main

Application SecurityMobile DataMobile SecuritySecurity

Growing Your Business: Millennials and M-Commerce

December 6, 2018 — by Mike O'Malley0

mcommerce-960x640.jpg

Millennials are the largest generation in the U.S. labor force—a position they’ve held since 2016—and they’re involved in the majority (73%) of B2B purchasing decisions. Raised in the age of the Internet, they’re digital natives and easily adopt and adapt to new technologies. And mobile apps are their lifelines.

Why does this matter? Well, when you combine Millennials’ tech savviness with their business acumen, their clout in a digital economy comes into focus. As both decision-makers and connoisseurs of mobile technology, they can make or break you in a low-growth economy if your business model doesn’t square with their preferences.

In other words, if you’re not embracing mobile commerce, you may soon be ancient history. This generation has little-to-no use for brick-and-mortar storefronts, banks, etc., instead preferring to use apps for shopping, financial transactions and more.

Of course, making m-commerce a linchpin of your business model isn’t risk free; cybersecurity concerns are of critical importance. Increasingly, personal data protection is tied directly to consumer loyalty to a particular brand, and Millennials in particular care about how their data is used and safeguarded.

You Can’t Rush Greatness

While Millennials are renowned for an “I want it fast, and I want it now” attitude (which explains why 63% of them use their smartphone to shop every day, versus trekking to a store), the biggest mistake you can make is overlooking security in a rush to roll out a mobile strategy.

The fact is, vulnerabilities on m-commerce platforms can result in severe financial impacts; the average cost of a corporate data breach is $3.86 million. If a mobile app or mobile responsive e-commerce site is hit by an application attack, for example, short-term profit loss (which can escalate quickly) and longer-term reputation loss are serious risks. And as we move into 2019, there are several mobile security threats that we need to take seriously.

[You may also like: Are Your Applications Secure?]

Baking cybersecurity into your mobile strategy—as a core component, not an add-on—is, without question, necessary. The reason is manifold: For one thing, mobile devices (where your app primarily lives) are more susceptible to attacks. Secondly, mobile commerce websites are often implemented with a web application firewall to protect it.  Thirdly, Millennials’ reliance on m-commerce, both as B2B and B2C consumers, means you stand to lose significant business if your app or website go “down.” And finally, Millennials are security conscious.

Securing the Secure Customer Experience

So how can you help ensure your m-commerce platform, and thereby your Millennial customer base, is secure? A number of ways:

  • Guard your app’s code from the get-go. Test the code for vulnerabilities, ensure it’s easy to patch, and protect it with encryption.
  • Consider a Web Application Firewall (WAF) to secure your APIs and your website.
  • Run real-time threat analytics.
  • Be mindful of how customer data is stored and secured. (Don’t pull an Uber and store data unencrypted!)
  • Patch often. Because security threats evolve constantly, so must your security patches! Just ask Equifax about the importance of patching…

[You may also like: Growing Your Business: Security as an Expectation]

Of course, this isn’t an exhaustive list of proactive security measures you can take, but it’s a good start. As I’ve said time and time again, in an increasingly insecure world where security and availability are the cornerstones of the digital consumer, cybersecurity should never be placed on the back burner of company priorities. Don’t wait for an attack to up your security game. At that point, trust is broken with your Millennial customer base and your business is in trouble. Be proactive. Always.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Mobile SecuritySecurity

Cybersecurity for the Business Traveler: A Tale of Two Internets

November 27, 2018 — by David Hobbs0

travel-960x506.jpg

Many of us travel for work, and there are several factors we take into consideration when we do. Finding the best flights, hotels and transportation to fit in the guidelines of compliance is the first set of hurdles, but the second can be a bit trickier: Trusting your selected location. Most hotels do not advertise their physical security details, let alone any cybersecurity efforts.

I recently visited New Delhi, India, where I stayed at a hotel in the Diplomatic Enclave. Being extremely security conscious, I did a test on the connection from the hotel and found there was little-to-no protection on the wi-fi network. This hotel touts its appeal to elite guests, including diplomats and businessmen on official business. But if it doesn’t offer robust security on its network, how can it protect our records and personal data?  What kind of protection could I expect if a hacking group decided to target guests?

[You may also like: Protecting Sensitive Data: A Black Swan Never Truly Sits Still]

If I had to guess, most hotel guests—whether they’re traveling for business or pleasure—don’t spend much time or energy considering the security implications of their new, temporary wi-fi access. But they should.

More and more, we are seeing hacking groups target high-profile travelers. For example, the Fin7 group stole over $1 billion with aggressive hacking techniques aimed at hotels and their guests. And in 2017, an espionage group known as APT28 sought to steal password credentials from Western government and business travelers using hotel wi-fi networks.

