The following is a guest contributed post by Ronald Sens, EMEA Director, A10 Networks

Since Mirai and its subsequent variants let the genie out of the bottle, DDoS attacks powered by the Internet of Things have become ubiquitous. As more and more IoT devices join the world’s networks – predicted by Gartner to be 24 billion by 2020 – so the potential for cybercriminals to recruit unsecured devices to botnets and wreak havoc through DDoS increases, and we see advanced multi-vector attacks that evolve in sophistication almost as fast as we can register them. Figures show that there were 7.5million DDoS attacks in 2017, with the frequency of those passing 500GBPS increasing four-fold and some notable incidents reaching as high as 1.7 TBPS. A10’s own research found that 38% of organizations said they had been affected by a DDoS attack in the last 12 months.

When the numbers are this big, the argument is over and it’s time for a reality check: DDoS attacks will be a fact of life for the foreseeable future and this has changed the economics of protection. The way for organizations to take back control is by proactively changing the conversation away from a siege mentality and toward adopting a strategic approach. Once we accept that detecting and mitigating against DDoS attacks is now part of the cost of doing business, the way is cleared to selecting the best solution.

Of course, in an ideal world, we’d all be furnished with the financial resources necessary to protect against all kinds of attacks – but I did say that this was a reality check. While A10 research found that 63% of IT professionals believe that budgets will increase in response to the evolving DDoS threat environment, there will never be enough money to go around – this is where security professionals earn their stripes. The challenge is getting the balance right between performance and budgetary limitations to identify the most appropriate and cost-effective protection for the business. There are a few signposts on the road to success that will help in the quest to establish the right solution.

Scoping tailored protection for your organization

Bear in mind that, despite that intimidating statistics, most organizations don’t face 1TBPS DDoS attacks every day of the week – if you do, then we really should talk!

The first step to identifying the right solution is to scope out the level and types of threat that you typically face and establish the level of impact that the business is willing to support. It’s not a case of one size fits all but varies depending on your organization. For example, the lifeblood of the gaming industry is zero latency; any slowdown in the network constitutes an unacceptable customer service failure.  For this kind of business – which is also a primary target for DDoS – the highest priority is performance and the price for safeguarding that is well worth paying. Such organizations should opt for the gold standard of a proactive asymmetric deployment that delivers always-on protection, detecting and mitigating attacks in less than a second.

In other sectors, where latency is less of a mission-critical issue and volumetric attacks are less frequent, it might be advisable to trade a slight slowdown for a lower cost solution. After all, you don’t need a sledgehammer to crack a nut.

The best of both worlds – hybrid cloud DDoS protection

Of course, just because an organization doesn’t typically face volumetric attacks, that doesn’t mean that it never will. Cloud hybrid DDoS protection allows full visibility and precision to manage more sophisticated attacks or those that come into the “slow and low” category with on-premise appliances, but when a volumetric attack exceeds the organisation’s internet bandwidth capacity traffic is redirected to the cloud to be scrubbed and legitimate traffic allowed through. This mitigates the effect of the attack for as long as it persists and keeps systems available. It’s the equivalent of having that sledgehammer in your back pocket, just in case you need it.

One thing to note when selecting a hybrid solution is that you want to find a provider that charges based on the legitimate traffic that the cloud scrubbing lets through – maintaining your business systems availability – rather than on the volume of attack traffic that is stopped, otherwise you could find yourself signing a blank cheque at the mercy of the botnet.

In order to guarantee enterprises seamless hybrid DDoS protection, here at A10 Networks we have partnered with VeriSign to create A10 DDoS Protection Cloud. This means that customers are protected by the surgical precision of the A10 Thunder® 1040 TPS appliance to combat network-based, application layer and slow and low attacks, combined with cloud scrubbing capabilities powered by VeriSign’s cloud-based DDoS Protection Service when it’s needed to combat volumetric attacks.

Physical footprint

Coming down from the cloud, a more prosaic consideration is the space and support requirements for on-premise DDoS systems. How much space, power, cooling, monitoring and management will your appliances require? You’re effectively looking for as much performance as possible with the smallest possible footprint so that TCO is kept low – small yet powerful is the key here.

Bring intelligence to bear against DDoS attackers

Perhaps one of the most positive ways to be proactive about handling DDoS is to make use of threat intelligence services that are available to keep you and your systems up to speed on the evolving threat environment. They use intelligence gained from previous attacks on other targets to make changes aimed at preventing the same strategy succeeding in future. Threat intelligence services can include tailored malicious IP catalogues, protection against known botnets, custom traffic allocation via black and white lists and mitigation against inside bots communicating with outside command and control servers. Specific responses can be appropriate to specific industries, e.g. banking and healthcare industries would find it prudent to blacklist millions of IP-enabled cameras from accessing their applications.

Seizing back the initiative and viewing DDoS protection as a necessary and strategic element of business operations is a critical step in gaining an advantage over cyber-adversaries. In a world where DDoS attacks are inevitable, it’s time for organizations to get proactive and deploy solutions tailored to meet the threat environment that they are likely to face for the foreseeable future. Security professionals who want to learn more about how to gain an advantage over DDoS threats are invited to join us at The Shard, London on the 29^th of May 2018 where we’ll be looking at how organizations can balance protection, performance and budgets.

The post Op-Ed: It’s Time to be Proactive with DDoS Protection appeared first on Mobile Marketing Watch.

An innovator in next-generation cybersecurity solutions, the company says its study is based on responses to a September 2017 survey.

The findings indicate that 54 percent of IoT device owners do not use a third-party security tool to protect their devices from outside threats. In addition, more than one-third (35 percent) do not change the default password on their devices, leaving them vulnerable to attacks.

The proliferation of IoT devices in 2017 has been staggering, with 8.4 billion devices currently in use, and a total of 25 billion devices projected by 2020. As the use of these devices continues to increase, so do the associated risks. By 2020, it is estimated that 25% of cyber attacks will target IoT devices.

“It’s clear that the IoT phenomenon has resulted in manufacturers and consumers not taking security seriously enough,” said Allan Zhang, CEO and co-founder of Trustlook. “Our advice would be to add security at the earliest stages of development, as well as layer on additional security measures once devices are in production.”

Want to know more? Check out the study here.

The post Study: More Than Half of IoT Owners Don’t Use Additional Security appeared first on Mobile Marketing Watch.

The app in question ensures the safety of children in today’s digital environment.

Swantry provides a comprehensive suite of tools for ensuring child safety, including geo-fencing, curfew settings, a versatile messenger app that aims to stop cyberbullying, real time notifications and alarms, designation of trusted contacts, and allowing only trusted apps to be downloaded on the smartphone.

We’re told that settings are customized based on a family’s needs and preferences, fostering dialogue and trust between parents and children around the important subject of safety in a digital world.

The app is designed with two interfaces – one for parents and one for children – to allow parents to stay involved and aware. Swantry uses Paranotek’s military-grade, proprietary encryption technology to ensure the security of the users’ data. User data is never collected, stored or shared, giving the user total privacy protection.

“Swantry empowers children to utilize smart devices and digital services responsibly and stay within safe limits, without compromising their ability to use the phone for learning, playing and communicating,” says Brad Listermann, Chairman and CEO of WorldFlix. “It is a must-have app for parents to get peace of mind, as well as for children to stay safe in the digital world.”

A new comprehensive video highlighting the key features of Swantry can be viewed here.

The post Swantry App Boosts Mobile Security for Most Vulnerable Users appeared first on Mobile Marketing Watch.

So, among other considerations following the announcement, how exactly will this latest news further erode Yahoo’s reputation?

“Alertsec’s brand value research demonstrates just how difficult it will be for Yahoo’s brand to recover from this breach,” Ebba Blitz, CEO of encryption provider Alertsec, said in a statement to MMW.

“Customers who are affected by data breaches suffer a significant loss of trust, and this is particularly true of men,” he adds, citing his company’s recent study showing that nearly one in three Americans said it would take them several months to begin trusting a company like Yahoo again following a data breach.

“Twenty-two percent said it would only take them a month to forgive, but 17 percent of men and 11 percent of women said their trust would be permanently lost,” he says, noting that men “are also more likely to switch to a competitor following a data breach than are women.”

To learn more about Alertsec and encryption software, click here.

The post How Does the Latest Yahoo Data Breach Impact The Company’s Reputation? appeared first on Mobile Marketing Watch.

