaw’s Freedom Mobile to Quebec-based Videotron.

The CRTC and Competition Bureau have each given the agreement the green light.

So, if Canadians were hoping that this deal would not be approved and that competition, as little as it is in the Canadian telco space, wouldn’t shrink any further will be disappointed in this news. All this is going to do for Canadians is reduce choice and increase prices because there are less players in the market. I was going to say that I don’t understand why nobody in Ottawa sees that. But instead I will say that I don’t understand why nobody in Ottawa cares because Canada pays some of the highest prices in the world for telco services and this issue gets lip service at best from the Canadian government. And to be honest, I don’t know what it will take to change that.

Today is a very sad day in Canada.

Guest Post – The Looming Threat of Orphaned Data: How Former Employees’ Abandoned Files Could Destroy Your Business

Posted in Commentary on March 31, 2023 by itnerd

By Michael Jack, CRO and Co-Founder, Datadobi

Employees are leaving their jobs in record numbers – both voluntarily and involuntarily.

The amount of employee turnover that occurs each year varies depending on the industry and country. However, layoffs have seemingly become a common occurrence in the business world, with the tech industry being hit particularly hard of late. Layoffs.fyi, a website that has been monitoring tech layoffs since March 2020, has compiled data indicating that approximately 128,202 employees have been laid off by 482 tech companies since the beginning of this year.

However, employees are leaving their jobs on their own accord as well. According to US Bureau of Labor Statistics (BLS), Job Openings and Labor Turnover Survey (JOLTS), in 2022, the number of total separations increased by 3.2 million to reach 72.3 million. Of these separations, quits accounted for 70.0 percent, with 50.6 million workers voluntarily leaving their jobs – the highest annual level of quits recorded in the history of the survey.

In 2023, one could surmise this employee turnover trajectory is likely to continue, driven by several factors including economic conditions, industry trends, and continued changes in work conditions.

Former employees are leaving a lot of dark data behind.

According to a report by IDC and Seagate, the total amount of data created worldwide is expected to reach 175 zettabytes by 2025. While it’s difficult to estimate how much of that data is generated by employees specifically, it’s clear that the amount of data created by individuals within businesses is growing at an unprecedented rate.

Of course, the amount and type of data created by each employee can vary widely depending on the industry, job role, and the specific tasks performed. However, according to various experts, it is estimated that around 80-90% of that data is unstructured data. That is, it ranges from emails, documents, spreadsheets, presentations, and databases to other less innocent files such as movies, music, images, and Torrents. Torrents, which are often used for sharing large files such as movies, music, and software, can also pose risks, such as the spread of viruses or malware, and the distribution of copyrighted material without permission.

It doesn’t take much to do the math – that is a lot of data former employees are leaving behind.

Orphaned data is risky business. 

Orphaned data refers to data that has no clear owner or purpose within an organization. This can occur when data is created or stored and the individual responsible for it leaves the organization without transferring ownership or knowledge of the data to another person or department. This can lead to several significant risks, including:

  • Security risks: Orphaned data can become a ticking time bomb of security threats waiting to explode! If this data contains sensitive or confidential information, it can be a goldmine for cybercriminals who can exploit it for their gain. Once this information falls into the wrong hands, it can lead to devastating consequences such as identity theft, financial fraud, or corporate espionage.
  • Compliance risks: If your business is not managing orphaned data properly, it can accumulate over time and lead to noncompliance with regulations, such as GDPR, SOX, HIPAA, and FISMA. Noncompliance with industry regulations can be a nightmare scenario for businesses. The potential legal and financial penalties can be ruinous, leading to hefty fines, lawsuits, and even business closure.
  • Operational risks: Orphaned data can wreak havoc on your entire operation. As orphaned data accumulates over time, it takes up valuable storage space, leading to degraded system performance and extended backup windows, which can cause operational disruptions. The consequences of these disruptions can be dire, resulting in delays, lost productivity, and decreased customer satisfaction. But that’s not all, the costs associated with storing and maintaining this data can add up quickly, creating a massive financial burden on your organization.
  • Reputational risks: Imagine the horror of your business’s name plastered across the headlines of every major news outlet, exposing the loss of sensitive or confidential data due to orphaned data management negligence. This could be a fatal blow to your reputation and customer trust. The damage from such an incident can be immeasurable, and it can take years to recover from the loss of trust and loyalty from customers. Not to mention the costs associated with potential legal actions and settlements.

