Sharing is caring, but is it safe?
In this guest post, Prakash Sadagopan, director of field systems engineering at F5 Networks Asia-Pacific, discusses mobile security issues and what enterprises can do to stay secure.
The boom of mobile applications—whether it is for ride sharing or couch surfing—has superseded traditional services and revolutionised convenience, as we know it. This is especially prevalent in Asia Pacific, home to over half of the world’s mobile subscribers. Asia is also leading the charge in mobile app revenue, with the figure expected to increase to $57.5bn by 2020.
Replacing traditional with unconventional
A dynamic playground for mobile apps, the sharing economy has nestled itself into almost every corner in the region—and it makes no differentiation, be it an emerging market such as Indonesia, or an established economy such as Singapore.
In Indonesia, home care portal Seekmi connects individuals to professional services at the touch of a button. With a platform of over 250,000 listings and a fleet of 5,000 service vendors, Seekmi provides a wide array of on-demand services including photography and plumbing. Last year, it raised multi-million dollar funding and made plans to expand its services across more cities.
In Singapore, we regularly see Uber Eats riders on their oBikes and Mobikes, completing their trips and delivering an assortment of food to their customers. These riders have no stake in any of the businesses—from the restaurants, or their mode of transport—but provide an ever so popular service. Today’s sharing economy has evolved to a point where jobs can be created, and completed, all just by owning a single app.
The underlying danger of DDoS
These success stories are a testament to the prowess of the sharing economy, which is quickly gaining traction across the region due to the speed and convenience it delivers. However, our increasing reliance on apps might also lead to our downfall. Consumers willingly offer personal information to shave off precious minutes of waiting. This is great, until they realise that the sharing economy also means an entire ecosystem of authenticated devices and data that are interconnected—a treasure trove for cyber criminals.
DDoS attacks caught the world’s attention with the Mirai botnet, which crippled the internet and brought down sites such as Amazon, Github, PayPal, Reddit and Twitter. If DDoS can easily take out large websites, one can only imagine the havoc it will cause if and when apps such as Uber, Obike and Seekmi are suddenly made unavailable.
Our dilemma: safety or convenience?
Connectivity is a double-edge sword today as it enables the level of convenience in our lives, and yet provides cyber criminals the platform for exploitation. The benefits the sharing economy bring to improving one’s standards of living are endless.
However, sharing economy apps achieve this intelligence by uploading customers’ personal information such as gender, age, interests and even credit card details to the cloud for data analysis and service improvements.
So what happens when enterprises face the unexpected wrath of a DDoS attack? Enterprises lose revenue in reduced web traffic and have to bear the high costs of remediation process. More severely, customers who once trusted enterprises would view the organisations as unreliable. In our information overload age, it only takes one website crash to send customers running to another vendor.
The key to keeping safe
Convenience is the biggest motivator in an increasingly impatient world. It is worrying that users of sharing apps surrender their credit card information and passwords too readily. Now more than ever, businesses need to strengthen their stance against DDoS. It may seem to be a daunting task; however, a practical first step could be to cultivate a culture of awareness.
Cyber security is slowly but surely becoming a priority for many organisations, especially in the wake of recent events, including oBike’s as well as AXA’s data breach. Yet, IT continues to struggle to gain a foothold in boardroom discussions and drive the point that proactive cyber security strategy is a necessary investment.
Given the option between building on an existing security framework and investing in business ventures, it is almost a no brainer for executives to choose the latter. A Ponemon Report on APAC app security finds that only 17% of IT security budgets are dedicated to app security. The only real change enterprises have to make is recognising that they have to carry great losses that extend beyond monetary means during a security breach, and that at any time, a breach could happen.
With the right mindset comes the right steps to security. Enterprises should bear in mind that security monitoring and observations are imperative. From prioritising what needs protection to ensuring your IT programme timely and effectively identifies security breaches, every step counts towards a safer future for a business.
Enterprises should also carry out active measures to protect both end users and businesses, starting from digital hygiene practices. This can range from password renewals every six months to conducting regular patching exercises. Deploying web application firewalls (WAF) also protects web applications and application programme interfaces against a variety of attacks, notably injection attacks and application-layer denial of service.
Lastly, enterprises should adopt a cyber security infrastructure that creates on-going conversations across all business units and functions. This will ensure a varied and multi-faceted opinion in identifying critical vulnerabilities in security and building towards a more robust secure strategy in an enterprise. Simple yet effective, these measures could save you a trip to the emergency room and help keep sharing safe.