main

Application SecurityMobile DataMobile SecuritySecurity

Growing Your Business: Millennials and M-Commerce

December 6, 2018 — by Mike O'Malley0

mcommerce-960x640.jpg

Millennials are the largest generation in the U.S. labor force—a position they’ve held since 2016—and they’re involved in the majority (73%) of B2B purchasing decisions. Raised in the age of the Internet, they’re digital natives and easily adopt and adapt to new technologies. And mobile apps are their lifelines.

Why does this matter? Well, when you combine Millennials’ tech savviness with their business acumen, their clout in a digital economy comes into focus. As both decision-makers and connoisseurs of mobile technology, they can make or break you in a low-growth economy if your business model doesn’t square with their preferences.

In other words, if you’re not embracing mobile commerce, you may soon be ancient history. This generation has little-to-no use for brick-and-mortar storefronts, banks, etc., instead preferring to use apps for shopping, financial transactions and more.

Of course, making m-commerce a linchpin of your business model isn’t risk free; cybersecurity concerns are of critical importance. Increasingly, personal data protection is tied directly to consumer loyalty to a particular brand, and Millennials in particular care about how their data is used and safeguarded.

You Can’t Rush Greatness

While Millennials are renowned for an “I want it fast, and I want it now” attitude (which explains why 63% of them use their smartphone to shop every day, versus trekking to a store), the biggest mistake you can make is overlooking security in a rush to roll out a mobile strategy.

The fact is, vulnerabilities on m-commerce platforms can result in severe financial impacts; the average cost of a corporate data breach is $3.86 million. If a mobile app or mobile responsive e-commerce site is hit by an application attack, for example, short-term profit loss (which can escalate quickly) and longer-term reputation loss are serious risks. And as we move into 2019, there are several mobile security threats that we need to take seriously.

[You may also like: Are Your Applications Secure?]

Baking cybersecurity into your mobile strategy—as a core component, not an add-on—is, without question, necessary. The reason is manifold: For one thing, mobile devices (where your app primarily lives) are more susceptible to attacks. Secondly, mobile commerce websites are often implemented with a web application firewall to protect it.  Thirdly, Millennials’ reliance on m-commerce, both as B2B and B2C consumers, means you stand to lose significant business if your app or website go “down.” And finally, Millennials are security conscious.

Securing the Secure Customer Experience

So how can you help ensure your m-commerce platform, and thereby your Millennial customer base, is secure? A number of ways:

  • Guard your app’s code from the get-go. Test the code for vulnerabilities, ensure it’s easy to patch, and protect it with encryption.
  • Consider a Web Application Firewall (WAF) to secure your APIs and your website.
  • Run real-time threat analytics.
  • Be mindful of how customer data is stored and secured. (Don’t pull an Uber and store data unencrypted!)
  • Patch often. Because security threats evolve constantly, so must your security patches! Just ask Equifax about the importance of patching…

[You may also like: Growing Your Business: Security as an Expectation]

Of course, this isn’t an exhaustive list of proactive security measures you can take, but it’s a good start. As I’ve said time and time again, in an increasingly insecure world where security and availability are the cornerstones of the digital consumer, cybersecurity should never be placed on the back burner of company priorities. Don’t wait for an attack to up your security game. At that point, trust is broken with your Millennial customer base and your business is in trouble. Be proactive. Always.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Mobile SecuritySecurity

Cybersecurity for the Business Traveler: A Tale of Two Internets

November 27, 2018 — by David Hobbs0

travel-960x506.jpg

Many of us travel for work, and there are several factors we take into consideration when we do. Finding the best flights, hotels and transportation to fit in the guidelines of compliance is the first set of hurdles, but the second can be a bit trickier: Trusting your selected location. Most hotels do not advertise their physical security details, let alone any cybersecurity efforts.

I recently visited New Delhi, India, where I stayed at a hotel in the Diplomatic Enclave. Being extremely security conscious, I did a test on the connection from the hotel and found there was little-to-no protection on the wi-fi network. This hotel touts its appeal to elite guests, including diplomats and businessmen on official business. But if it doesn’t offer robust security on its network, how can it protect our records and personal data?  What kind of protection could I expect if a hacking group decided to target guests?

