main

Security

FaceApp and the Friction Between Entertainment and Data Privacy

July 30, 2019 — by Mike O'Malley0

faceapp-960x540.jpg

Let’s face it, everyone wants your data.  Marketers want it so they can sell you stuff.  Foreign governments want it so they can monitor or target you. Criminals want it so they can steal for profit. Indeed, the brokering of personal data is a multi-billion-dollar industry

And thanks to the proliferation of social media platforms, bad actors don’t have to work too terribly hard; people will willingly give up personal information in exchange for entertainment.

Case in point: Quizzes were all the rage on Facebook for years. Which superhero do you most resemble? What does your favorite color say about your personality? Who is your perfect mate?, and so on.  Meanwhile, you won’t get your results without granting the quiz tool access to your friends, photos, timeline, email address and any other personal information housed in your Facebook profile.

Make no mistake, that’s a lot of information to share with a quiz tool created by a company most people are blissfully ignorant about.

Data Collection Galore

Turns out that many of the platforms that hosted these tools were founded by or acting on behalf of data collection companies that are paid to aggregate as much information about consumers as possible, from as many sources as possible, and sell it to third parties. They analyze your likes, comments, and online activity and begin to profile your preferences based on your online behavior.

You may be asking, “Who are these third parties?” Well, they vary from enterprises looking to sell you their goods, foreign and domestic governments, political parties, and more.  Remember the Cambridge Analytica scandal? While doing work for the Donald Trump Campaign, Cambridge Analytica improperly obtained access to more than 50 million user profiles on Facebook. The scandal raised public debate about the integrity and ethics of using back-door methods to unknowingly target voters in the United States.

[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]

However, data collection companies are not the only organizations that use quizzes and entertainment- focused tools to quietly gather personal information. Hackers do it too.  Facebook recently filed a lawsuit against two Ukrainian developers, Andrey Gorbachov and Gleb Sluchevsky, for allegedly creating quizzes that asked consumers questions like, “Do you have royal blood,” or “What does your eye color say about you?” in exchange for access to users’ private account data, including friends, photos, name, age, location, birthday, and more. 

After facing tremendous public pressure regarding its policies and mishandling of consumer data, Facebook increased its policing of these activities.  It even banned personality quizzes following the Cambridge Analytica scandal.  And most recently, the FTC is forcing CEO Mark Zuckerberg to personally sign off on privacy policy compliance each quarter, making him potentially liable for civil and criminal penalties if there are any future violations.

Consumer Trust — Unwarranted?

But it’s not just Facebook that has compromised user data. Any number of mobile apps may also be doing the same thing. Why? Because bad actors are like water; they seek the path of least resistance. And in this case, that path is leveraging seemingly innocent entertainment apps that live in trusted Apple and Android app stores.

Now, instead of giving away their Facebook profile data, consumers could be granting apps access to all the data they keep in their phone, including their digital wallet, contacts, photos, browsing history, and a wealth of Personally Identifiable Information (PII) — all in exchange for a glance at how they might look in 40 years.

[You may also like: How Hackable Is Your Dating App?]

That’s where FaceApp comes in.  If you’ve logged into social media recently, you’ve likely seen many of your friends sharing pics via FaceApp, a facial recognition software (based on the same technology used by law enforcement) that encourages users to upload a photo and see what they might look like in 40 years. 

Sounds fun, right? Well, on the surface perhaps. But FaceApp’s privacy policies and Terms of Service are extremely vague, giving the app and the company that created it rights to collect your photos and use as they see fit. 

As the app grew in popularity, privacy advocates began warning people that a Russian-owned company was collecting their data. Reminiscent of Cambridge Analytica, this news sent shockwaves through the American political system, leading U.S. Senate Minority Leader Chuck Schumer to request an FBI investigation into the app.  The senator expressed his concern via twitter that personal data from U.S. citizens would be shared with “a hostile foreign power.”  (Unsurprisingly, the FaceApp CEO denied sharing data with the Russian government or storing it on Russian servers).

[You may also like: Are Your Applications Secure?]

