Silvano Rebai - Fotolia
Due to the volume of commerce on the internet that has evolved into a complex system that depends on advertising to support systems, numerous privacy challenges have arisen, as well as malicious ads.
With endpoint software and security tools attempting to address malvertising, such as with pop-up and ad blockers, the chance a user will be impacted by malvertising has been reduced, but it cannot be eliminated. In order to positively influence privacy on the internet, Firefox is changing its approach to force many websites and third-party advertisers to change how they operate, which may also help address malvertising.
The privacy aspects of cross-site tracking -- the collection of web browser data across multiple sites using scripts, widgets or images and then using that data to create a profile about a person -- are particularly troublesome. However, there are security aspects from websites that include third-party website content. Some enterprises may review all third-party content before it is included on their websites, and rigorous security assessments on any third party can be performed, though this requires significant effort and might not be done for all content.
Mozilla's announcement that cross-site tracking will be blocked by default in Firefox 63 should reduce the risk that third-party content could be compromised and used to publish malvertising. Another benefit is that this change may reduce the complexity of websites and make it easier to investigate incidents, as an investigation would only include a specific enterprise's website.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading