ThreatMetrix Outlines Mobile Trends and Strategies to Help Secure Development of IT Products, Continuing Alignment with National Cyber Security Awareness Month
Posted October 7, 2014
As the Annual Initiative Continues, ThreatMetrix Shows its Commitment to Building Trust by Outlining Trends in IT Mobile Security
San Jose, CA – October 7, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced trends and strategies for developing secure IT products, continuing its commitment to this year’s National Cyber Security Awareness Month (NCSAM) theme, “Our Shared Responsibility,” as well as the second week’s theme of developing secure devices.
The theme of NCSAM’s second week is “Secure Development of IT Products,” specifically calling out the need for more secure smartphones, tablets and computers. As new feature-rich IT products continue to enter the market at a rapid pace, data security and privacy are a growing concern for both businesses and consumers.
“Last month, consumers around the world stopped what they were doing to watch Apple’s announcement of the new iPhone 6 features,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Many were interested to see how the new phone handled data security and privacy issues given the celebrity iCloud password hacking incident. The good news is that more sensitive data such as photos and text are now being encrypted on the device, the bad news is that hackers are increasingly targeting user identities and passwords that can be used to decrypt that data because the weakest link is always the consumer.”
To provide evidence that IT products, specifically mobile devices, need to be created with security in mind, ThreatMetrix analyzed the anonymized data across 850 million monthly transactions in the ThreatMetrix Digital Identity Network to identify current trends in mobile. According to data from a recent ThreatMetrix Cybercrime Index™ Benchmark Report, three major trends are emerging that have significant implications for overall cybersecurity:
- Mobile usage for online commerce and transactions is increasing. Nearly 50 percent of all new account creations originate from mobile devices, and 30 to 50 percent of all banking logins come from mobile, meaning consumers are entering a lot of sensitive information through potentially insecure mobile apps and sites. Companies and brands behind those sites need to ensure frictionless onboarding experience without sacrificing security.
- There is steady growth in the number of high-risk activities originating from mobile devices. The data shows steady growth in the number of high-risk activities detected from mobile devices across The Network. These include suspicious account creation or fraudulent payments, as well as an increase in malware. While devices need to be secure, consumers must also do their part in avoiding jailbreak phones, downloading suspicious apps, and not entering their information on insecure sites and apps.
- The number of advanced apps and features on mobile phones is growing. The most recent Apple release of the iPhone 6 arguably came with the largest number of groundbreaking features consumers have ever seen in a new generation iPhone, including Apple Pay, HealthKit and HomeKit. IT product developers are all competing to release the most innovative apps and features, and consumers are jumping at the chance to be first to try them. The more embedded mobile devices are in our lives, the more attractive they become as targets for malware writers and cybercriminals.
“There are often unintended consequences of product design features, and frequently those are security flaws,” said Faulkner. “For example, some of the photos leaked in the recent celebrity nude photo scandal were a result of iPhone photos automatically backing up into iCloud. Many of the people whose photos were leaked may not have even realized they were being stored somewhere else, and much less realized that they were only protected by a simple username/password combination, which has proven ineffective in the wake of recent high profile data breaches. Developers must consider all possible security issues when designing the newest IT products and mobile devices, and top of their mind should be the assumption that the user’s identity and account is the target, not just the device and its encrypted data.”
To help IT product and application developers shoulder the burden of protecting their customers from cybersecurity, ThreatMetrix has outlined a few guidelines for them:
- Embed security into the design process and try to anticipate those unintended consequences of the newest features you’re adding. In terms of the iPhone 6, Apple has made progress on this front. For example, credit card details for Apple Pay are not stored on the device or in iCloud, so malware that intercepts traffic cannot get the credit card number.
- Don’t rely on simple logins and passwords to protect customer information. Beyond simple, easy to hack username and password combinations, developers should consider other methods through contextual and behavioral methods to authenticate identities.
- Developers cannot count on customers taking extra steps to secure their identities or transactions – particularly in the consumer market. Security must be frictionless and embedded at all layers of the information technology stack to keep consumers safe without damaging the user experience.
“Security can no longer be an afterthought, but instead an important part of the design and user experience process,” said Faulkner. “Good security, when done right, is good for business. While consumers must educate themselves on the security implications of their behavior online, specifically through mobile, businesses should be doing all that they can to protect those consumers from the back end.”
ThreatMetrix’s Platform helps many businesses that build and support mobile apps for valuable transactions to embed device context and communications into those apps. This helps to build trust without increasing barriers for the customer.
In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. The remaining the upcoming themes include:
- Week Three – Critical Infrastructure and the Internet of Things
- Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
- Week Five – Cyber Crime and Law Enforcement
ThreatMetrix will continue to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.
- ThreatMetrix Announces its ThreatMetrix Global Trust Intelligence Network Has Reached 850 Million Monthly Transactions
- Blog: Mobile Optimized Shouldn’t Mean Security Compromised
- CEO Blog Post: A New Model for Building Trust on the Internet
- ThreatMetrix Cybercrime Prevention Summit 2014
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.