Which is all to say…how much of consumers’ trust in apps is warranted? Geoffrey Fowler at the Washington Post tested his iPhone to see exactly how much data from apps was passed on to third parties about him and the results were frightening. His experiment found 54,000 hidden data tracking apps within one week! 

So, what does this mean for our privacy?  When people unknowingly sign away the right to their data for all time in exchange for a few minutes of entertainment, is the fight for consumer privacy rights already being lost?

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Protecting Enterprises From State-Sponsored Hackers

July 11, 2019 — by Mike O'Malley0

securitylock-960x556.jpg

There seems to be a continuous drip, drip, drip of cyber breaches on a daily basis. For example, last month 12 million patients may have had information exposed in a data breach from Quest Diagnostics, the world’s largest blood-testing company.

The only thing we know for sure is that tomorrow some other enterprise will be next. However, what’s new is the rising threat of state-sponsored cyber attacks on enterprises. Per the White House, cyber attacks cost the US economy between $50 million and $100 million in 2016 — the last year quantified. It’s likely significantly more today.

States Are Leading Players in the Cyber Game

Enterprises need to understand that 22 countries around the world are currently suspected of state-sponsored programs for governmental cyber attacks. And lest you believe that these are all focused on stealing nuclear codes, half of all targets for these attacks are private enterprises, NOT governmental agencies.

World governments are actively investing in building and operating cyber espionage teams to both protect their national interests as well as collect IP for their domestic industries. With this information, they are acquiring expertise, malicious botnets and cyber attack tools to further advance their craft.

[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]

Enterprises in developed nations around the world need to understand the high stakes and the need for increased protection. If a company competes based on its Intellectual property in a global marketplace, then it may be a mark for government cyber attacks.

Some nations are more direct about the domestic industries they are interested in building and are tipping their hands as to what intellectual property they are interested in acquiring from specific industries. China for example, has a position paper, “Made in China 2025“, which lays out specific industries in which it has a strategic interest in building domestic expertise.

The plan lays out a very aggressive goal of producing 70% of the content in the following industries with Chinese enterprises: IT, robotics, green energy and EVs, aerospace, ocean engineering, railroads, power, materials, medicine and med tech and agriculture engineering. These plans require domestic industries in developing countries to acquire massive amounts of new intellectual property in order to meet this 70% local content threshold.

Enterprises Don’t Have the Expertise to Fight Government Agents

In this environment, where 20-plus countries are aggressively building cyber attack organizations and pouring millions of dollars into ever more sophisticated attack technology, who is the best, most expert person to protect these businesses?

[You may also like: Here’s How You Can Better Mitigate a Cyberattack]

Before we answer that, let’s understand the current cyber employment context. Per an international security non-profit (ISC2), there were three million unfilled cybersecurity jobs globally in 2018. There continues to be a global STEM shortage. Job boards are bursting with open positions for IT security specialists.

Given the cybersecurity work shortage, it is neither advisable or practical for every Fortune 1000 business to try to match the security defense capabilities of nationally funded cyber attackers. Enterprises cannot spend enough money individually to have the state of the art automated defenses or hire enough security engineers to fight cyber attacks in real time.

We cannot and should not expect the Fortune 1000 to replicate the people and investment of nationally funded cyber groups to protect their most important intellectual property.

[You may also like: How Cyberattacks Directly Impact Your Brand]

In fact, we are seeing tremendous new innovations like the UK government initiative, Cyber Skills Immediate Impact Fund that promotes neurodiversity to help close the security skills gap. This is a tremendous new initiative that taps into groups like people on the autism spectrum for their puzzle-solving prowess to improve cybersecurity through their different and valuable coding abilities. However, initiatives like this alone will take years to provide the additional security engineering talent needed today.

Service and Cloud Providers Could Be the Expert Defenders

Cloud and service providers are another story. Many of them already have Security Operations Centers (SOC)s manned 24×7 to protect themselves and their customers. Many have real-time defenses and have implemented SDN control planes with automated policy. These systems identify an attack in one part of the network and mitigate the attack, while simultaneously updating all other endpoints with the attack characteristics. They are already staffed with top security engineering talent.