To address the issue of orphaned data, organizations may need to implement data governance policies and procedures to ensure that all data is properly documented, stored, and maintained. This may involve conducting regular data audits, assigning clear ownership and responsibility for data, and establishing guidelines for data creation and storage.

StorageMAP enables IT leaders to significantly reduce orphaned data liability and risk.

StorageMAP enables organizations to identify and manage orphaned data by providing visibility into unstructured data stored across the organization’s entire estate. By comparing the list of current employees with the data residing on the storage estate, StorageMAP can identify all data that has no clear owner thereby enabling the company to take immediate and appropriate action. This action can include, but is not limited to deleting, transferring ownership, or moving it to a more suitable environment.  

Bottom line, ignoring the risks of orphaned data is not an option. If you don’t take steps to manage your data effectively, your business’s safety, reputation, and financial stability may be at stake. Don’t wait until it’s too late – act now with StorageMAP.

Today Is World Backup Day

Posted in Commentary with tags , , on March 31, 2023 by itnerd

World Backup Day is today and it was started by a group of concerned internet users and tech enthusiasts in 2011. The initiative was led by Ismail Jadun, a digital strategy consultant from Ohio, and his friends. They were inspired to create World Backup Day after reflecting on the fact that many people were not backing up their data regularly, and as a result, were putting themselves and their organizations at risk. The first World Backup Day was observed on March 31, 2011, and since then, it has become an annual event that encourages people to take action to protect their digital estate.

Data loss can occur due to a number of reasons such as hardware failure, software corruption, malware attacks, natural disasters, and even human error. The amount of money that businesses lose due to data loss can vary depending on various factors such as the size of the business, the industry, and the type of data lost. However, studies suggest that the cost of data loss can be significant, with some estimates ranging from thousands to millions of dollars per incident. And one can imagine the devastating consequences if an organization like a hospital, emergency responders, or military agency lost access to critical data. 

Datadobi’s Carl D’Halluin, DH2i’s Don Boxley, and Folio Photonics’ Steve Santamaria had this to say about this important day and why it affects virtually every corner of the datacenter, across virtually every industry, around the world:

Carl D’Halluin, Chief Technology Officer (CTO), Datadobi:

“Failing to backup your data can have catastrophic consequences, as a single hardware failure, cyber-attack, or natural disaster can wipe out all your valuable information, leaving you with no way to recover it. This means that years of hard work can all be lost in an instant, with no chance of retrieval. Even the cost of losing just a portion of your important data can be immeasurable, with potential financial, legal, and reputational implications that can last for years. 

Identifying the vital data that requires protection should be the first step in the process. But even if you know and can ‘describe’ what data must be protected, finding it has always been another matter – and you cannot backup what you cannot find. To effectively address this enormous and complicated undertaking, users should look for a data management solution that is agnostic to specific vendors and can manage a variety of unstructured data types, such as file and object data, regardless of whether they are stored on-premises, remotely, or in the cloud. The solution should be capable of evaluating and interpreting various data characteristics such as data size, format, creation date, type, level of complexity, access frequency, and other specific factors that are relevant to your organization. Subsequently, the solution should allow the user to organize the data into a structure that is most suitable for the organization’s particular needs and empower the user to take action based on the analyzed data. In this case, backup the necessary data to the appropriate environment(s). And, if necessary, the solution should enable the user to identify data that should be organized into a ‘golden copy’ and move that to a confidential, often air-gapped environment.

To sum it up… Don’t let the nightmare of data loss become your reality – always backup your data.”

Don Boxley, CEO and Co-Founder, DH2i

“World Backup Day is an annual event that is intended to raise awareness of the importance of data backup and protection. It serves as a reminder for individuals and organizations to take proactive measures to safeguard critical data against unexpected incidents that can result in data loss, such as hardware or software failure, cyber-attacks, natural disasters, and human error. And, while the exact cost can vary depending on factors such as the size of the organization, the type and amount of data lost, the cause of the loss, and the duration of the downtime, according to various studies, it can cost organizations upwards of billions of dollars each year.

That’s why, for systems architects and IT executives alike, zero is the ultimate hero. And to achieve it, they are taking a multi-pronged approach to data protection. To achieve zero downtime, zero security holes, and zero wasted resources, they are also layering-on smart high availability (HA) clustering and software-defined perimeter (SDP) technology that enables them to securely connect and failover enterprise applications — from anywhere, to anywhere, anytime.

On World Backup day and all year long, it is critical to remember that businesses that invest in data protection are better equipped to navigate unexpected data loss events, maintain regulatory compliance, and protect their critical assets and reputation. Bottom-line, investing in data protection is not just smart, it’s essential for business success.”

