While it may sound surprising, many mobile apps leak user data to anybody ready to receive it. While some free apps rely on being able to harvest and resell such user data, other paying apps, some of them from highly reputable brands, are simply careless about the user IDs, passwords, user profile information, and other information they ask for via mobile permissions. And even consumer user IDs and passwords can move hackers a step along to getting into business systems. Here’s why.
The danger of leaky mobile apps may be indirect, but it is still very real.
The bedrock of the insurance industry is quaking. For decades, large North American insurers got bigger by dominating distribution and methodically mastering information technology. But the confluence of changing customer demands, hundreds of insuretech startups and non-traditional competitors sniffing around the business of insurance is messing up the long-standing insurance equilibrium. Insurance carriers--and their agents and brokers--must go digital or go bust.
During the second half of 2016, my fellow Forrester analyst, Oliwia Berdak and I interviewed digital business strategy executives with traditional insurers and hot startups around the globe to get their take on the role that digital will play in the business of insurance over the coming decade. What were the big takeaways from our conversations? Consider that:
Attention to America’s immigration policies has intensified recently, with politicians and citizens wrangling over whether and how to control the number of foreigners entering the country. Emergency managers, however, largely don’t believe immigration is their issue. Except, in a sense, it is.
“I don’t see why or how [immigration] really relates to emergency management, which is distinct from homeland security,” said hazmat and emergency management logistics lecturer Bob Jaffin. “Why would that even come up … in a situation that is an emergency?”
That sentiment holds true when evaluating the black-and-white definition of emergency management, but shades of gray exist in a number of areas. Immigration affects emergency managers in roundabout manners; instead of focusing on direct involvement — such as enforcement or policymaking — they attend to indirect effects, such as language barriers and population shifts.
The Business Continuity Institute
Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and education, warns Verizon's latest Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cyber criminals. Nearly 2,000 breaches were analyzed in this year’s report and more than 300 were espionage-related, many of which started life as phishing emails.
In addition, organized criminal groups have escalated their use of ransomware to extort money from victims with this year’s report showing a 50% increase in ransomware attacks compared to last year. Despite this increase and the related media coverage surrounding the use of ransomware, many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.
“Insights provided in the DBIR are leveling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”
Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute's latest Horizon Scan Report. It is for this reason that it was chosen as the theme for Business Continuity Awareness Week 2017 with the intention of improving an organization's overall resilience by enhancing its cyber resilience, and recognising that people are key to achieving this.
“Cyber attacks targeting the human factor are still a major issue,” says Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. “Cyber criminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”
With 81% of hacking-related breaches leveraging either stolen passwords and/or weak or guessable passwords, getting the basics right is as important as ever before. Some recommendations for organizations and individuals alike include:
- Stay vigilant - log files and change management systems can give you early warning of a breach.
- Make people your first line of defence - train staff to spot the warning signs.
- Keep data on a “need to know” basis - only employees that need access to systems to do their jobs should have it.
- Patch promptly - this could guard against many attacks.
- Encrypt sensitive data - make your data next to useless if it is stolen.
- Use two-factor authentication - this can limit the damage that can be done with lost or stolen credentials.
- Don’t forget physical security - not all data theft happens online.
“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cyber criminals who will move on to look for an easier target," concludes Sartin.
Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.
Indeed, Jeff Bezos, founder of Amazon.com, declared, ‘‘We start with the customer and we work backward.
We learn whatever skills we need to service the customer.’’
It seems like business continuity planners could take a leaf out of the marketing playbook and ask customers what they would like to see in terms of their provider’s business continuity.
But is that enough?