Third-party Code: Where Data Breaches, Election Meddling, Ad Fraud Converge

RSA 2020 - Third-party Code Risks

This presentation was delivered at RSA Conference, February 2020

View presentation

What do data breaches, election meddling and ad fraud have in common? Third-party code (3PC), which is used or compromised to serve the interests of cyber criminal and nation-state adversaries. In this session, Mark Grantz, Special Agent at U.S. Secret Service, and Chris Olson, CEO at The Media Trust, examine a recent collaboration to show how bad actors use phishing redirects, payload drops, crypto-mining, keylogging, and bloatware to infiltrate social media, apps, and social media and news sites.

This case study underscores the urgent need to hold to account 3PC suppliers, who know ours and our children’s behaviors, preferences, and other sensitive information. This is important as about 80% of code that runs on today’s websites and mobile apps are supplied by third parties who lie outside of the business’ IT perimeter. To clean up the digital ecosystem and ensure it doesn’t violate our privacy rights, we must know the root cause of the problem and help policy to catch up with continually advancing technology. By understanding the dangers 3PC poses, we can collectively stop being deceived and defrauded by what it could deliver.

How do you defend your digital footprint from attack? Ask The Media Trust for advice: Digital Vendor Risk Management