As enterprises strive to innovate and reinvent themselves through digital transformation strategies, business processes are being reshaped, productivity gets redefined and customer experience is once again at the forefront. This new landscape is forcing leaders to address new challenges. Hyperconnectivity, mobility and the Internet of Things (IoT) have created new business models:

  • In 2015, Uber, the world’s largest taxi company, owns no vehicles.
  • Facebook, the world’s most popular media owner, creates no content.
  • Alibaba, the world’s most valuable retailer, has no inventory.
  • Airbnb, the world’s largest accommodation provider, owns no real estate.

They have also played a substantial role in changing socioeconomic behaviors:

  • According to the International Labour Organization, by the end of 2015, there will be more than 7.3 billion people in the world, of which 4.3 billion will be in the employment market. That gives us a 60 percent employment-to-population ratio.
  • At the same time, the August 2014 Symantec Intelligence Report predicted that 1.3 billion people — or 30 percent of the population — will routinely work remotely. There will also be 4.9 billion connected things, according to Gartner Predicts 2015; the IoT is already everywhere.
  • The digital phenomenon is transforming businesses and lives and has given us the power to change the world around us. Millennials, or members of Generation Y born between 1980 and the early 1990s, currently represent close to 20 percent of the working population. That number will rise to 75 percent by the end of 2025. This generation will clearly drive the new workforce behaviors; they grew up with technology, are keen to learn new things, want flexibility and have high expectations of their employers. They are also considered assets by companies that understand that expensive attrition will be generated by lack of geographical or work-life flexibility, as well as lack of up-to-date technology.

We all remember when Wi-Fi was regarded with suspicion by information security professionals, and we also remember when employees started to bring their own devices to work and demanded connectivity. The IoT is the next evolution.

Good Things Come to Those Who Bait

Young professionals, while technology savvy, may lack cybersecurity shrewdness and can leave their employers exposed to cyberattacks. Several behavioral studies point to the fact that these workers have lost unencrypted computers or mobile devices, often with unrestricted access to corporate information. Many also admit to being unaware of their company’s security policy or, worse, to not believing security to be their responsibility.

How often have we heard of data breaches resulting from employee behaviors, either from falling victim to phishing attacks, managing passwords in unprotected documents or sharing passwords across applications or with family or colleagues? And how often do we see those sharing corporate documents to cloud applications without the knowledge of their IT department, emailing work files to personal accounts or copying data to portable devices?

In today’s hyperconnected world, individuals have numerous online personas and interact with multiple websites and applications on a daily basis both within and outside of the enterprise. The growth of the mobile workforce may make it easier for criminals to hack their way to private data, helped by the fact that the IoT only increases retention of sensitive information. And criminals evolve with the times while we struggle with legacy infrastructures. Phishing scams have now moved to social sites, and lawyers are warned about the ethics involved with inaccurate LinkedIn endorsements.

The results are startling:

  • In the U.K., identity crime represented 48 percent of all fraud in 2014, and 82 percent of identity-related crime was committed online, according to CIFAS Fraudscape 2015.
  • Verizon’s 2015 Data Breach Investigations Report found that 23 percent of recipients open phishing emails and 11 percent click on attachments. About 50 percent open emails and click on links within the first hour. A phishing campaign of just 10 emails has a 90 percent success rate.

With more mobility, social media, bring-your-own-device (BYOD) policies and the oncoming tide of the IoT, from wearables to connected cars, the biggest challenge to any business is coping with modern working practices. Meanwhile, the biggest hurdle for information security professionals is enabling their business with secure solutions that foster innovation and growth.

On Cloud Nine

It’s no wonder we are experiencing an increased reliance on cloud and managed services and third-party suppliers of all kinds to cater to this new normal. The main reasons for this popularity are:

  • Price;
  • Flexibility;
  • A desire for mobile working, independent of specific machines;
  • A pursuit of the holy grail of omnichannel delivery.