Apparently, the heist couldn’t have been any simpler if it had been drawn up in the lunch line at an elementary school cafeteria.

In February, Bangladesh’s central bank saw $81 million disappear out a virtual window. Now it’s been revealed that, although the computer hackers used custom-made malware, they probably didn’t need to work up a cyber sweat while pulling off their long-distance theft. The bank had no firewalls to defend against intruders and its computers were linked to global-financial networks through second-hand routers that cost $10.

“It’s stunning that a major institution would leave itself so defenseless in this day and age when everyone should know that cyber criminals are waiting for you to let your guard down,” says Gary S. Miliefsky, CEO of SnoopWall, a company that specializes in cyber security.

But he says the episode can serve as a cautionary tale for other banks and any businesses that want to protect themselves against today’s cyber versions of Bonnie and Clyde.

“Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” Miliefsky says. “Often on the hackers’ end of things, it just takes patience.”

For example, he says, a cyber criminal can gain access by sending a company an email with an attachment called a Remote Access Trojan, or RAT, that looks like a normal file. All it takes is for an unsuspecting employee to open that file and, voila, security is compromised.

That’s bad for companies, of course, but it’s also bad for consumers, whose bank account, credit card and other private information is at risk.

Miliefsky says it’s important to go on the offensive. Among his recommendations:

• Employers need to train their staffs. Those employees sitting at their computers each day are a company’s first line of defense. An errant click on the wrong email is like unlocking the front door, so employees should be made aware of the dangers and told what do about suspicious email.
• Companies should routinely update their defenses. Outdated technology and outdated security software make a company’s computers vulnerable to attack. It’s important that businesses periodically review their IT operations to make sure what worked last year still provides the needed security.
• Consumers must take their own safety measures. It would be nice to expect banks and retailers to protect consumer information, but the average person can’t count on that. Miliefsky suggests consumers take personal security measures such as frequently changing passwords and deleting any phone apps they don’t use. Many apps contain malware that can spy on you.

“Most people log onto the internet every day without much thought about how susceptible they are to being hacked,” Miliefsky says. “It takes vigilance to protect yourself against cyber criminals who are working hard to figure their way around security measures.”

The post How Banks, Other Businesses Can Avoid Becoming Cyber-Crime Victims appeared first on Mobile Marketing Watch.

Since deploying the app, we’re told that Security First Insurance has seen a 195 percent increase in average monthly new users and a 140 percent increase in online payments.

So how does it all work? According to a statement emailed to MMW:

To help Security First Insurance improve customer engagement, provide differentiated service in a competitive business environment and easily communicate personalized price savings to customers and prospects, PointSource, a mobile design and development firm specializing in digital transformation and IBM Premier Business Partner, created a seamless, user-focused experience across all platforms including a new Security First Mobile app based on the IBM MobileFirst platform.

“To stay competitive and drive customer loyalty in the highly competitive home insurance industry, we felt it was imperative to provide a seamless mobile experience that not only delivers on our customers’ specific needs, but also provides a differentiating value to all Floridians,” said Marissa Buckley, Vice President of Marketing, Security First Insurance. “The Security First Mobile app built on IBM MobileFirst platform does that by offering users the functionality they want, when they want it.”

The IBM MobileFirst platform is available on-premises or in the cloud. To learn more about IBM MobileFirst, check out www.ibm.com/mobilefirst

The post Report: Security First Insurance Boosts Mobile Customers appeared first on Mobile Marketing Watch.

While each industry faces unique challenges and opportunities in terms of fraud vectors and fraud prevention, Mercator’s primary research conducted comprehensive interviews with fraud management executives revealed certain commonalities across industries.

The white paper, Security Challenges in Digital Challenges: Fraud Professional Weigh In, provides insight into:

• The growing number of data breaches in the United States is increasing the ability of fraudsters to gain identity information and account access information—and creating new risks for service firms;
• Multi-layered authentication protocols are critical for assuring the success of identity verification and fraud management strategies as well as preserving a positive user experience for customers; and
• Mobile account acquisition, opening and self-service are important focus areas for investments in fraud management technologies.

The research also contains executive briefs focusing on each industry. The briefs and white paper can be downloaded here.