[You may also like: Protecting Sensitive Data: A Black Swan Never Truly Sits Still]

If I had to guess, most hotel guests—whether they’re traveling for business or pleasure—don’t spend much time or energy considering the security implications of their new, temporary wi-fi access. But they should.

More and more, we are seeing hacking groups target high-profile travelers. For example, the Fin7 group stole over $1 billion with aggressive hacking techniques aimed at hotels and their guests. And in 2017, an espionage group known as APT28 sought to steal password credentials from Western government and business travelers using hotel wi-fi networks.

A Tale of Two Internets

To address cybersecurity concerns—while also setting themselves apart with a competitive advantage—conference centers, hotels and other watering holes for business travelers could easily offer two connectivity options for guests:

  • Secure Internet: With this option, the hotel would provide basic levels of security monitoring, from virus connections to command and control infrastructure, and look for rogue attackers on the network. It could also alert guests to potential attacks when they log on and could make a “best effort.”
  • Wide Open Internet: In this tier, guests could access high speed internet to do as they please, without rigorous security checks in place. This is the way most hotels, convention centers and other public wi-fi networks work today.

A two-tiered approach is a win-win for both guests and hotels. If hotels offer multiple rates for wi-fi packages, business travelers may pay more to ensure their sensitive company data is protected, thereby helping to cover cybersecurity-related expenses. And guests would have the choice to decide which package best suits their security needs—a natural byproduct of which is consumer education, albeit brief, on the existence of network vulnerabilities and the need for cybersecurity. After all, guests may not have even considered the possibility of security breaches in a hotel’s wi-fi, but evaluating different Internet options would, by default, change that.

[You may also like: Protecting Sensitive Data: The Death of an SMB]

Once your average traveler is aware of the potential for security breaches during hotel stays, the sky’s the limit! Imagine a cultural shift in which hotels were encouraged to promote their cybersecurity initiatives and guests could rate them online in travel site reviews? Secure hotel wi-fi could become a standard amenity and a selling point for travelers.

I, for one, would gladly select a wi-fi option that offered malware alerts, stopped DDoS attacks and proactively looked for known attacks and vulnerabilities (while still using a VPN, of course). Wouldn’t it be better if we could surf a network more secure than the wide open Internet?

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

SecurityService Provider

The End of the Telephone

November 20, 2018 — by David Hobbs1

phone-960x602.jpg

Telephones have come a long way in their short lives, evolving from a simple transmitter and receiver to today’s ubiquitous smartphones. But as technologies continue to consolidate and automation takes over, what are we going to do at the end of the telephone? And what are the security implications of that?

Imagine a world where phone numbers have no meaning, and we instead rely on a system resembling an Internet IP address that shifts according to location. Afterall, we’re increasingly using smartphone apps like WhatsApp, iMessage, FaceTime, Skype (and so many more!) to communicate. How often do we actually dial our friends and family to talk? Moreover, how many of us still even own landlines?!

The fact is, we, as a society, interact more and more via apps, and I predict that the end of POTS (Plain Old Telephone System) will come faster than you think. Even my ageing parents have disconnected their home phones and my 84-year-old father uses an iPhone!

[You may also like: Consolidation in Consumer Products: Could it Solve the IoT Security Issues?]

So, with cybersecurity in mind, what does this new trend mean?  Do we have ways to integrate our businesses into this new era?  How do we keep our customers, friends and family connected, while keeping our data safe?

The reliance on chat apps is beneficial in that it helps avoid international call charges and allows us to be global citizens without boundaries imposed by phone companies.  But it also opens us up to vulnerabilities, like potentially communicating and exchanging sensitive data with the wrong person(s). While two factor authentication—which is used, for example, when you log into a bank account from a public Internet device and the site confirms your identity via text or a call—works now, when phone numbers disappear, it won’t do any good.

This is where the future of innovation plays a critical role; we will need a new way to identify and connect with people beyond face recognition, fingerprints on an iPhone or a password generated by a system. For example, 5G networks allow for the design of software defined private networking and the ability to provide function virtualization.   We should begin to see full security stack solutions at the endpoint of radio /5G /WiFi, without security having to live in the central office.

