Pedro Fortuna, CTO and Co-Founder, Jscrambler has shared with me his predictions for 2024. He’s got three of them to share:
JavaScript Targeted Attacks Accelerates
“In 2024, we predict organizations will encounter persistent challenges concerning their JavaScript and its associated cybersecurity vulnerabilities. Driven by Large Language Models (LLMs), attacks will become more advanced and written with higher levels of speed and sophistication, enabling accelerated learning and control circumvention. Companies will have to evolve their security strategies and implement measures, such as JavaScript code protection, that prevent LLM-powered threats from leveraging early automated learning steps.”
3rd-Party Tag Leakage Fueled by LLM
“Additionally, we anticipate an exponential increase in the leakage and misuse of consumer data collected by 3rd-party tags. Marketing, analytics and payment tag vendors pressured to compete in the market will utilize LLM to improve customer experiences and differentiate services. This will require an increased amount of consumer PII data to be collected which will often go uncontrolled and unmonitored. This collection and processing of more consumer data will have direct and negative consequences on consumer privacy. Therefore, it is imperative for web owners to proactively prepare themselves for this shift and safeguard consumer data through the implementation of 3rd-party script and tag controls. Without proper controls on the collection of consumer data by LLM, it may be too late to prevent the data from being used to train the LLM models, resulting in irreversible consequences. Once done, there’s a risk of potential data leaks by the LLM, as the security of LLMs is still in its infancy.”
PCI v4.0 Moves to Action
“With the increase in JavaScript abuses and e-skimming attacks, we saw the evolution of standards including PCI v4.0 to improve payment page security. While 2023 was the year of preparation for the new PCI v4.0 requirements, 2024 will transition from education to action, as it brings us closer to PCI v4.0 taking mandatory effect in 2025. Companies will quickly move from standards research to vendor research, selection and implementation to effectively prepare for the new 6.4.3 and 11.6.1 payment page security requirements. The best-prepared companies will assess current 3rd-party tag usage and business authorization processes before implementing new technology.”
Related
This entry was posted on December 19, 2023 at 8:43 am and is filed under Commentary with tags Jscrambler. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Jscrambler Serves Up Their Predictions For 2024
Pedro Fortuna, CTO and Co-Founder, Jscrambler has shared with me his predictions for 2024. He’s got three of them to share:
JavaScript Targeted Attacks Accelerates
“In 2024, we predict organizations will encounter persistent challenges concerning their JavaScript and its associated cybersecurity vulnerabilities. Driven by Large Language Models (LLMs), attacks will become more advanced and written with higher levels of speed and sophistication, enabling accelerated learning and control circumvention. Companies will have to evolve their security strategies and implement measures, such as JavaScript code protection, that prevent LLM-powered threats from leveraging early automated learning steps.”
3rd-Party Tag Leakage Fueled by LLM
“Additionally, we anticipate an exponential increase in the leakage and misuse of consumer data collected by 3rd-party tags. Marketing, analytics and payment tag vendors pressured to compete in the market will utilize LLM to improve customer experiences and differentiate services. This will require an increased amount of consumer PII data to be collected which will often go uncontrolled and unmonitored. This collection and processing of more consumer data will have direct and negative consequences on consumer privacy. Therefore, it is imperative for web owners to proactively prepare themselves for this shift and safeguard consumer data through the implementation of 3rd-party script and tag controls. Without proper controls on the collection of consumer data by LLM, it may be too late to prevent the data from being used to train the LLM models, resulting in irreversible consequences. Once done, there’s a risk of potential data leaks by the LLM, as the security of LLMs is still in its infancy.”
PCI v4.0 Moves to Action
“With the increase in JavaScript abuses and e-skimming attacks, we saw the evolution of standards including PCI v4.0 to improve payment page security. While 2023 was the year of preparation for the new PCI v4.0 requirements, 2024 will transition from education to action, as it brings us closer to PCI v4.0 taking mandatory effect in 2025. Companies will quickly move from standards research to vendor research, selection and implementation to effectively prepare for the new 6.4.3 and 11.6.1 payment page security requirements. The best-prepared companies will assess current 3rd-party tag usage and business authorization processes before implementing new technology.”
Share this:
Like this:
Related
This entry was posted on December 19, 2023 at 8:43 am and is filed under Commentary with tags Jscrambler. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.