New Ghostery Study Links Widespread Security Gaps to Cloud-Based Digital Marketing Technology

Ghostery Marketing Cloud Management Platform Debuts New Security Module to Reduce Security Risks and Improve the User Experience


NEW YORK, NY--(Marketwired - September 23, 2014) - Ghostery today announced a new industry study that identifies the hidden security risks associated with the rapid growth of digital marketing technology. To help companies control these online security risks and maximize the return on their marketing investments, Ghostery also announced a new security module for its Marketing Cloud Management (MCM) solution.

According to the findings from Ghostery's industry study "Digital Security Is Serious Business," released today, most popular websites across key industry sectors including retail, banking, insurance, publishing and air travel have non-secure marketing technology on secure areas of their websites.1

The complexity of each company's "Marketing Cloud" -- the collection of digital technologies that power, measure, socialize and optimize digital marketing -- creates meaningful blind spots that compromise the user experience and reduce company revenues. This study illustrates the magnitude of the security-related issues from these blind spots: Presence of warning messages (also known as "mixed content warnings") that shake consumer confidence in the brand,2 increased exposure to Man-In-The-Middle web browser attacks,3 and a negative impact on Google search engine rankings.

The "Digital Security Is Serious Business" study is based on real-user data from the 20 million member GhostRank community's interactions across 50 leading websites.

"Ensuring that businesses have better web site transparency improves the online user experience and increases overall Internet security," said Devdatta Akhawe, PhD, a reviewer of the report and and co-author of "Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness." "Without effective security measures in place, websites stand to lose up to 65 percent of their visitors due to a negative user experience."

"Digital Security Is Serious Business" Study Findings:

  • 96 percent of websites studied have Marketing Cloud-related security blind spots. Finance, retail and airline travel sites are the most vulnerable due to non-secure code on secure pages.
  • Retail websites had the highest volume of security vulnerabilities with 438 different non-secure digital marketing technologies found across the 10 leading retail websites studied. One retail site had more than 300 non-secure technologies deployed on secure webpages.
  • Despite heavy security investments, financial services and insurance companies are widely exposed to business risks from non-secure marketing cloud technology. 100 percent of insurance company websites and 90 percent of online banking websites studied had instances of non-secure marketing cloud technologies deployed on secure pages.

Today's news comes on the heels of Google's recent announcement that secure web pages will gain higher search rankings, thus elevating impact that online security has on the website visits and company revenue. 4

Ghostery Enterprise Announces New Security Solution:
To empower companies to take control of this serious situation, Ghostery today announced the launch of its new Ghostery MCM Security module, a first for the industry. This new solution utilizes 20 million real-users from the GhostRank community to pinpoint in real time when non-secure marketing technology compromises the integrity of secure pages. Ghostery MCM Security triggers alerts to identify security gaps before they have a significant impact on company revenues due to harming the website user experience and depressed Google search rankings.

Ghostery's MCM Security module is part of its Marketing Cloud Management (MCM) platform and will be generally available on October 17th, 2014. The new security module builds on the other Ghostery MCM -- Performance/Latency Control, Data Governance and Privacy. Leading companies rely upon Ghostery MCM to eliminate their digital blind spots and drive ROI from their online marketing investments. 

"Ghostery's security study reveals what many Chief Information Officers (CIOs) and Information Security professionals have known, but have not been able to quantify -- that security gaps do more than just expose users to the risk of being hacked," said Ghostery CEO Scott Meyer. "These gaps directly impact the user experience and company revenues. Our study shows that with the rapid growth of Marketing Cloud technology and the issues with non-secure technology are much more widespread than previously thought. No single vendor is the culprit of this security issue. Rather, companies must take control of their marketing cloud and ensure their technology investments are working for them."

By examining the hidden risks of security gaps in each site's Marketing Cloud, Ghostery can pinpoint risks, reduce vulnerabilities and drive meaningful revenue increases. As CIOs and Chief Marketing Officers (CMOs) work together to capitalize on the promise of digital marketing, gaining more control over security is essential to maximize the benefit of marketing cloud investments.

For more information about Ghostery's Marketing Cloud Management, please visit http://www.ghosteryenterprise.com. To download Ghostery Enterprise's full "Digital Security Is Serious Business" report, please click here.

About Ghostery
Ghostery empowers consumers and businesses expose and eliminate digital blindspots in the Marketing Cloud -- the collection of digital technologies that power, measure, socialize, and optimize websites and apps. Over 40 million people globally rely on the free Ghostery browser extension to see and control the technologies that follow them online. Businesses rely on Ghostery Marketing Cloud Management to drive ROI by maximizing the security, performance, and profitability of their digital assets. Key clients like Equifax, Intercontinental Hotels Group and Procter & Gamble depend on Ghostery to take their digital business from chaos to control. Ghostery also is the dominant provider of privacy governance services globally, powering compliance for more than $2 billion of advertising and e-commerce transactions annually. Founded in 2009, Ghostery is headquartered in New York City with a technology office in Salt Lake City and sales offices in London and San Francisco. The company is backed by Warburg Pincus, LLC, the global private equity fund. Learn more at GhosteryEnterprise.com and @ghosteryinc

1 Source: Wikipedia: http://en.wikipedia.org/wiki/HTTP_Secure. "In its popular deployment on the internet, "secure" pages indicates use of "HTTPS". This provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.[4] In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party."

2 Definition of Mixed Content and associated risks: 
http://www.troyhunt.com/2013/06/understanding-risk-of-mixed-content.html;
https://community.qualys.com/blogs/securitylabs/2014/03/19/https-mixed-content-still-the-easiest-way-to-break-ssl

3 Source: http://www.veracode.com/security/man-middle-attack: A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.

4 http://www.zdnet.com/google-confirms-its-giving-https-sites-higher-search-rankings-7000032428/

Contact Information:

Communications Contacts:

US:
Rebecca Mettler
Ghostery
914-215-0113
rmettler@ghostery.com

UK/EU
Victoria Usher
Gingermay Marketing
+44 7971 129104
victoria@gingermaymarketing.com