[You may also like: IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI]

Look forward to the future where trust and identity are going to be better than some sort of robot speak of numbers and data on the screen.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Mobile SecuritySecurity

Online Security Concerns Split UK Black Friday Shoppers

November 14, 2018 — by Radware1

AdobeStock_227289527-960x391.jpg

Shopping online on Black Friday Weekend can be a great way of getting the best deal as retailers slash prices across their range. But as security risks mount and hackers continue to target consumers’ personal data, could shoppers turn their backs on online stores and return to more traditional, secure methods?

To understand UK consumers’ attitudes to shopping online at Black Friday and how they balance security with convenience, Radware sought the opinions of 500 UK adults. The results show that an overwhelming majority—more than 70%—of UK consumers do not think companies are doing enough to protect their personal data on Black Friday. In fact, over 10% reported that they had personally been affected by a data breach.

As a result, 45% of respondents said they would not be shopping online, including 32% who said they would visit a physical store instead.

Security v. Convenience

The fear of having personal data compromised while shopping online is undeniable: 40% of UK consumers plan to change their online habits during Black Friday, including 25% who will reportedly only shop with well-known brands or will check that the website is secure before making a purchase.

These security concerns have resulted in a split approach to Black Friday shopping. 55% of the survey respondents stated that convenience, price or home delivery was worth the potential risk, while the remaining 45% preferred to avoid online shopping, including 32% who said they would visit a physical store instead. And for those aged 55 and older, more than 25% stated they would rather order by telephone.

The research shows that many consumers are aware of the risks of online shopping, and while some are willing to accept this for convenience and price, others are avoiding online shopping altogether. Organisations, especially retailers, need to invest in strong cybersecurity if they want to increase trust and attract new customers at key trading periods.

[You may also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Data Culture

The research found that 12% of respondents had been the victim of a data breach, and this figure rose to 17% when including respondents who had received an alert from their bank that an attempt had been stopped.

While all age groups were affected by data breaches, those under 35 are more likely to utilize identity check websites and even the Dark Web in order to confirm whether their data has been breached.

Respondents were generally open about sharing their experiences online, with 44% saying they would tell a friend if they fell for a scam online to help them avoid the same fate. A further 16% said they would ask for help while 7% would try to solve any problems themselves. Only 3% would keep quiet out of embarrassment.

[You may also like: Millennials and Cybersecurity: Understanding the Value of Personal Data]

Connected Threats

With Internet-connected devices expected to be top-sellers this Black Friday, Radware also considered consumers’ opinions of connected devices and the threats they pose.

When asked who has responsibility for keeping connected devices secure, almost 40% responded that it was their personal responsibility. A further 20% said security was up to their Internet service provider, while 7% hold the device manufacturer responsible.

Only 3% placed responsibility with the UK Government, despite the recent creation of a voluntary Code of Practice aimed at consumer products, developed by the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC).

[You may also like: Growing Your Business: Security as an Expectation]

Opinions were again split on the risks of connected devices, with 52% saying security threats were outweighed by convenience, including 36% who said devices make their lives easier.

However, when told that unsecure devices could be used to spy or listen on owners, 25% were shocked it was even possible, 21% said they would put off using the devices, and 18% said they felt nervous in their own home.

While personal opinions vary regarding security vs. convenience, the overall sentiment is one of low trust in online retailers. At such a crucial shopping time of year, retailers must proactively convince consumers that their digital shopping experience is secure. In fact, security should be leveraged as a selling point to demonstrate that customer data safety takes priority over sales on Black Friday. Retailers that secure the customer experience and ensure customer data is safe will be the winners not only on Black Friday, but all year round.

METHODOLOGY: The survey was completed by Radware via a Google Survey conducted in November 2018 among a sample of 500 UK adults.

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

SecurityService Provider

IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI

September 18, 2018 — by Louis Scialabba1

iot-5g-networks-cybersecurity-blog-img-960x519.jpg

By 2020, Gartner says there will be 20.4 billion IoT devices. That rounds out to almost three devices per person on earth. As a result, IoT devices will show up in just about every aspect of daily life. While IoT devices promise benefits such as improved productivity, longevity and enjoyment, they also open a Pandora’s box of security issues for mobile service providers.

