main

HacksSecurity

Cybersecurity as a Selling Point: Retailers Take Note

December 13, 2018 — by Jeff Curley0

UK-Retailers-960x640.jpg

UK-based retailers were no strangers to data breaches in 2018. In June, Dixons Carphone announced a breach of 5.9 million customer bank card details and 1.2 million personal data records, and the following month, Fortnum & Mason likewise warned customers that their data had been exposed. In fact, since GDPR took effect in May, more than 8,000 data breach reports have been filed in the UK. Each of these breaches involved a notification to the affected users which, combined with accompanying news coverage, is creating a cultural shift in cybersecurity awareness and redefining people’s online shopping habits.

The fact is, very few businesses have the luxury of occupying a unique position in the market without direct competition, and security can—and does—play a role in influencing consumer brand loyalty. Case in point: Following its 2015 hack, TalkTalk lost 100,000 customers.

Considering these dynamics, it is vital that consumer-facing companies view security and privacy not just as the thing that saves them from harm, but as a competitive advantage to be leveraged to drive trade at the loss of those that do not.

Security Standards Are Shifting

Currently, it is a mixed picture as to which organisations advertise their security acumen to their competitive advantage. Of the top five retailers in the UK, three have primary navigation links—named “Privacy Centre” or something similar—on their homepages directing users to their security standards.  If I had to guess, I’d say all five top retailers will have a primary link to such a resource by the end of next year.

[You may also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Online banking institutions appear to be the most acutely aware of security’s influence on customer decision making. This is a perhaps unsurprising, given that their security postures are scored by third party organisations such as Which?, across categories such as two-factor authentication login, encryption, safe navigation and logout.

Since the advent of GDPR—which sets out clear guidelines for companies with regard to how they should store data in their systems, how they should identify and report breaches, and more—we are seeing security positioned as a primary consideration in the build of new online services, so-called ‘data protection by design.’  We could not have conceived of this a new phenomenon prior to GDPR, and it will surely result in a fundamentally different online experience for consumers in the coming years.

The Role of AI in Managing Privacy

Security regulations aren’t the only new influence on managing consumer privacy. New technologies, like AI and IoT devices, are likewise impacting online retail experiences. While the top ten UK retailers don’t currently utilize chatbots or similar AI technology on their websites, chatbots are increasing in popularity among organisations that have complex or diverse product ranges (like H&M’s Virtual Assistant for clothing selection guidance).

[You may also like: Consolidation in Consumer Products: Could it Solve the IoT Security Issues?]

As cutting-edge and “cool” as these are, the reality is that any form of online communications can become a vector for cybersecurity attacks. And the newer a technology is, the more likely it will become a focal point for hackers, since gaps tend to exist in technologies that have yet to establish a solid framework of controls. Just ask Delta Airlines and Sears, which suffered targeted attacks on their third-party chat support provider, exposing customer data and payment information.

One of the primary privacy exposures facing these types of online services is the frequency of change in web applications. Decisions on how and when to secure an application can be lost during interactions between developers and security professionals, particularly when code changes can be upwards of thousands per day. How do you reduce this risk? One way is via the application of machine learning to understand and patrol the “good” behavior of web application use, as opposed to chasing the ever-lengthening tail of “bad” behaviors and deploying access control lists.

The Way Forward

By pushing privacy to the forefront of customer experiences, online retailers can differentiate themselves from competitors. A recent Radware survey discovered just how security conscious UK consumers are: They are liable to abandon brand loyalty in exchange for a secure online shopping experience. Organisations would do well to invest in strong cybersecurity if they want to increase trust and attract new customers at key trading periods. Otherwise, retailers stand to lose their competitive advantage by encouraging customers to exercise their true power, their power to go elsewhere.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Application SecuritySecurity

Millennials and Cybersecurity: Understanding the Value of Personal Data

September 19, 2018 — by Jeff Curley2

GettyImages-546802904-960x640.jpg

From British Airways to Uber, recent data breaches have shown how valuable our data is to cybercriminals – and the lengths to which they will go to access it.

The size and impact of these breaches has meant that topics once reserved for tech experts and IT personnel have transitioned into a more mainstream conversation. Revelations about how important our data can be, such as the Cambridge Analytica scandal, have amplified these sentiments and changed the way in which many use digital services altogether.