[You may also like: Don’t Be A “Dumb” Carrier]

Managed security solutions for virtually all enterprises need to ultimately be the answer. Cloud and service provider SOCs are the only private organization capable of protecting businesses and their most valuable intellectual property. Enterprises can never invest enough individually to have the latest tools and talent to fight the most complex real-time cyber attacks. However, the cloud and service providers have the scale to invest at the necessary level to protect from the most nefarious state-sponsored actor.

We need to fight fire with fire and recognize the Heads of Tier 1 SOCs are the ones who should be protecting the intellectual property of enterprises worldwide. Not 1,000 different IT managers individually.

[You may also like: Hacking Democracy: Vulnerable Voting Infrastructure and the Future of Election Security]

Service Providers Need to Stay Vigilant

As telco companies are racing to deliver 5G services, security has, in some cases, taken a back seat to speed. The most recent attack on telcos by the Chinese government is only the beginning. While it wasn’t especially intricate, nation state cybercriminals are proving that they are able to exploit the growing vulnerabilities that telcos leave behind as they race to 5G. As we approach the 2020 election, we will see a heightened focus as nation states leverage every vulnerability to their advantage. Telcos must be prepared, or the damage could be astronomical.

A version of this post was originally published on Light Reading.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Understanding Consumer Sentiments About Financial Cybersecurity

May 16, 2019 — by Mike O'Malley2

FinServ-960x480.jpg

I’ve long maintained that security can and should be leveraged as a competitive advantage, regardless of industry. But I’d like to expound upon this mantra: it holds particularly true for the financial services industry.

With consumers increasingly relying on web and mobile apps to conduct financial transactions, customer data has emerged as the new “oil” that powers financial institutions; it can be mined to upsell additional services over the long haul.

But if banks want to increase customer lifetime value, they first must protect this treasure trove of data. Why? Because privacy and security are top of mind for consumers.

[You may also like: Millennials “Swipe Right” On Fintech and Security]

This isn’t just an educated guess on my part; Radware recently conducted a survey of nearly 1,200 U.S. consumers to better understand how they view financial security, how they’d react if their data was compromised, and what it all means for financial institutions today.

Spoiler alert: Financial institutions stand to lose business if they don’t prioritize security.

The fact is, data breaches and cyberattacks increase customer churn in an age when virtual transparency, relentless competition and frictionless account transitions have made it easy for consumers to switch financial institutions. And make no mistake — they will abandon their banks if their privacy and security are better prioritized elsewhere.

[You may also like: Growing Your Business: Security as an Expectation]

I encourage you to read the full survey results report. And deeply consider how security isn’t an expenditure, but an investment in your customer lifetime value.

FinServ

Read “Consumer Sentiments: Cybersecurity’s Role in the Future of Financial Institutions” today.

Download Now

Attack MitigationSecurity

Think Cybersecurity Insurance Will Save You? Think Again.

April 24, 2019 — by Mike O'Malley0

cyberinsurance-960x640.jpg

By this point, we know that state-sponsored cyber attacks are a thing. Time and again, we see headlines to this effect, whether it’s election hacking, IP theft, or mega-breaches. For your average consumer, it’s troubling. But for executives at organizations that are targeted, it’s a nightmare.

The accompanying PR headaches, customer churn, and operational and reputation losses are bad enough; but when big companies think they’re protected by cyber insurance only to find out they aren’t,  things go from bad to worse.

Are You Really Covered?

Indeed, per the New York Times, “Many insurance companies sell cyber coverage, but the policies are often written narrowly to cover costs related to the loss of customer data, such as helping a company provide credit checks or cover legal bills.” In other words, many organizations think that because they’ve purchased cyber insurance, they are protected and will be reimbursed for any expenses related to suffering and mitigating a cyberattack.

But that’s not necessarily the case. Insurers are increasingly citing a “war exclusion” clause —which “protects insurers from being saddled with costs related to damage from war”— to avoid reimbursing losses associated with cyberattacks.

[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]

Huh? How can that be? We’ve seen the US Department of Justice identify APT-10 as a Chinese state-sponsored corporate hacking group, attacking both Hewlett Packard Enterprise and IBM. 

