Maggie Louie remembers the moment her career changed forever. Working with the L.A. Times on digital and mobile products, Maggie, now the founder and CEO of Otto, remembers a friend asking her to look into an issue they were having with their website.
“[they asked] me to look at their ad tags and figure out why their traffic was going through the roof, but they weren’t making any more money. They couldn’t figure it out. I had suspected that their ad techs were either misconfigured or there’s something easy there, and after 24 hours looking through their code. I discovered that they indeed were being stolen internally. The head developer was hijacking all of the ad tags and just doing all sorts of crazy stuff.”
The lines of code hidden in the JavaScript were driving traffic and stealing money, and it was that revelation that opened Maggie’s eyes to underground ad fraud and bot traffic, and this ad fraud wreaked havoc. On this episode of IT Visionaries, Maggie details how that moment led her to launch Otto and she discusses the company’s efforts to democratize access to internet security for all, its Chrome extension to protect consumers when online shopping, and the variety of enterprise solutions for businesses her team has developed.
Main Takeaways
- New Frontier: Hackers are always looking for new industries with vulnerabilities to disrupt. Ad tech is one of the fastest-growing industries underserved by cybersecurity solutions. This is due to the complex nature of ad tech, which makes it difficult for cyber security experts to easily shift solutions into.
- Safety is a Fallacy: Popular ecommerce platforms want you to believe that just because you use their service and tools that your company is safe from bad actors. The truth is that just because you use popular no-code or low-code operating systems, bad actors still target vulnerable people who don’t secure their code.
- Always Be Testing: Just because your platform is safe today, doesn’t mean that it is safe tomorrow. The more your platform is customizable the more vulnerable your JavaScript becomes to outside bad actors. A general rule of thumb when it comes to security is to constantly be testing and looking over your code.
For a more in-depth look at this episode, check out the article below.
Article
Maggie Louie remembers the moment her career changed forever. Working with the L.A. Times on digital and mobile products, Maggie, now the founder and CEO of Otto, remembers a friend asking her to look into an issue they were having with their website.
“[they asked] me to look at their ad tags and figure out why their traffic was going through the roof, but they weren’t making any more money. They couldn’t figure it out. I had suspected that their ad techs were either misconfigured or there’s something easy there, and after 24 hours looking through their code. I discovered that they indeed were being stolen internally. The head developer was hijacking all of the ad tags and just doing all sorts of crazy stuff.”
The lines of code hidden in the JavaScript were driving traffic and stealing money, and it was that revelation that opened Maggie’s eyes to underground ad fraud and bot traffic that often wreak havoc on ecommerce sites. On this episode of IT Visionaries, Maggie details how that moment led her to launch Otto and she discusses the company’s efforts to democratize access to internet security for all, its Chrome extension to protect consumers when online shopping, and the variety of enterprise solutions for businesses her team has developed.
Today, Otto operatates by profiling data from third-party code on front-end web applications while monitoring how it behaves.
“Every consumer-facing website has some dependency on JavaScript or third-party JavaScript,” Louie said. “Whether it’s a partner or a vendor like analytics or a shopping cart, open-source libraries and these kinds of attacks were what we were seeing in the ad ecosystem.”
That open-source ecosystem, which Otto participates in by allowing free extensions to all users, is what concerns Louie the most. As companies migrate to ecommerce platforms such as Salesforce and Shopify, Louie said one of the biggest concerns is those users believing that their sites are secure because they operate with these platforms.
“One of the fallacies and biggest risks for ecommerce folks starting their new company is this idea that because they’re starting with a safe foundation, like one of these really premier ecommerce platforms or no-code platforms, that they’re protected against everything,” she said. “It is a little like thinking that because you bought a Volvo, that’s got a lot of safety features that you don’t have to keep your eyes on the road.”
In fact, while those platforms offer tools, you still need to be monitoring your code every step of the way and can’t rely on your vendors.
“With great customization comes great responsibility,” Louie said. “Every time you have a bit of JavaScript, you have to check out the script, and [bad actors] are going to try to look for what networks it’s calling, see what it’s floating, what it’s doing, and then pass it. It’s just like in the ad ecosystem where your money is made off of how many ads and new ads you can serve every millisecond, you’ve got a similar situation in ecommerce, the delivery of real time analytics, and buying intent.”
With more companies becoming digitally-native and born in the cloud, Louie pointed out that more and more of these companies that operate solely on digital platforms are going to become more vulnerable and will need to lean heavily into their security.
“In this dynamic world we live in, where everyone’s moving cloud and everyone’s using microservices, affiliate code, you really have to have continuous testing, monitoring and protection from these dynamic risks that are ever present,” Louie said.
To hear more about how Otto is democratizing security for all and how ecommerce platforms can do a better job of protecting themselves, check out the full episode of IT Visionaries!
—
To hear the entire discussion, tune into IT Visionaries here.