A Tale of Two Internets

To address cybersecurity concerns—while also setting themselves apart with a competitive advantage—conference centers, hotels and other watering holes for business travelers could easily offer two connectivity options for guests:

  • Secure Internet: With this option, the hotel would provide basic levels of security monitoring, from virus connections to command and control infrastructure, and look for rogue attackers on the network. It could also alert guests to potential attacks when they log on and could make a “best effort.”
  • Wide Open Internet: In this tier, guests could access high speed internet to do as they please, without rigorous security checks in place. This is the way most hotels, convention centers and other public wi-fi networks work today.

A two-tiered approach is a win-win for both guests and hotels. If hotels offer multiple rates for wi-fi packages, business travelers may pay more to ensure their sensitive company data is protected, thereby helping to cover cybersecurity-related expenses. And guests would have the choice to decide which package best suits their security needs—a natural byproduct of which is consumer education, albeit brief, on the existence of network vulnerabilities and the need for cybersecurity. After all, guests may not have even considered the possibility of security breaches in a hotel’s wi-fi, but evaluating different Internet options would, by default, change that.

[You may also like: Protecting Sensitive Data: The Death of an SMB]

Once your average traveler is aware of the potential for security breaches during hotel stays, the sky’s the limit! Imagine a cultural shift in which hotels were encouraged to promote their cybersecurity initiatives and guests could rate them online in travel site reviews? Secure hotel wi-fi could become a standard amenity and a selling point for travelers.

I, for one, would gladly select a wi-fi option that offered malware alerts, stopped DDoS attacks and proactively looked for known attacks and vulnerabilities (while still using a VPN, of course). Wouldn’t it be better if we could surf a network more secure than the wide open Internet?

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

Mobile SecuritySecurity

Online Security Concerns Split UK Black Friday Shoppers

November 14, 2018 — by Radware1

AdobeStock_227289527-960x391.jpg

Shopping online on Black Friday Weekend can be a great way of getting the best deal as retailers slash prices across their range. But as security risks mount and hackers continue to target consumers’ personal data, could shoppers turn their backs on online stores and return to more traditional, secure methods?

To understand UK consumers’ attitudes to shopping online at Black Friday and how they balance security with convenience, Radware sought the opinions of 500 UK adults. The results show that an overwhelming majority—more than 70%—of UK consumers do not think companies are doing enough to protect their personal data on Black Friday. In fact, over 10% reported that they had personally been affected by a data breach.

As a result, 45% of respondents said they would not be shopping online, including 32% who said they would visit a physical store instead.

Security v. Convenience

The fear of having personal data compromised while shopping online is undeniable: 40% of UK consumers plan to change their online habits during Black Friday, including 25% who will reportedly only shop with well-known brands or will check that the website is secure before making a purchase.

These security concerns have resulted in a split approach to Black Friday shopping. 55% of the survey respondents stated that convenience, price or home delivery was worth the potential risk, while the remaining 45% preferred to avoid online shopping, including 32% who said they would visit a physical store instead. And for those aged 55 and older, more than 25% stated they would rather order by telephone.

The research shows that many consumers are aware of the risks of online shopping, and while some are willing to accept this for convenience and price, others are avoiding online shopping altogether. Organisations, especially retailers, need to invest in strong cybersecurity if they want to increase trust and attract new customers at key trading periods.

[You may also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Data Culture

The research found that 12% of respondents had been the victim of a data breach, and this figure rose to 17% when including respondents who had received an alert from their bank that an attempt had been stopped.

While all age groups were affected by data breaches, those under 35 are more likely to utilize identity check websites and even the Dark Web in order to confirm whether their data has been breached.

Respondents were generally open about sharing their experiences online, with 44% saying they would tell a friend if they fell for a scam online to help them avoid the same fate. A further 16% said they would ask for help while 7% would try to solve any problems themselves. Only 3% would keep quiet out of embarrassment.

[You may also like: Millennials and Cybersecurity: Understanding the Value of Personal Data]

Connected Threats

With Internet-connected devices expected to be top-sellers this Black Friday, Radware also considered consumers’ opinions of connected devices and the threats they pose.

When asked who has responsibility for keeping connected devices secure, almost 40% responded that it was their personal responsibility. A further 20% said security was up to their Internet service provider, while 7% hold the device manufacturer responsible.

Only 3% placed responsibility with the UK Government, despite the recent creation of a voluntary Code of Practice aimed at consumer products, developed by the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC).

[You may also like: Growing Your Business: Security as an Expectation]

Opinions were again split on the risks of connected devices, with 52% saying security threats were outweighed by convenience, including 36% who said devices make their lives easier.