In addition, the now infamous NotPetya (for which the U.S. assigned responsibility to Russia in 2018), affected companies are considered collateral damage in cyberwars. This is the nightmare scenario that played out for both Mondelez and Merck in 2017, after both organizations suffered hundreds of millions of dollars’ worth of damages resulting from the NotPetya attack. Unsurprisingly, both Mondelez and Merck are respectively fighting back—in court. But these cases will likely take years (and an astounding amount of legal fees) to resolve. Which begs the question: what are companies to do in the meantime when cyber insurance fails to protect the business?  

Protecting Your Business

Well, first thing’s first. Prioritize security, don’t treat it as an add-on or wait until you’ve been hit with an attack to beef it up. Build it into the very fabric of your company’s foundation. As I wrote last year, doing so enables an organization to scale and focus on security innovation, rather than scrambling to mitigate new threats as they evolve. Besides, baking security into your products and/or services can be leveraged as a competitive differentiator (and therefore help produce new revenue streams).

Additionally, there are several other steps to take to help protect your organization against large scale cyberattacks:

[You may also like: Marriott: The Case for Cybersecurity Due Diligence During M&A]

  • Install comprehensive DDoS and application security protection. Such solutions will optimize business operations, minimize service degradation and help prevent downtime.
  • Educate employees. This can’t be emphasized enough; employers should educate their employees about common cyberattack methods (like phishing campaigns), and to be wary of links and downloads from unknown sources. This may sound simplistic, but it’s often overlooked.
  • Manage permissions. This holds particularly true for organizations operating in or migrating to a public cloud environment; excessive permissions are the number one threat to your cloud-based data.
  • Use multi-factor authentication. Again, this is low-hanging fruit, but it bears repeating. Requiring multi-factor authentication may seem like a pain, but it’s well worth the effort to safeguard your network.

And, as always, let the (security) experts handle the (cybercriminal) experts. Don’t hesitate to engage third-party experts in your quest to provide a secure customer experience.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Application SecurityAttack Types & VectorsBotnetsSecurity

Are Connected Cows a Hacker’s Dream?

April 3, 2019 — by Mike O'Malley0

connected_cows-960x639.jpg

Humans aren’t the only ones consumed with connected devices these days. Cows have joined our ranks.

Believe it or not, farmers are increasingly relying on IoT devices to keep their cattle connected. No, not so that they can moo-nitor (see what I did there?) Instagram, but to improve efficiency and productivity. For example, in the case of dairy farms, robots feed, milk and monitor cows’ health, collecting data along the way that help farmers adjust techniques and processes to increase milk production, and thereby profitability.

The implications are massive. As the Financial Times pointed out, “Creating a system where a cow’s birth, life, produce and death are not only controlled but entirely predictable could have a dramatic impact on the efficiency of the dairy industry.”

From Dairy Farm to Data Center

So, how do connected cows factor into cybersecurity? By the simple fact that the IoT devices tasked with milking, feeding and monitoring them are turning dairy farms into data centers – which has major security implications. Because let’s face it, farmers know cows, not cybersecurity.

Indeed, the data collected are stored in data centers and/or a cloud environment, which opens farmers up to potentially costly cyberattacks. Think about it: The average U.S. dairy farm is a $1 million operation, and the average cow produces $4,000 in revenue per year. That’s a lot at stake—roughly $19,000 per week, given the average dairy farm’s herd—if a farm is struck by a ransomware attack.

[You may also like: IoT Expands the Botnet Universe]

It would literally be better for an individual farm to pay a weekly $2,850 ransom to keep the IoT network up. And if hackers were sophisticated enough to launch an industry-wide attack, the dairy industry would be better off paying $46 million per week in ransom rather than lose revenue.

5G Cows

Admittedly, connected cows aren’t new; IoT devices have been assisting farmers for several years now. And it’s a booming business. Per the FT, “Investment in precision ‘agtech’ systems reached $3.2bn globally in 2016 (including $363m in farm management and sensor technology)…and is set to grow further as dairy farms become a test bed for the wider IoT strategy of big technology companies.”