Steven Santamaria, CEO, Folio Photonics

“The world’s most valuable resource is data, and it is of utmost importance to properly store, protect, and preserve this resource. The safekeeping of data is essential because it represents the foundation upon which many modern businesses are built, and its loss can have far-reaching consequences for organizations and individuals alike. As such, ensuring the safety and longevity of data should be a top priority for any entity that relies on this precious resource.

On World Backup Day, we are reminded of this, and the criticality of backup as one of the key safety nets against data loss, whether it’s due to technology failures, cyber-attacks, or human error. 

Today, I would offer that the most effective data protection strategy should also incorporate a data storage platform that can be securely archived in an off-site location, with the added benefit of being taken off-line and air-gapped for even greater security. This means that the storage platform is physically separated from the main network and disconnected from the internet, making it highly resistant to cyber-attacks and other forms of data breaches. In essence, a well-designed data protection strategy should prioritize both physical and digital security to safeguard critical data and ensure business continuity.”

Molly Presley, SVP of Marketing at Hammerspace:

“The coming year will be about automation to help identify and protect data assets.  Human-managed processes are challenging to scale as the number and variety of data-creating devices continually increase.​​ As a result, setting data protection services at a global level that automatically apply policies that meet corporate governance compliance requirements will be increasingly important. 

Automation will include identifying newly created data on any infrastructure in the global data environment, automating controls on data copy creation, and automating data services to ensure global protection on any infrastructure. “ 

 Darren Yablonski, Senior Director of Sales Engineering leading teams in Canada, U.S. and LATAM at Commvault:

“As the sophistication of cybercriminals has changed over the last few years, so too has data protection ­­— significantly. In the past, cybercriminals would typically gain access to an organization’s data and encrypt it so employees could no longer understand it, rendering it useless to the business. This is why ensuring you have a secure copy of your data is so important. With a spare dataset to restore, business can continue as usual. 

Lately, cybercriminals are increasingly moving from encrypting the data, to instead holding it for ransom and threatening to publish it. This has much broader consequences, including reputational damage as well as possible loss of competitive advantage as your customer and company data could be available to the entire industry. As a result, organizations should consider changing their approach to data protection. 

Gone are the days when it was enough to just backup your data. Organizations need to prevent cybercriminals from accessing systems to begin with by leveraging, for example, an early detection system. Cyber deception can give companies the upper hand and put them one step ahead of any potential attackers. Decoys are deployed to throw attackers off course and instead draw them to artificial assets instead of legitimate ones. The minute an attacker enters the decoy IT environment, the organization is notified so it can act immediately and isolate the asset. With response time significantly reduced, cybercriminals are far less likely to get into any real systems. 

Backups will always remain important, because unfortunately the worst can always happen — from a natural disaster that destroys your servers to a cyberattack. However, in the face of the sophisticated cybercriminal, it’s vital to have a proactive approach to data protection in tandem with traditional reactive methods.”

Two Research Reports Show That Phishing Emails Are Not Only Increasing, But They Are More Dangerous Too

Posted in Commentary with tags , on March 30, 2023 by itnerd

According to Cofense researchers, in their latest State of Email Security Report, the volume of phishing emails sent in 2022 is up 569%.

Using artificial and machine learning analysis, researchers analyzed global network data from 35 million users. The email security report revealed five specific trends:

  • Credential phishing emails: + 478%
  • Top malware gangs: Emotet and QakBot
  • Top cybercrime: BEC
  • Web3 use: +341%
  • Use of Telegram bots for exfiltration: +800%

In data compiled by Open Text Cybersecurity in their 2023 Global Threat Report, researchers revealed that phishing sites detected using HTTPS increased nearly 56%, highlighting that domain authorities are becoming less effective at preventing bad actors from obtaining and using legitimate certificates to enhance their phishing success rates.

Translation: None of this is good if you’re responsible for stopping the bad guys from getting in the door. I have two comments on this, the first is from Dave Ratner, CEO, HYAS:

“Either finding credentials on the dark web or stealing credentials via phishing continues to be one of the main entry points into the enterprise for malicious actors. While MFA and other techniques can help secure this entry point, any approach should be complimented with a Protective DNS solution — bad actors will continue to use social engineering and other approaches to obtain proper credentials, but a Protective DNS solution can and will uniquely identify the anomalous communication that bad actors generate once they get inside, as they beacon out to their command-and-control. This layer of visibility ensures that such breaches can be identified and shut down before they progress into major issues.”