However, when told that unsecure devices could be used to spy or listen on owners, 25% were shocked it was even possible, 21% said they would put off using the devices, and 18% said they felt nervous in their own home.

While personal opinions vary regarding security vs. convenience, the overall sentiment is one of low trust in online retailers. At such a crucial shopping time of year, retailers must proactively convince consumers that their digital shopping experience is secure. In fact, security should be leveraged as a selling point to demonstrate that customer data safety takes priority over sales on Black Friday. Retailers that secure the customer experience and ensure customer data is safe will be the winners not only on Black Friday, but all year round.

METHODOLOGY: The survey was completed by Radware via a Google Survey conducted in November 2018 among a sample of 500 UK adults.

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks

August 28, 2018 — by Louis Scialabba3

cyborg_iot_5g-960x432.jpg

The development and onset of 5G networks bring a broad array of not only mobile opportunities but also a litany of cybersecurity challenges for service providers and customers alike. While the employment of Internet of Things (IoT) devices for large scale cyberattacks has become commonplace, little has been accomplished for their network protection. For example, research by Ponemon Institute has found that 97% of companies believe IoT devices could wreak havoc on their organizations.

With hackers constantly developing technologically sophisticated ways to target mobile network services and their customers, the rapidly-approaching deployment of 5G networks, combined with IoT device vulnerability has created a rich environment for mobile network cyberattacks.

[You might also like: The Rise of 5G Networks]

Forecast Calls for More Changes

Even in today’s widespread use of 4G networks, network security managers face daily changes in security threats from hackers. Just as innovations for security protection improve, the sophistication of attacks will parallel. Cybersecurity agency ENISA forebodes an increase in the prevalence of security risks if security standards’ development doesn’t keep pace.

Add in research company Gartner’s estimate that there will be 20.4 billion connected devices by 2020, hackers will have a happy bundle of unprotected, potential bots to work with. In the new world of 5G, mobile network attacks can become much more potent, as a single hacker can easily multiply into an army through the use of botnet deployment.

Separating the Good from the Bad

Although “bot traffic” has an unappealing connotation to it, not all is bad. Research from Radware’s Emergency Response Team shows that 56% of internet traffic is represented by both good and bad bots, and of that percentage, they contribute almost equally to it. The critical part for service providers, however, is to be able to differentiate the two and stop the bad bots on their path to chaos.

New Technology, New Concerns

Although 4G is expected to continue dominating the market until 2025, 5G services will be in demand as soon as its rollout in 2020 driven by features such as:

  • 100x faster transmission speeds resulting in improved network performance
  • Lower latency for improved device connections and application delivery
  • 1,000x greater data capacity which better supports more simultaneous device connections
  • Value-added services enabled by network slicing for better user experience

The key differentiating variable in the composition of 5G networks is its unique architecture of the distributed nature capabilities, where all network elements and operations function via the cloud. Its flexibility allows for more data to pass through, making it optimal for the incoming explosion of IoT devices and attacks, if unsecured. Attacks can range from standard IoT attacks to burst attacks, even potentially escalating to smartphone infections and operating system malware.

[You might also like: Can You Protect Your Customers in a 5G Universe?]

5G networks will require an open, virtual ecosystem, one where service providers have less control over the physical elements of the network and more dependent on the cloud. More cloud applications will be dependent on a variety of APIs. This opens the door to a complex world of interconnected devices that hackers will be able to exploit via a single point of access in a cloud application to quickly expand the attack radius to other connected devices and applications.

Not only are mobile service providers at risk, but as are their customers; if not careful, this can lead to more serious repercussions regarding customer loyalty and trust between the two.

A Slice of the 5G Universe

Now that the new network technology is virtualized, 5G allows for service providers to “slice” portions of a spectrum as a customizable service for specific types of devices. Each device will now have its own respective security, data-flow processes, quality, and reliability. Although more ideal for their customers, it can simultaneously prove to be a challenge in satisfying the security needs of each slice. Consequently, security can no longer be considered as simply an option but as another integral variable that will need to be fused as part of the architecture from the beginning.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: The Rise of 5G Networks

August 16, 2018 — by Louis Scialabba2

rise-5g-networks-iot-cybersecurity-960x640.jpg

Smartphones today have more computing power than the computers that guided the Apollo 11 moon landing. From its original positioning of luxury, mobile devices have become a necessity in numerous societies across the globe.

With recent innovations in mobile payment such as Apple Pay, Android Pay, and investments in cryptocurrency, cyberattacks have become especially more frequent with the intent of financial gain. In the past year alone, hackers have been able to mobilize and weaponize unsuspected devices to launch severe network attacks. Working with a North American service provider, Radware investigations found that about 30% of wireless network traffic originated from mobile devices launching DDoS attacks.