[You may also like: Securing the Customer Experience for 5G and IoT]

But what is new is the rollout of 5G networks, which promise faster speeds, low latency and increased flexibility—seemingly ideal for managing IoT devices. But, as we’ve previously discussed, with new benefits come new risks. As network architectures evolve to support 5G, security vulnerabilities will abound if cybersecurity isn’t prioritized and integrated into a 5G deployment from the get-go.

In the new world of 5G, cyberattacks can become much more potent, as a single hacker can easily multiply into an army through botnet deployment. Indeed, 5G opens the door to a complex world of interconnected devices that hackers will be able to exploit via a single point of access in a cloud application to quickly expand an attack radius to other connected devices and applications. Just imagine the impact of a botnet deployment on the dairy industry.

[You may also like: IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks]

I don’t know about you, but I like my milk and cheeses. Here’s to hoping dairy farmers turn to the experts to properly manage their security before the industry is hit with devastating cyberattacks.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Mobile DataMobile Security

Here’s How Net Neutrality & Wearable Devices Can Impact 5G

March 28, 2019 — by Mike O'Malley0

5GNetNeutralityDevices-960x540.jpg

AT&T and Verizon are committed to an aggressive, multi-city roll out plan in a race to be the first carrier to implement national 5G deployment. We see this competition play out almost daily in the news: AT&T’s “5G E” is slower than Verizon 4G,  Verizon declares 5G war on AT&T, Verizon inks a deal with the NFL to bring 5G to stadiums, and so forth. And yet, despite this newsworthy competition between telecom giants, we still have a limited understanding of the benefits and risks of 5G.

There are the obvious benefits – faster service, for one – and risks, like insufficient security infrastructure. But what about other, less considered factors that can impact 5G (both positively and negatively), such as net neutrality and wearable devices? How do they play into the risks and rewards of this communications (r)evolution?

Net Neutrality

Currently, net neutrality in the U.S. is embroiled in partisan politics and it’s unclear whether these regulations will be reinstated. But operating under the current status, in which net neutrality rules are suspended, service providers stand to profit from 5G.

[You may also like: Here’s How Carriers Can Differentiate Their 5G Offerings]

As we’ve previously discussed, 5G allows for service providers to “slice” portions of a spectrum as a customizable service for specific types of devices and different customer segments—and without net neutrality, carriers can conceivably charge premium rates for higher quality of service. In other words, service providers could profit by charging select industries that require large bandwidth and low latency – like healthcare and manufacturing, for example – higher premiums.

This premium service/premium revenue model represents a significant ROI for carriers on their 5G infrastructure investment. Not only does slicing provide flexibility for multi-service deployment, it enables the realization of diverse applications on that physical resource, which helps recoup cost for the capital investment.

[You may also like: Don’t Be a “Dumb” Carrier]

However, because implementation will be patchy, with initial focus on high-density, urban areas (versus rural populations), the so-called digital divide may very well deepen, not just for consumers but for rural industries like healthcare and agriculture as well.

Wearable Devices

IoT devices have outpaced the human population for the first time in history. And 5G will undoubtedly  fan the flames of interest in wearable devices, due to its projected speed and availability of data.  

While these devices can certainly make life easier, and even potentially healthier (think about the ECG app on the Apple Watch!), they also carry enormous risk. Why? Because they’re hackable – and they contain a treasure trove of sensitive data, like your location, health stats, and more. And the risk doesn’t only impact the individual wearing an IoT device; enterprises are likewise at risk when their employees wear devices at work and transmit data over office WiFi.    

[You may also like: Securing the Customer Experience for 5G and IoT]

What’s Next?

With the ever-changing nature of internet regulations and the explosion of wearable devices, security must be top-of-mind for service providers. Not only is security advantageous to end users, but for the carriers as well; best-of-breed security opens the possibility for capturing new revenue streams.

No matter the complexity of securing 5G networks, there are solutions. For example, service providers should consider differentiated security mechanisms, offering security as a service to vertical industries, and segregating virtual network slices to safeguard their networks. And of course, let the (security) experts help the (carrier) experts.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Mobile SecurityService Provider

Here’s How Carriers Can Differentiate Their 5G Offerings

February 28, 2019 — by Mike O'Malley0

5g-960x636.jpg

Much of the buzz surrounding this year’s Mobile World Congress has focused on “cool” tech innovations. There are self-driving cars, IoT-enhanced bee hives, smart textiles that monitor your health, realistic human chatbots, AI robots, and so forth. But, one piece of news that has flown relatively under the radar is the pending collaboration between carriers for 5G implementation.