This flood of IoT devices, combined with the onset of 5G networks to support it, is creating an atmosphere ripe for mobile network attacks.  This threat landscape requires mobile service providers to alter their approach to network security or suffer dire consequences. The same old tools are no longer enough.

[You might also like: A New Atmosphere for Mobile Network Attacks]

Battle Increased Complexity with Automation

For years, security teams have struggled with the proliferation of data from dozens of security products, outpacing their ability to process it. This same problem applies to mobile service providers regarding the aforementioned issues surrounding 5G and IoT devices.

Security threats and anomalies within mobile network traffic are growing faster than security teams can detect and react to them. All the security threats we see now on enterprise networks are a harbinger of what’s to come on 5G networks. The introduction of 5G adds significant complexities to mobile networks that require next-generation security solutions.

Automation is key to better identification and mitigation of these threats for mobile service providers. Machine-learning based DDoS mitigation solutions enable real-time detection and mitigation of DDoS attacks. Through behavioral analysis, bad traffic can then be identified and automatically blocked before any damage is done.

[You might also like: The Rise of 5G Networks]

Automation Across the Security Architecture

For mobile service providers, automation must expand across all layers of the security architecture. First and foremost, the network must be leveraged as a sensor, a digital cyberattack tripwire. In 5G networks, network elements are distributed at the edge and virtualized. The network’s endpoints can be used as detection spots to send messages back to a centralized control plane (CCP).

The CCP serves as the brain of the network, compiling all the inputs from its telemetry feeds to deploy the best way to apply mitigation policies.

The myriad amount of CCP data can be put to work via Big Data. As 5G pushes network functions and data to the cloud, there’s an opportunity to use this information to better protect against attacks with the help of artificial intelligence (AI) and deep learning.

This is where the “big” in “big data” comes into play. Because 5G virtual devices live on the edge of the network in small appliances, there isn’t enough computing power available to identify evolving attack traffic from within. But by feeding traffic through an extra layer of protection at large data centers, it is possible to efficiently compile all the data to identify attacks.

Large data centers can be prohibitively expensive to house and maintain. Ideally, these data centers are housed and maintained by the mobile service provider’s DDoS mitigation vendor, which leverages its network of cloud-based scrubbing centers (and the massive volumes of threat intelligence it collects) to process this information and automatically feed it back to the mobile service provider.

A Game of Probability

In the end, IoT and 5G security will come down to being a game of probability, however, automation and AI stack the odds heavily in favor of mobile service providers.

The new network technology has the speed and capacity to enable AI with data from 50 billion connected devices. AI requires huge amounts of data to sift through and create neural networks where anomalies can be detected, with emphasis on good data. Bad or poisoned data will lead to biased models and false negatives. The more good data, the better the outcomes in this high-stakes game of probability.

As all this traffic is fed through the scrubbing centers at data centers around the world, AI can help inform security algorithms to detect protocol anomalies and flag issues. The near real-time process is complicated. Like an FBI watch list, a register of attack information goes to a mobile network’s control plane. The result is a threat intelligence feed that uses the power of machine learning to identify and prevent attacks.

The best place to populate AI and deep learning systems is from crowdsourcing and global communities where large numbers of enterprises and networks contribute data. Bad data will find its way in, but the good data will significantly outnumber the bad data to make deep learning possible.

Ultimately, the threats from botnets, web scraping, and IoT zombies is dynamic and increasingly complex. With 5G on the horizon, it’s critical that mobile service providers are proactive and make plans now to protect their networks against evolving security threats by turning to machine learning and AI.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

SecurityService Provider

Protecting Sensitive Data: What a Breach Means to Your Business

August 29, 2018 — by Mike O'Malley0

data_falling_data_leaks-960x576.jpg

Data breaches have made big headlines in recent years, from Target to Equifax to Hudson’s Bay Co’s Saks and Lord & Taylor.  But the growing trend is actually in all the litigation stemming from data breaches. International law firm Bryan Cave analyzed the increasing trend of legal action following data breaches of all sizes. It found that in 2016 alone, there were 76 class action lawsuits related to data breaches:

  • 34% were within the medical industry
  • 95% had negligence as the most popular legal theory
  • 86% emphasized the breach of sensitive data

Our own research supports these findings. Radware’s 2018 Consumer Sentiments Survey found that 55% of U.S. consumers stated that they valued their personal data over physical assets, i.e. cars, phones, wallets/purses. In addition, Radware’s C-Suite Perspectives report revealed 41% of executives reported that customers have taken legal action following a data breach. Consequences of data breaches have extended past bad press, and include lasting effects on stock prices, customer acquisition costs, churn, and even termination of C-Suite level executives.