“Identity fraud is an evolving risk that affects many industries and technologies,” said John Dancu, chief executive officer of IDology. “Today, companies are struggling to balance security and authentication with the need to deliver a customer-friendly experience with little to no friction, especially given that the mobile and online channels are increasingly targeted by fraudsters and the growing consumer adoption of these channels,” said Dancu.

“The research shows that, with the rise of mobile devices being utilized to access accounts across many consumer-facing industries, mobile security needs to be a top priority for organizations as the mobile channel is the next battleground being used by cyber criminals,” said Dancu.

“While we continue to develop multi-layered and innovative fraud prevention solutions, fraudsters are also adapting their strategies and discovering new methods to attack sensitive personal, financial and healthcare data. To combat fraudsters, it is imperative for organizations to employ robust, layered identity verification and fraud prevention solutions that are optimized for these channels. We hope this research educates risk professionals in all industries and furthers the dialogue within the fraud prevention community that as consumers change habits, our view of fraud prevention should change with them,” said Dancu.

Want to learn more? Check out the free white paper, Security Challenges in Digital Challenges: Fraud Professional Weigh, and industry-specific executive briefs here.

The post Identity Fraud Shifting User Preference within Mobile and Online Channels appeared first on Mobile Marketing Watch.

Radware commissioned Harris Poll to conduct the survey online among more than 2,000 U.S. adult consumers.

The survey was designed to gauge opinions on cloud-based apps and services and their usage.

Consumers often don’t realize that the applications they depend upon daily live in the cloud and therefore many may be unaware of the threat of breach to their personal data. Over two-thirds (67%) of Americans say they don’t currently use cloud-based applications. Meanwhile, cloud-based mobile apps continue to grow in popularity.

While 87% of consumers say they believe cloud applications could be hacked; 58% of cloud-based app/service users say they are worried about the security of their personal data should the service get hacked.

“Data breaches and hacks are not only on the rise, they are becoming commonplace,” says Ben Desjardins, Director of Security Solutions Marketing at Radware. “At the same time, cloud-based apps are booming, offering convenient ways to expedite and simplify daily needs from ordering a meal to requesting a car with the tap of a finger. Consumers by and large don’t understand the cloud-based nature of what’s behind the tap, and so companies trying to engage with customers through these apps will bear the burden of education and remediation in the event of a data breach.”

The post New Survey Reveals Consumer Concerns About the Cloud appeared first on Mobile Marketing Watch.

“Experian has suffered a major data breach,” CNN confirmed.

We’re told, quite alarmingly, that those behind the breach likely procured an array of data — the personal information of approximately 15 million people, all of whom reportedly applied for T-Mobile’s service during the month of September.

Anyone who applied for a regular T-Mobile USA postpaid plan between Sept. 1, 2013 and Sept. 16, 2015 might be affected. T-Mobile used Experian, one of the three major credit bureaus, to conduct credit checks on its customers.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” T-Mobile CEO John Legere said last night. “I take our customer and prospective customer privacy VERY seriously.”

To read the full report from CNN, click here.

The post Experian, T-Mobile Data Breach Draws Concern and Anger appeared first on Mobile Marketing Watch.

Bluebox Security, a mobile app security and analytics company, has just released findings from its 2015 Travel App Security Study that highlight the deficient security stance of the top 10 most popular mobile apps for travel in both Android and iOS devices.

And the findings are nothing short of unnerving.

Bluebox’s research of more than a dozen security parameters revealed critical flaws present in all of the apps examined.

Travel apps, and consumer-facing apps in general, have changed significantly in recent years to make life easier for the consumer, with frequent updates to enhance usability and features. But in too many cases rapid advancements in these apps have completely overlooked security, increasingly creating numerous points of entry for attackers to access sensitive data.

“All of the apps we reviewed could be modified and changed to act in ways other than what the developers intended, putting sensitive information at risk regardless of device,” said Andrew Blaich, lead security analyst at Bluebox Security. “Data must be protected at the application level and security should be integrated into the development process. Without it, users — enterprise employees and consumers alike — could suffer damaging loss of important and personal information.”

To review these and other findings from the organization’s 2015 Travel App Security Study, click here.

The post ‘Inadequate Security’ Uncovered Among Popular Travel Apps appeared first on Mobile Marketing Watch.