The second is from Morten Gammelgaard, EMEA, co-founder, BullWall

    “The growth here is miniscule compared to what will happen in 2023. The rise of natural language AI, like ChatGPT, will EXPLODE the efficacy of phishing overnight. Threat Actors have just two ways to Phish. Firstly, they can write a form email meant for generic people. This is less effective but it’s a numbers game. You may send out 100,000 thousand of these but you only need one to click. Or you can Spear Phish, that is where you research the email recipient, view their boss on LinkedIn, their vendors they interact with, and write a custom email to trick that single user. Maybe 1 out of 100 of those will be successful. 

   “With AI you get the best of both worlds. Mass email campaigns that are highly targeted at a scale that can produce 100,000 custom attacks instantly. This will explode cybercrime, and there is an arms race between the largest companies on the planet, Google, Apple, Microsoft and others throwing billions of dollars to rush their AI apps out, often putting aside safety and use cases in exchange for being first. They have everything at stake if they lose their footholds. But the Russians and Chinese also are secretly funding billions of dollars into AI, but for Cyber Espionage, Ransom and Attacks. You can’t stop it. You must focus on building your defensive stack, including rapid containment tools on your Endpoints, like Endpoint Detection and Response, and on your Critical Infrastructure and File Shares with tools like Ransomware Containment and Critical Infrastructure monitoring.”

What’s clear from these threat reports is that that these phishing attacks are becoming more sophisticated. Which will make them more dangerous and costly if a multi-faceted approach to defending against them isn’t taken. And the time to act on that front is now.

BREAKING: Elon Musk Tried To Meet With FTC Chair And Got Flipped Off

Posted in Commentary with tags on March 30, 2023 by itnerd

The New York Times is reporting that Elon Musk tried to meet with the chair of the FTC Lina Kahn, but he didn’t get that meeting. Here’s the TL:DR:

After Mr. Musk requested to meet with Ms. Khan, she consulted with the enforcement division inside the F.T.C.’s consumer protection bureau, which has been leading the Twitter investigation, according to the email among agency staff members describing the situation. Acting on the enforcement team’s advice, Ms. Khan declined to meet with Mr. Musk at that time.

In Ms. Khan’s Jan. 27 letter to Twitter, she noted that the company was under investigation and had dragged its heels in providing documents to the F.T.C., delaying depositions with witnesses including Mr. Musk. She said she was “troubled by Twitter’s delays and the obstacles that these delays are creating for the F.T.C.’s investigation.”

“I recommend that Twitter appropriately prioritize its legal obligations to provide the requested information,” she wrote. “Once Twitter has fully complied with all F.T.C. requests, I will be happy to consider scheduling a meeting with Mr. Musk.”

What does this tell you. Elon must really think that the FTC is about to lower the boom on him in a serious way, and he wants to head this off before it becomes costly. Be that in fines, forcing him to change how he does business, or most likely both. For all of his bravado, he’s at least smart enough to figure out that getting three letter agencies in the US mad at him is not a smart move. The thing is, I have to believe that he’s way too late on that front and he’s on the cusp of having yet another problem to deal with on top of the many, many other problems he has at the moment.

34% Of Shoppers Rank Data Security As A High Priority: BR-DGE

Posted in Commentary with tags on March 30, 2023 by itnerd

New research from BR-DGE reveals consumers’ concern over payment security, with 34% of shoppers ranking data security and payment encryption as being the most important element in an online shopping experience. A further 83% of the 1,200 UK consumers surveyed stated their concern regarding where their card details are processed and stored during transactions.

Rui Ribeiro, CEO and Cofounder, Jscrambler:

     “The new BR-DGE research shows that consumers recognize the growing need for effective payment security. With every purchase transaction, they offer up their money, their data and their trust. It’s imperative for e-commerce companies to better protect them by securing their payment pages. On average, 70% of the scripts that power components like payment forms come from third-parties. The majority of websites have more than 10 different vendor scripts accessing their payment pages. 

E-commerce companies need to focus on gaining visibility and control over these scripts to prevent data compromise – and protect their revenue, reputation, and ability to comply with regulations. The risk of third-party scripts must be not only understood but minimized in order to protect customers and keep up with the rapidly increasing pace and expectations of the online payment landscape.”

I for one am glad that consumers have awareness about payment security. Hopefully this translates into retailers doing everything they can to ensure that consumers can shop safely online.