[You might also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organizations]

Types of sensitive data vary by industry and therefore have respective attack methods. For example, the finance and commerce industry are expected to protect data such as names, contact information, social security numbers, account numbers and other financial information. Likewise, the healthcare industry is at high risk of data breaches, as medical records contain the same personal data in addition to more details that aid in identity fraud – such as doctor and prescription records, medical insurance information, and individual health attributes from height and weight to blood type.

On the surface, data breaches fall under the jurisdiction of CISO, CTOs, etc., but CEOs are now just as likely to be held responsible for these incidents; Target’s then-CEO was forced to resign following its 2013 data breach.  Other CEO’s at Sony and Home Depot were no longer in their positions within 6 months of their high profile breaches.

Laws and regulations surrounding data breaches are now moving at a faster pace due to steeper consequences, with the implementation of the European Union’s General Data Protection Regulation (GDPR) and the United States’ growing interest and demand in data privacy and protection. Security at its bare minimum is no longer realistic, and instead a competitive advantage for smart companies. C-level executives who aren’t reviewing security plans are opening themselves and their companies to significant liabilities.

How does GDPR affect me?

The GDPR’s purpose is providing protection over the use of consumers’ personal data. Companies are now held to a higher expectation to protect their customers’ data, further emphasizing the evolving consideration of cybersecurity as a necessity in business. At its strictest, companies found not having done enough can be penalized upwards of €20 million or 4% of the offending organization’s annual worldwide revenue.

Although data breaches alone are months of bad publicity in general, the wrath of consumers often stem from the delayed notification and response from the company. Companies incur this fury when they attempt to keep a data breach hidden only for it to be uncovered, resulting in increased litigation costs. The GDPR now mandates and upholds companies to the high standard of notifying data breach-affected consumers within 72 hours.

Targeted for a Data Breach

In 2013, one of the most notable, mainstream headlines focused on the data breach of Minnesota-based, retail giant Target Corporation. During the holiday shopping season, Target revealed their mass data breach of personal information, of which 40 million customers had personal financial data stolen and 70 million had general personal data (such as email and addresses) revealed. Attackers were able to exploit the company’s customer database through a third-party vendor’s stolen credentials, utilizing malware as the weapon of choice; the same malware was later utilized to attack other retailers such as Home Depot. Hackers after the finance and retail industry still utilize malware like Target’s 2013 data breach to create pathways from minimally-protected 3rd parties into more complex systems.

At the end of the investigation, Target had to pay a fine of $18.5 million across the U.S. in addition to its cumulative legal fees of a staggering $202 million for the data breach. What goes unmentioned however, is also the potential cost of lost customers from these breaches, as well as the brand reputation decline. The company must also abide to new Terms of Agreements by various State Attorney Generals that include requiring Target to employ a security leader for the creation and management of a thorough information security program, in addition to other related guidelines.

The Early Bird Avoids the Attack

Target became a lasting example of the need for cybersecurity to be implemented within a company’s architecture and business processes. The topic of protecting customer data has become its own high-profile discussion across various industries, rather than just within the technology industry. Being proactive with not only the security surrounding the company’s products/services, but also the data it collects, will be a competitive differentiator moving forward.

Radware research found that 66% of C-Suite Executives across the world, believed hackers could penetrate their networks, yet little is changed to implement protections as exhibited by the graphic below.

[You might also like: Cybersecurity & Customer Experience: Embrace Technology and Change to Earn A Customer’s Loyalty]

Sensitive data across all industries are valuable, coming at different prices in the dark net market. As data breaches are becoming more commonplace, industries have to take different levels of precaution in order to protect consumers’ personal data. For example, the healthcare industry heavily utilizes encryption to protect data such as medical records and prescription history. However, attackers are also implementing encryption attack tools in order to access this information. It is crucial for the cybersecurity systems of these organizations to be able to distinguish between valid encrypted information versus attack information encrypted with SSL, in order to prevent a breach. A comprehensively designed network infrastructure that consistently manages and monitors SSL and encryption technology through its security systems can ensure protected network and data privacy.

Transitioning cybersecurity from the hallways of IT and embedding it into the very foundation of business operations allows an organization to scale and focus on security innovation, rather than scrambling to mitigate new threats as they evolve or worse, litigating expensive class actions. In addition, this proactive approach further builds customer relationships via improved trust and loyalty. Knowing that cybersecurity is a company’s and CEO’s priority will help the customer feel more at ease with potential partnerships and strengthens the level of trust between.

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks

August 28, 2018 — by Louis Scialabba3

cyborg_iot_5g-960x432.jpg

The development and onset of 5G networks bring a broad array of not only mobile opportunities but also a litany of cybersecurity challenges for service providers and customers alike. While the employment of Internet of Things (IoT) devices for large scale cyberattacks has become commonplace, little has been accomplished for their network protection. For example, research by Ponemon Institute has found that 97% of companies believe IoT devices could wreak havoc on their organizations.

With hackers constantly developing technologically sophisticated ways to target mobile network services and their customers, the rapidly-approaching deployment of 5G networks, combined with IoT device vulnerability has created a rich environment for mobile network cyberattacks.

[You might also like: The Rise of 5G Networks]

Forecast Calls for More Changes

Even in today’s widespread use of 4G networks, network security managers face daily changes in security threats from hackers. Just as innovations for security protection improve, the sophistication of attacks will parallel. Cybersecurity agency ENISA forebodes an increase in the prevalence of security risks if security standards’ development doesn’t keep pace.

Add in research company Gartner’s estimate that there will be 20.4 billion connected devices by 2020, hackers will have a happy bundle of unprotected, potential bots to work with. In the new world of 5G, mobile network attacks can become much more potent, as a single hacker can easily multiply into an army through the use of botnet deployment.

Separating the Good from the Bad

Although “bot traffic” has an unappealing connotation to it, not all is bad. Research from Radware’s Emergency Response Team shows that 56% of internet traffic is represented by both good and bad bots, and of that percentage, they contribute almost equally to it. The critical part for service providers, however, is to be able to differentiate the two and stop the bad bots on their path to chaos.

New Technology, New Concerns

Although 4G is expected to continue dominating the market until 2025, 5G services will be in demand as soon as its rollout in 2020 driven by features such as:

  • 100x faster transmission speeds resulting in improved network performance
  • Lower latency for improved device connections and application delivery
  • 1,000x greater data capacity which better supports more simultaneous device connections
  • Value-added services enabled by network slicing for better user experience

The key differentiating variable in the composition of 5G networks is its unique architecture of the distributed nature capabilities, where all network elements and operations function via the cloud. Its flexibility allows for more data to pass through, making it optimal for the incoming explosion of IoT devices and attacks, if unsecured. Attacks can range from standard IoT attacks to burst attacks, even potentially escalating to smartphone infections and operating system malware.

[You might also like: Can You Protect Your Customers in a 5G Universe?]

5G networks will require an open, virtual ecosystem, one where service providers have less control over the physical elements of the network and more dependent on the cloud. More cloud applications will be dependent on a variety of APIs. This opens the door to a complex world of interconnected devices that hackers will be able to exploit via a single point of access in a cloud application to quickly expand the attack radius to other connected devices and applications.

Not only are mobile service providers at risk, but as are their customers; if not careful, this can lead to more serious repercussions regarding customer loyalty and trust between the two.

A Slice of the 5G Universe

Now that the new network technology is virtualized, 5G allows for service providers to “slice” portions of a spectrum as a customizable service for specific types of devices. Each device will now have its own respective security, data-flow processes, quality, and reliability. Although more ideal for their customers, it can simultaneously prove to be a challenge in satisfying the security needs of each slice. Consequently, security can no longer be considered as simply an option but as another integral variable that will need to be fused as part of the architecture from the beginning.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: The Rise of 5G Networks

August 16, 2018 — by Louis Scialabba2

rise-5g-networks-iot-cybersecurity-960x640.jpg

Smartphones today have more computing power than the computers that guided the Apollo 11 moon landing. From its original positioning of luxury, mobile devices have become a necessity in numerous societies across the globe.