This, in turn, brings new challenges:

  • Regulations, including privacy, geography, tenancy, collocation and jurisdiction;
  • Privacy and security issues, such as data ownership, remote access, risk and asset management and more.

Consequently, many will wonder whether we have reached a point where a new approach to security is needed. The majority of businesses are struggling to strike the right balance between application performance, availability and security because of disjointed, complex and hard-to-manage infrastructures. This is exacerbated by the growth in BYOD and the mobile workforce, resulting in an estimated 45 percent increase in security risks from within an organization’s network by 2017, according to Freeform Dynamics. With cloud and mobility on the rise, the perimeter firewall will handle more internal-to-internal traffic and, by 2018, cloud will represent 76 percent of total data center traffic, according to the Cisco Global Cloud Index: Forecast and Methodology 2013–2018.

Are We Ready for the Application Economy?

Most will agree that new working patterns will challenge application access and security and that poor or unpredictable application performance negatively impacts a business. Consequently, many recognize the need to move from network perimeter to application perimeter, but very few have deployed any form of application delivery control. This is confirmed in “The State of Mobile Application Insecurity,” which highlighted some worrying trends:

  • About 40 percent of large companies, including many Fortune 500 businesses, are not taking proper precautions to secure their mobile apps.
  • One-third of companies never test their apps.
  • Only 5.5 percent of the total app development budget is allocated toward ensuring mobile apps are secure.

The challenge is clear: As employees move toward increasingly complex and challenging digital footprints, demanding easy and secure access to their information and applications, IT divisions must have tighter security, complete oversight and proper controls in place to ensure that the corporation and its assets are protected.

Hyperconnectivity and the growth of the application economy combined with the lack of business readiness have facilitated the explosion of cybercrime, highlighting the need for a paradigm shift from network perimeter to application perimeter. As the IoT increases the potential attack surface to even more personally identifiable information, we must embrace a new approach to security. This becomes more pressing as time goes by.

The growth in mobility and connected devices, including wearables, increases the value of security services. In addition, identity and authentication technologies are seen as a potential gold mine for technology entrepreneurs, startups and venture capitalists. In a recent survey by ESG Research, 55 percent of information security professionals believe that username-password authentication should be completely eliminated or relegated to nonbusiness critical applications only. This paves the way for new approaches to identity and access management as well as multifactor authentication, which has already seen recent innovation in the form of biometrics. Indeed, the IoT will redefine the concept of “identity management” to include what people own, share and use.

Many national regulators have issued guidelines and best practice on these topics, including the U.K. Information Commissioner’s Office. The impending Payment Services Directive 2 will provide an unprecedented boost to security and authentication companies in Europe. Numerous other examples can be found, including national digital identity initiatives.

Read the Ponemon Study on the State of Mobile Application Insecurity

Be Prepared for the Internet of Things

As businesses become aware of the increased threats associated with new technologies such as the IoT or struggle with BYOD, they will face new challenges. These obstacles include increased security threats, data privacy concerns, identity and access management, compliance and regulatory requirements and ownership of technology and data.

When criminals increase in sophistication and get better at knowing you and your business, it’s time to stack the odds in your favor:

  • Know Yourself:
    • Classify your information and application assets.
    • Develop and enhance an application security strategy.
    • Understand your risk and threat profile.
  • Invest in People:
    • Track new working behaviors and trends.
    • Implement flexible and focused security strategies and usage policies.
    • Understand your customers.
    • Increase training and raise awareness.
  • Be Prepared:
    • Monitor identity and authentication trends closely.
    • Prioritize BYOD integration strategies for legacy infrastructure.
    • Begin logging, monitoring and sharing threat intelligence.
    • Practice effective and inclusive incident monitoring and response.

After all, technology evolves, but human behavior doesn’t. To quote Niccolo Machiavelli, circa 1532, “Men are so simple and yield so readily to the desires of the moment that he who will trick will always find another who will suffer to be tricked.”

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - Quick recapThis blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this additional content. As a reminder, PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device,…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today