A Team Effort

As Bloomberg reported, carriers from Vodafone Group Plc, Telecom Italia SpA and Telefonica SA are willing to call “a partial truce” to help each other build 5G infrastructure in an attempt “to avoid duplication and make scarce resources go further.”

Sounds great (who doesn’t love a solid team effort?!)…except for one thing: the pesky issue of competing for revenue streams in an industry fraught with financial challenges. As the Bloomberg article pointed out, “by creating more interdependent and overlapping networks, the risk is that each will find it harder to differentiate their offering.”

[You may also like: Securing the Customer Experience for 5G and IoT]

While this is certainly a valid concern, there is an obvious solution: If carriers are looking for differentiation in a collaborative environment, they need to leverage security as a competitive advantage.

Security as a Selling Point

As MWC19 is showing us in no uncertain terms, IoT devices—from diabetic smart socks to dairy milking monitors—are the way of the future. And they will largely be powered by 5G networks, beginning as early as this year.

Smart boot and sock monitor blood sugar, pulse rate, temperature and more for diabetics.

Which is all to say, although carriers are nervous about setting themselves apart while they work in partnership to build 5G infrastructure, there’s a huge opportunity to differentiate themselves by claiming ownership of IoT device security.

[You may also like: Don’t Be A “Dumb” Carrier]

As I recently wrote, IoT devices are especially vulnerable because of manufacturers’ priority to maintain low costs, rather than spending more on additional security features. If mobile service providers create a secure environment, they can establish a competitive advantage and reap financial rewards.

Indeed, best-of-breed security opens the possibility for capturing new revenue streams; mobile IoT businesses will pay an additional service premium for the peace of mind that their devices will be secure and can maintain 100% availability. And if a competing carrier suffers a data breach, for example, you can expect their customer attrition to become your win.

My words of advice: Collaborate. But do so while holding an ace—security—in your back pocket.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

HacksSecurity

How Hackable Is Your Dating App?

February 14, 2019 — by Mike O'Malley0

datingapps-960x653.jpeg

If you’re looking to find a date in 2019, you’re in luck. Dozens of apps and sites exist for this sole purpose – Bumble, Tinder, OKCupid, Match, to name a few. Your next partner could be just a swipe away! But that’s not all; your personal data is likewise a swipe or click away from falling into the hands of cyber criminals (or other creeps).

Online dating, while certainly more popular and acceptable now than it was a decade ago, can be risky. There are top-of-mind risks—does s/he look like their photo? Could this person be a predator?—as well as less prominent (albeit equally important) concerns surrounding data privacy. What, if anything, do your dating apps and sites do to protect your personal data? How hackable are these apps, is there an API where 3rd parties (or hackers) can access your information, and what does that mean for your safety?

Privacy? What Privacy?

A cursory glance at popular dating apps’ privacy policies aren’t exactly comforting. For example, Tinder states, “you should not expect that your personal information, chats, or other communications will always remain secure.” Bumble isn’t much better (“We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk”) and neither is OKCupid (“As with all technology companies, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information will always remain secure”).

Granted, these are just a few examples, but they paint a concerning picture. These apps and sites house massive amounts of sensitive data—names, locations, birth dates, email addresses, personal interests, and even health statuses—and don’t accept liability for security breaches.

If you’re thinking, “these types of hacks or lapses in privacy aren’t common, there’s no need to panic,” you’re sadly mistaken.

[You may also like: Are Your Applications Secure?]

Hacking Love

The fact is, dating sites and apps have a history of being hacked. In 2015, Ashley Madison, a site for “affairs and discreet married dating,” was notoriously hacked and nearly 37 million customers’ private data was published by hackers.

The following year, BeautifulPeople.com was hacked and the responsible cyber criminals sold the data of 1.1 million users, including personal habits, weight, height, eye color, job, education and more, online. Then there’s the AdultFriendFinder hack, Tinder profile scraping, Jack’d data exposure, and now the very shady practice of data brokers selling online data profiles by the millions.

In other words, between the apparent lack of protection and cyber criminals vying to get a hold of such personal data—whether to sell it for profit, publicly embarrass users, steal identities or build a profile on individuals for compromise—the opportunity and motivation to hack dating apps are high.

[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]

Protect Yourself

Dating is hard enough as it is, without the threat of data breaches. So how can you best protect yourself?

First thing’s first: Before you sign up for an app, conduct your due diligence. Does your app use SSL-encrypted data transfers? Does it share your data with third parties? Does it authorize through Facebook (which lacks a certificate verification)? Does the company accept any liability to protect your data?

[You may also like: Ensuring Data Privacy in Public Clouds]

Once you’ve joined a dating app or site, beware of what personal information you share. Oversharing details (education level, job, social media handles, contact information, religion, hobbies, information about your kids, etc.), especially when combined with geo-matching, allows creepy would-be daters to build a playbook on how to target or blackmail you. And if that data is breached and sold or otherwise publicly released, your reputation and safety could be at risk.

Likewise, switch up your profile photos. Because so many apps are connected via Facebook, using the same picture across social platforms lets potential criminals connect the dots and identify you, even if you use an anonymous handle.

Finally, you should use a VPN and ensure your mobile device is up-to-date with security features so that you mitigate cyber risks while you’re swiping left or right.

It’s always better to be safe and secure than sorry.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Mobile SecurityService Provider

Don’t Be A “Dumb” Carrier

February 12, 2019 — by Mike O'Malley0

dumbcarrier-960x540.jpg

By next year, it is estimated that there will be 20.4 billion IoT devices, with businesses accounting for roughly 7.6 billion of them. While these devices are the next wireless innovation to improve productivity in an ever-connected world, they also represent nearly 8 billion opportunities for breaches or attacks.

In fact, 97% of companies believe IoT devices could wreak havoc on their organizations, and with good reason. Security flaws can leave millions of devices vulnerable, creating pathways for cyber criminals to exfiltrate data—or worse. For example, a July 2018 report disclosed that nearly 500 million IoT devices were susceptible to cyberattacks at businesses worldwide because of a decade old web exploit.

A New Attack Environment

In other words, just because these devices are new and innovative doesn’t mean your security is, too. To further complicate matters, 5G networks will begin to roll out in 2020, creating a new atmosphere for mobile network attacks. Hackers will be able to exploit IoT devices and leverage the speed, low latency and high capacity of 5G networks to launch unprecedented volumes of sophisticated attacks, ranging from standard IoT attacks to burst attacks, and even smartphone infections and mobile operating system malware.

Scary stuff.

[You may also like: IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks]

So, who is responsible for securing these billions of devices to ensure businesses and consumers alike are protected?  Well, right now, nobody. And there’s no clear agreement on what entity is—or should be—held accountable. According to Radware’s 2017-2018 Global Application & Network Security Report, 34% believe the device manufacturer is responsible, 11% believe service providers are, 21% think it falls to the private consumer, and 35% believe business organizations should be liable.

Ownership Is Opportunity

Indeed, no one group is raising its hand to claim ownership of IoT device security. But if service providers want to protect their networks and customers, they should jump at the chance to take the lead here. While service providers technically don’t own the emerging security issues, it is ultimately the operators who are best positioned to deal with and mitigate attack traffic. While many may view this as an operational cost, it is, in actuality, a business opportunity.

In fact, the Japanese government is so concerned about a large scale IoT attack disrupting the 2020 Tokyo Olympics, they just passed a law empowering the government to intentionally identify and hack vulnerable IoT devices.  And who is the government asking to secure the list of devices they find vulnerable? Consumers? Businesses? Manufacturers?  No, No, and NO.  They are asking service providers to secure these devices from attacks.

[You may also like: IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI]

Think about it: Every device connected to a network is another potential security weakness. And as we’ve written about previously, IoT devices are especially vulnerable because of manufacturers’ priority to maintain low costs, rather than spending more on additional security features. If mobile service providers create a secure environment that satisfies the protection of customer data and devices, they can establish a competitive advantage and reap financial rewards.