With recent innovations in mobile payment such as Apple Pay, Android Pay, and investments in cryptocurrency, cyberattacks have become especially more frequent with the intent of financial gain. In the past year alone, hackers have been able to mobilize and weaponize unsuspected devices to launch severe network attacks. Working with a North American service provider, Radware investigations found that about 30% of wireless network traffic originated from mobile devices launching DDoS attacks.

Each generation of network technology comes with its own set of security challenges.

How Did We Get Here?

Starting in the 1990s, the evolution of 2G networks enabled service providers the opportunity to dip their toes in the water that is security issues, where their sole security challenge was the protection of voice calls. This was resolved through call encryption and the development of SIM cards.

Next came the generation of 3G technology where the universal objective (at the time) for a more concrete and secure network was accomplished. 3G networks became renowned for the ability to provide faster speeds and access to the internet. In addition, the new technology provided better security with encryption for voice calls and data traffic, minimizing the impact and damage levels of data payload theft and rogue networks.

Fast forward to today. The era of 4G technology has evolved the mobile ecosystem to what is now a mobile universe that fits into our pockets. Delivering significantly faster speeds, 4G networks also exposed the opportunities for attackers to exploit susceptible devices for similarly quick and massive DDoS attacks. More direct cyberattacks via the access of users’ sensitive data also emerged – and are still being tackled – such as identity theft, ransomware, and cryptocurrency-related criminal activity.

The New Age

2020 is the start of a massive rollout of 5G networks, making security concerns more challenging. The expansion of 5G technology comes with promises of outstanding speeds, paralleling with landline connection speeds. The foundation of the up-and-coming network is traffic distribution via cloud servers. While greatly benefitting 5G users, this will also allow attackers to equally reap the benefits. Without the proper security elements in place, attackers can wreak havoc with their now broadened horizons of potential chaos.

What’s Next?

In the 5G universe, hackers can simply attach themselves to a 5G connection remotely and collaborate with other servers to launch attacks of a whole new level. Service providers will have to be more preemptive with their defenses in this new age of technology. Because of the instantaneous speeds and low lag time, they’re in the optimal position to defend against cyberattacks before attackers can reach the depths of the cloud server.

2018 Mobile Carrier Ebook

Discover more about what the 5G generation will bring, both benefits and challenges, in Radware’s e-book “Creating a Secure Climate for your Customers” today.

Download Now

SecurityService Provider

Enterprises are asking for help to protect their data. Here’s the answer service providers should provide.

June 20, 2017 — by Mike O'Malley0

carrier-mssp-960x637.jpg

Big. Small. Public. Private. Government. Retail. B2B. Non-profit.

Hackers don’t care about the size or purpose of the organizations they attack. They’re bombarding networks all over the globe with sophisticated multi-vector DDoS attacks, looking to grab any data from which they can profit.

SecurityService Provider

The Economics of Cyber-Attacks

April 4, 2017 — by Mike O'Malley0

economics-of-cyber-attacks-960x640.jpg

How to Provide State of the Art Protection against Real World Threats

We live in a world where increasing numbers of complex cyber breach tools are available on the Darknet. But what is the Darknet and how do we protect against it? The Darknet is an anonymous and obfuscated section of the internet where criminals can exchange information, tools and money to carry out attacks with little or no traceability. The Darknet provides a service marketplace where criminals can do many of the same things that law-abiding citizens do every day. Criminals search the internet (anonymously). They exchange emails with other criminals and prospective customers, they read news on the latest opensource tools available to perform effective attacks. They even have an online marketplace where cyber-attack services can be ordered and placed into your online shopping cart. In fact, a Darknet marketplace recently advertised $7,500 to rent the now notorious Mirai botnet – the same botnet used to generate a several hundred gigabit multi-vector attack that took down the services of Amazon, BBC, HBO, Netflix, PayPal, Spotify, and many others in October 2016.