Company leaders and devs have clear reasons to worry about their online security as entire industries goes mobile, and as unauthorized access is one of the most commonly used attack categories this year. Some breaches go unreported, others even unknown.
What industries are targeted?
Commercial planes are at stake. Because the advanced cockpits are now wired into the same Wi-Fi system as the ones passengers use, the Government Accountability Office states that hundreds of planes could be vulnerable. Are redundancy mechanisms and a firewall separating the electronics enough?
This spring reported on cybersecurity expert Chris Roberts alleged aircraft hacks during domestic flights as a way to prove the point of vulnerabilities that needs to be fixed. Roberts claims to have hacked into planes 15-20 times, going through their in-flight entertainment system, accessing cockpit to monitor traffic, overwriting code and even causing the aircraft to move off course. The possibility has been questioned, and denied by Boeing, but the U.S Federal Aviation Administration begs to differ.
As a passenger, it’s a great thing being able to connect while flying! However, sky safety should stay uncompromised as top priority.
Simultaneously as the U.S. is shifting to a safer chip card technology, Apple Pay, Google Wallet, and Android Pay are all entering the market as tap-to-pay solutions – a subcategory to the emerging mobile payment market – where experts advise users to get familiar with the security functions before using the services.
The traditional banks are adapting to the trend as well: a recent study from Bank of America tells us that more than 6 in 10 mobile banking app users access their banking apps several times a week. However, as mobile wallets and connectivity in banking increase, the vulnerability does too. Most recent and profound is the Carbanak example where a group of cybercriminals, starting in 2013, has managed to transfer as much as $1 billion from banks in dozens of countries worldwide, using the Carbanak malware. How’s the industry responding?
Military finance company USAA is a forerunner in user security, implementing biometric logon such as voice recognition on their mobile app, as a step in their efforts of enhancing in-app member experience and security.
Mastercard is also flexing its muscles, investing over $20 million in tech enhancements related to cybersecurity. For instance, MasterCard SafetyNet, a layer that intervenes in extreme cases of fraudulent activity, is being launched this spring, and pilots of biometric authentication and verification (again including voice) are soon being tested as prominent methods for protecting user data. MasterCard further assures “peace of mind” through features such as identity theft alerts and chip cards.
In the future, greater innovations for disrupting the world’s payment networks may call for companies to rethink security once again: the number of daily bitcoin transactions are increasing substantially, calling for discussions around transparency and accountability. But for now, mobile security is finally top-of-mind in most finance companies, and they’re not the only ones in need of protection…
Sticking to the f-word, food chains makes a great example of an industry that requires adaption to the new era of mobile payments, and therefore gets affected by its vulnerabilities. McDonald’s, KFC, Subway and Dunkin Donuts are just a few examples of food chains disrupting the meaning of fast food, speeding up to payment process with mobile solutions.
However, account takeovers and other ways of capitalizing on user accounts shows up everywhere. To exemplify, Starbucks has been criticized for not taking their app security seriously (e.g. not using Two Factor Authentication), resulting in hacking attempts for unlimited coffee and worse, claimed possibilities of stealing hundreds of dollars in a matter of minutes, by using the Starbucks auto-reload function.
Food chains in general, and Starbucks in particular, exemplifies a universal concern that affects every company in the B2C market with mobile connectivity. Whether it’s about money or sensitive data, breaches caused by lack of security measures makes both app usage and brand reputation head south.
And speaking of sensitive data…
Hospitals are now being referred to as one of the dinosaurs of cybersecurity, as the infrastructure (being comparatively wide and open) hasn’t adapted to the newly connected devices, causing hackers to reach the hospitals secure networks. While switching to electronic medical records, computer security is not always the highest priority. That makes the healthcare industry a prime target, today exposed to over 34% of the total breaches for identity theft, and a close second to the business industry.
Several attacks through hospital devices – one of them compromising 4.5 million U.S. records – has been reported, suggesting that the hospital security systems as well as the awareness of breaches is scarce, and that unchangeable configurations from software manufacturers results in a lack of visibility, making it impossible to verify the “secure” systems provided.
Image borrowed from CNN Money
As medcare moves into apps, one can only hope that security gets a higher priority than it is at the moment.
I’ve only covered a fraction of all industries that should worry about cybercrime. Prime targets can be anything from governments down to dating apps, which implicates the inevitable paradox of mobile adoption:
The consumer demand in connectivity has to be met if companies want to survive, and it goes without saying that mobile technology comes with great opportunities. Simultaneously, connectivity implies new risks, and consumers are assuming security.
That makes no room for company leaders and devs to assume to get away with half-baked security solutions. Neither can they assume that the cybercrimes being reported doesn’t relate to their service: every connected industry is a targeted one.
The unprecedented attacks on Paris on November 13, 2015, saw a rise in activity on Facebook, motivating the leading social network to turn on Safety Check, a feature previously reserved for natural disasters. Introduced in October 2014, and borne out… read more
You might have read WebRTC in 2015 and why Apple will never join the party from our Developer Evangelist Chief, Christian, published on ProgrammableWeb a few weeks back. Christian and I decided to reach out to the WebRTC community, and… read more
Like most times during my writing process, first thing is opening a new Google docs sheet, where I create a draft for the next interesting topic to feed to the blog. Then, I choose among technologies as carefully as the… read more
What’s a virtual team? Virtual teams are separated by time, space and organizational boundaries. Interaction and collaboration is mainly enabled through electronic communication, and meeting up physically only happens on rare occasions. Virtual teams can involve business projects or divisions,… read more