From Opportunity to Rewards

This translates to the potential for capturing new revenue streams. If your mobile network is more secure than your competitors’, it stands to reason that their customer attrition becomes your win. And mobile IoT businesses will pay an additional service premium for the knowledge that their IoT devices won’t be compromised and can maintain 100% availability.

[You may also like: The Rise of 5G Networks]

What’s more, service providers need to be mindful of history repeating itself. After providers lost the war with Apple and Google to control apps (and their associated revenue), they earned the unfortunate reputation of being “dumb pipes.” Conversely, Apple and Google were heralded for capturing all the value of the explosion of mobile data apps. Apple now sits with twice the valuation as AT&T and Verizon, COMBINED.  Now, as we are on the precipice of a similar explosion of IoT apps that enterprises will buy, the question again arises over whether service providers will just sell “dumb pipes” or whether they will get involved in the value chain.

A word to the wise: Don’t be a “dumb” carrier. Be smart.  Secure the customer experience and reap the benefits.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Application SecurityMobile Security

Millennials “Swipe Right” On Fintech and Security

February 6, 2019 — by Mike O'Malley0

fintech-960x576.jpg

Let me cut to the chase: The financial services industry is rapidly changing to satisfy its new best friend, millennials. There’s no getting around it; their sheer numbers necessitate attention. Millennials represent one in three Americans in the workforce, 25 percent of the global population (fun fact: there are more millennials in China than people in the United States!), and have $200 billion in buying power. They are the largest single generation in the workforce today.  And, most importantly for financial services, they are 43 percent of all mobile banking and finance usage.

Digital Trumps Traditional

Indeed, millennials don’t value traditional banking like previous generations. Born into a digitally-connected era, they heavily rely on the Internet and smartphones to conduct their business, including managing their finances. According to research from Gemalto, more than one in four (27%) millennials have never even visited a bank branch. Comparatively, 77 percent use online services every month and many consider mobile banking “essential,” with nearly 40 percent reporting that financial apps help them control their finances. This becomes critically important in maintaining trust.  Since they’ve never been to a branch, there are no people, no relationships to build loyalty.  All trust, loyalty and affinity for the brand comes 100% from experience on the web and via mobile apps. Any breach here, and trust is broken…forever.

[You may also like: Growing Your Business: Millennials and M-Commerce]

And, it’s worth noting, millennials want financial help. Millennials grew up during the global financial crisis, so managing debt responsibly and avoiding risk is very important to them.  A TD Bank survey designed to understand these young adults’ banking behaviors found that “while 59 percent of millennials reported that they are ‘extremely’ or ‘very’ knowledgeable about their day-to-day banking products like checking accounts, they still want advice on personal finance topics,” including savings, credit cards and creating a budget.

In other words, millennials value tools and advice that give them control over debt and credit alike—which helps explain their reliance on fintech over traditional banks for financial advice and things like debt consolidation loans. In fact, millennials are driving a surge in personal loans, 36 percent of which are from fintech lenders.

Opportunity…and Risk

All these statistics converge to make one key point: While there is  a huge opportunity for fintech providers to capture market share and growth, there is also sizable risk. Why? Because data security is top of mind for these so-called “digital natives.” They understand the liabilities of trusting organizations, like financial institutions, with their online data and expect that it will be well guarded 24/7 with no lapses.

[You may also like: Millennials and Cybersecurity: Understanding the Value of Personal Data]

If it isn’t? say goodbye to your millennial customer base; millennials are 2.5 times more likely to change banks than their older counterparts if they aren’t pleased. And one surefire way to keep them happy is with a secure mobile and/or online customer experience. After all, the number one tool millennials want is better mobile security for financial transactions.

Don’t risk losing the most connected, powerful consumer demographic because of lax security. The guaranteed fallout—customer attrition, reputation loss and more—simply isn’t worth the risk. Proactively securing a secure customer experience is paramount to maintaining a competitive advantage and capturing the trust of your most important customers.

2018 Mobile Carrier Ebook

Read “The Millennial View on Data Security” today.

Download Now