Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Deconstructing Mobile Fraud Risk
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
5/5/2015 | 3:46:17 PM
Needed: Tighter Regulations, Harsher Penalties
* First, fraud starts on systems you can't control.

I maintain that an organization serious about protecting its data will have a firm policy against BYOD. This is an organization approach to security that established the importance of the company and its assets over your personal preferences for computing and managing your life. While EMM applications may seem like a fair compromise, when users BYOD they often uninstall EMM apps when things go wrong.

No BYOD means improved security right out the gate.

* Second, fraud management is a high frequency/high friction activity.

I would argue that $190B/year loss to American merchants represents a disaster at a national level. To know that this continues to happen year after year is unacceptable. Here I go again, I know, but to not have tighter regulations and fine-related targets of evaluation (TOE) that must be met by companies to be even _allowed_ to connect financially to the Internet means we as a country are not taking cybersecurity seriously. The US bleeds money yearly (war, international loans/debt, etc) and one of the elements of our economy that allows us to recover from this is our capitalist system. To not protect that system with everything we've got points to a deep lack of understanding of what security, mobile or otherwise, truly is from a data ecosystem standpoint.

* Third, fraud is visible to the world.

I couldn't agree more. From the 22% of high-grade data breeches and the $190B/year loss, this is highly depressing. And when you read exploit and root cause analysis reports on many of these incidents, the initial point-of-entry was one that could have been prevented had the scope of the security strategy been expanded, and the specializations acquired in terms of talent been more varied. Again and again, we see the multitude of security applications making various claims and seemingly presenting an easy all-in-one solution that business often fall for in place of architecture, design and strategy. Perhaps some of this is due to cost-cutting but in doing that, a business might be risking their very existence if they are hit hard by mobile fraud.

AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-09-16
IBM Sterling File Gateway through is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.