The result is that consumers, especially millennials, are very concerned about how the organizations they are trusting with their data safeguard their information – and how they will make amends if a breach does occur.

In fact, our latest survey found that almost half of UK millennials now refuse to give up their personal data to businesses as they don’t trust them to keep that data safe.

Who Do You Trust?

Millennials are also likely to look outside the box when it comes to checking for data breaches. In our survey, almost 15% said they searched the dark web to find their data, while 13% used data breach search websites.

But while the majority are security conscious when it comes to how businesses use their personal data, many are in fact taking risks when it comes to other forms of data security, like sharing Netflix or Amazon Prime login details with friends and family.

When we consider that it has been suggested up to 80% of the population use the same password for all of their online accounts, login sharers may be inadvertently be sharing their online banking password at the same time as sharing their entertainment account login. It’s clear to see how a problem could develop.

[You might also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Taking Password Hygiene Seriously

There’s currently a battle going on between security and usability, with businesses and consumers both trying to find a sweet spot between a comfortable service and providing the necessary security.

For consumers, especially millennials, there are some rules of thumb that can help in this battle.

The most important rule is also the most obvious – protect your passwords! Unsecured login credentials are today’s number one tool for cybercriminals to access user information. Usernames and passwords are for sale on the dark web by the millions and, as mentioned before, hackers know people are often using the same password on different sites so they are likely to try using these credentials on other, more valuable, sites.

We all struggle to remember some of the complicated passwords we have to create in order to gain access to some websites. That’s why the temptation to replicate credentials across sites is strong. After all, humans are not meant to remember passwords, and good passwords should be hard to memorize!

One approach to deal with the issue is to use passphrases which are easier to remember. However, this approach can still lead to the temptation to use the same passphrase everywhere and often websites prompt the user to create passwords with variations in letter case, characters, and numbers that are themselves difficult to remember.

A better approach is to let your computer do the hard work and use a password manager. Using a unique random password for each site is the best way to protect yourself from data theft online as if data leaks from one site it will have no effect on the rest of the sites you visit.  Personally, since two consecutive breaches that affected me in a space of just two weeks (each coming with a sensible advisory to reset my passwords everywhere) I have taken to using Apple iCloud Keychain to take away the pain of having to generate unique passwords everywhere.

Additionally, use two-factor authentication where available. This will ensure that even if a hacker has your password, it will be very hard to break into the site. Specifically, use two-factor authentication when you log in to your password manager.

Although using a password manager might be considered a risk by itself – you’re putting all of your passwords in one place, after all – security experts believe that the risk is still lower than any other password system. Modern password managers do a great job at keeping your passwords secret. But in order to lower the risk further, never log in to your password manager on an unknown device.

2018 Mobile Carrier Ebook

Read “The Millennial View on Data Security” today.

Download Now

Security

Deal, No Deal: The State of U.K. Cybersecurity Post-Brexit

June 14, 2018 — by Jeff Curley0

brexit-state-of-cybersecurity-960x677.jpg

A topic inescapably in the minds of us Brits is what type of relationship will the U.K. maintain with the EU post our departure, which in one transitional form or another is slated to commence 29 March 2019.

The next few months are considered to be a pivotal period for defining what this relationship will look like and of as of right now there are many unknowns, including implications for the U.K.’s cyber assurance capability.

There are broadly three domains across cybersecurity that could be impacted by the character of the agreements struck: Skills access, legal matters and threat intel sharing.

It is sensible for security leaders in U.K. -headquartered businesses to start thinking about the potential impacts and considering plans to mitigate.  The below is not an exhaustive exploration, just some initial food for thought.

DDoSSecurity

Cloud vs DDoS, the Seven Layers of Complexity

March 7, 2018 — by Jeff Curley0

cloud-vs-ddos-960x656.jpg

A question that I’ve encountered many times in the field of late is what are the impacts of DDoS attacks on cloud compute environments?  The primary benefit of cloud is that it elastically scales to meet variable demand, scale up instantly, scale down when demand subsides – in seconds…  So layman’s logic might say that cloud-based services are immune from the downtime effects of DDoS attackers, however the possibility of gigantic unexpected bills is a given?