Each generation of network technology comes with its own set of security challenges.

How Did We Get Here?

Starting in the 1990s, the evolution of 2G networks enabled service providers the opportunity to dip their toes in the water that is security issues, where their sole security challenge was the protection of voice calls. This was resolved through call encryption and the development of SIM cards.

Next came the generation of 3G technology where the universal objective (at the time) for a more concrete and secure network was accomplished. 3G networks became renowned for the ability to provide faster speeds and access to the internet. In addition, the new technology provided better security with encryption for voice calls and data traffic, minimizing the impact and damage levels of data payload theft and rogue networks.

Fast forward to today. The era of 4G technology has evolved the mobile ecosystem to what is now a mobile universe that fits into our pockets. Delivering significantly faster speeds, 4G networks also exposed the opportunities for attackers to exploit susceptible devices for similarly quick and massive DDoS attacks. More direct cyberattacks via the access of users’ sensitive data also emerged – and are still being tackled – such as identity theft, ransomware, and cryptocurrency-related criminal activity.

The New Age

2020 is the start of a massive rollout of 5G networks, making security concerns more challenging. The expansion of 5G technology comes with promises of outstanding speeds, paralleling with landline connection speeds. The foundation of the up-and-coming network is traffic distribution via cloud servers. While greatly benefitting 5G users, this will also allow attackers to equally reap the benefits. Without the proper security elements in place, attackers can wreak havoc with their now broadened horizons of potential chaos.

What’s Next?

In the 5G universe, hackers can simply attach themselves to a 5G connection remotely and collaborate with other servers to launch attacks of a whole new level. Service providers will have to be more preemptive with their defenses in this new age of technology. Because of the instantaneous speeds and low lag time, they’re in the optimal position to defend against cyberattacks before attackers can reach the depths of the cloud server.

2018 Mobile Carrier Ebook

Discover more about what the 5G generation will bring, both benefits and challenges, in Radware’s e-book “Creating a Secure Climate for your Customers” today.

Download Now

Attack MitigationData CenterMobile Security

The Radware Executive Exchange 2012: A Recap from Tel Aviv

November 19, 2012 — by Sharon Trachtman2

It’s not everyday you can get 300 intelligent, motivated and successful IT executives all in one place. But this past week at the Radware Executive Exchange, we saw administrators from all over the globe travel to Tel Aviv, Israel to discuss the latest application delivery controllers, data center evolution and attack mitigation offerings from Radware.

In three days, there was a mixture of IT presentations, as well as a number of breakout sessions, where customers could see the latest technology and tools offered by Radware, first hand.

Mobile DataMobile SecurityService Provider

Mobile World Congress 2012: When Intermingling Smartphones, IP phones, POTS lines and more, how do you maintain consistent quality of service?

February 27, 2012 — by Meryl Robin0

It’s all in the delivery of the applications traversing the network. Visit Radware at the IMA partner booth (Hall 6 – C50)

Remember when you picked up the phone and could count on a dial tone and a clear connection? Voice communication was called a telephone; the service was POTS (plain old telephone service), and we dealt with only one provider — the telephone company that leased you the line and the equipment.

Application SecurityAttack MitigationBotnetsBrute Force AttacksBusiness ContinuityCloud ComputingComplianceDDoS AttacksHTTP Flood AttacksMobile SecurityPhishingSecurity VirtualizationSEIMVoIPWAN OptimizationWeb Application FirewallWire-line

Lesson Learned: ISPs & CDNs aren’t enough for Anti-DDoS

January 18, 2012 — by Carl Herberger5

Well, I suppose that many in the Hacktivist world have resolved that 2012 would be a ‘breakout’ year for them as the level of attack activity is above the record setting year of 2011’s Cyber Attacks! Whether it is the Anonymous Group joining the Occupy Wall Street protesters to launch cyber attacks on major financial institutions in New York, or the Nightmare group, working with the hacker “0xOmar” to escalate their cyber war against Israel, cyber attacks have become the weapon of choice for ‘hacktivists’ seeking to leverage the impact of conflicts and social protests.

Mobile SecuritySecurityService Provider

Top Things Your Service Provider Needs to Know About Security

July 28, 2011 — by Nir Ilani0

So far, when one mentioned mobile security, it meant two possible security attack vectors. They were either attacks at the network perimeter – such as high-volume Denial of Service (DoS) attacks at the network level – or attacks at the critical-infrastructure level (RADIUS, Diameter, LDAP servers, etc.) – which means targeted DNS or HTTP traffic attacks. Well, the mobile security landscape is now changing, introducing a new attack vector – mobile clients!