Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Deconstructing Mobile Fraud Risk
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/5/2015 | 3:46:17 PM
Needed: Tighter Regulations, Harsher Penalties
* First, fraud starts on systems you can't control.

I maintain that an organization serious about protecting its data will have a firm policy against BYOD. This is an organization approach to security that established the importance of the company and its assets over your personal preferences for computing and managing your life. While EMM applications may seem like a fair compromise, when users BYOD they often uninstall EMM apps when things go wrong.

No BYOD means improved security right out the gate.

* Second, fraud management is a high frequency/high friction activity.

I would argue that $190B/year loss to American merchants represents a disaster at a national level. To know that this continues to happen year after year is unacceptable. Here I go again, I know, but to not have tighter regulations and fine-related targets of evaluation (TOE) that must be met by companies to be even _allowed_ to connect financially to the Internet means we as a country are not taking cybersecurity seriously. The US bleeds money yearly (war, international loans/debt, etc) and one of the elements of our economy that allows us to recover from this is our capitalist system. To not protect that system with everything we've got points to a deep lack of understanding of what security, mobile or otherwise, truly is from a data ecosystem standpoint.

* Third, fraud is visible to the world.

I couldn't agree more. From the 22% of high-grade data breeches and the $190B/year loss, this is highly depressing. And when you read exploit and root cause analysis reports on many of these incidents, the initial point-of-entry was one that could have been prevented had the scope of the security strategy been expanded, and the specializations acquired in terms of talent been more varied. Again and again, we see the multitude of security applications making various claims and seemingly presenting an easy all-in-one solution that business often fall for in place of architecture, design and strategy. Perhaps some of this is due to cost-cutting but in doing that, a business might be risking their very existence if they are hit hard by mobile fraud.


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5530
PUBLISHED: 2020-02-18
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-1842
PUBLISHED: 2020-02-18
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Succe...
CVE-2020-8010
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVE-2020-8011
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVE-2020-8012
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.