Top Disruptive Technologies in Digital Commerce for 2016

Hampshire, UK - 9th February 2016 - Juniper Research today revealed the top ten technologies it believes will do the most to transform e-commerce this year.

The top 3 are:
1. Biometrics
2. Federated Identity
3. Tokenization

1. Biometrics - Apple and Samsung Lead the Way
The new research Top 10 Disruptive Technologies in Fintech: 2016, concludes that the technology making the biggest difference to ‘payment completion’ today is biometrics, largely thanks to the proliferation of fingerprint readers in smartphones.
It highlights the use of biometric authentication in both Apple Pay and Samsung Pay, and argues that use cases and deployments will proliferate in the short and medium term.

2. Federated Identity - New Players Add More Options
Behind biometrics is federated ID, which provides merchants with the ability to gather information on customers in a click – rather than asking them to fill out long forms. Juniper observed that Facebook, Google and LinkedIn dominate this area at present, but expects new entrants such as banks, telcos and even governments to increase their presence within the space.

3. Tokenization - The Best Hope for Secure Digital Commerce
The study ranks tokenization as the next most impactful technology. Tokenization addresses the major e-commerce barrier after user experience: security. By replacing card numbers with randomly generated digits, tokenization makes the theft of card data pointless. It also prevents merchants from having to store sensitive credentials. Juniper anticipates that the benefits offered by tokenization, and its support by Visa and MasterCard, will lead to far greater commercial deployment and adoption in the near future.
Further Potential
Tim Green, report author said, "Digital commerce is already worth around $1.7 trillion a year, but it still has so far to go. Even after 20 years, it can be hard for consumers to buy the things they want to buy without fuss. Happily, exciting new ideas are on the way."

However, the research cautions that the top 10 disruptive technologies will invariably develop at different speeds. Unpredictable factors such as new device types and government regulation will accelerate the adoption of some and delay others.

GSMA Announces Security Guidelines to Support Growth of the Internet of Things

Backed by the Mobile Industry, New Guidelines Outline Common Approach to Security for IoT Services

LONDON--(BUSINESS WIRE)--The GSMA today announced the availability of new guidelines designed to promote the secure development and deployment of services in the growing Internet of Things (IoT) market. The document, ‘The GSMA IoT Security Guidelines,' has been developed in consultation with the mobile industry and offers IoT service providers and the wider IoT ecosystem practical advice on tackling common cybersecurity threats, as well as data privacy issues associated with IoT services.

The project has received the backing and support of the mobile industry including mobile operators AT&T, China Telecom, Etisalat, KDDI, NTT DOCOMO, Orange, Telefónica, Telenor and Verizon and vendor and infrastructure partners 7Layers, Ericsson, Gemalto, Morpho, Telit and u-blox.

“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases,” said Alex Sinclair, Chief Technology Officer, GSMA. “These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”

The GSMA’s IoT Security Guidelines have been designed for all players in the IoT ecosystem including IoT service providers, IoT device manufacturers and developers. They will help service providers build secure services by outlining technologies and methods to address potential threats, as well as how to implement them. They also establish the need for risk assessment of all components of an IoT service to ensure they are designed to securely collect, store and exchange data and successfully mitigate cybersecurity attacks. The Guidelines recently completed a thorough industry consultation with academics, analysts and other industry experts to ensure that they are as robust as possible.

“There is a significant amount of evidence to suggest that cyberattacks are already happening in the burgeoning IoT space. If not handled appropriately, these attacks are likely to inhibit the growth and stability of the Internet of Things,” commented Don A. Bailey, Founder and CEO, Lab Mouse Security. “It is imperative that the industry adopts a standard approach for dealing with security risks and mitigations, helping to ensure that the entire IoT ecosystem will not be subject to fraud, exposures of privacy, or attacks that affect human life."

The GSMA IoT Security Guidelines have been developed through the GSMA Connected Living program. The program is designed to help operators accelerate the delivery of new connected devices and services in the M2M market. It focuses on driving industry collaboration, promoting appropriate regulation and optimizing networks to support the growth of M2M in the immediate future and the IoT in the longer term.

The IoT Security Guidelines are available to download here.

For more on securing the IoT, get a copy of "Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations." The book consists of five parts covering attacks and threats, privacy preservation, trust and authentication, IoT data security, and social awareness.

8 of the Largest Data Breaches of All Time

According to the Identity Theft Resource Center, there have been 5,754 data breaches between November 2005 and November 2015 that have exposed 856,548,312 records. According to their data, there were 783 breaches in 2014, the largest number of data breaches in a single year to date. Although this data includes a comprehensive list of data breaches, whether large-scale or small, there are a few that stand out from the rest as some of the worst data breaches in history in terms of resulting costs and the number of records compromised. This list of eight of the worst breaches in history highlights the cause of the breach and the effects on the public and business sectors.

Making Vulnerability Assessments a Priority in 2016

The vulnerability assessment of an organization's applications and data is critical given the increasing number of automated and targeted attacks. Businesses must proactively identify potential vulnerabilities to prevent breaches. This article discusses two highly-effective ways to identify vulnerabilities: vulnerability scanning and penetration testing.

Top Five Enterprise Data Privacy Mistakes

Did you know today was Data Privacy Day? I didn't either until this came in.

PORTLAND, Ore. — January 28, 2016 — Global businesses are reevaluating their data privacy programs this year as new privacy regulations targeted at businesses take effect. The European General Data Protection Regulation is a new privacy regulation with fines as high as four percent of annual global revenue for companies that fail to safeguard data of EU citizens and residents. In the U.S. 16 states recently introduced new, ACLU supported data privacy legislation. In spite of efforts to improve privacy protections many enterprises are not doing enough to protect consumer data.
“Data privacy day is a great opportunity for organizations to reevaluate their privacy program,” said Tim Erlin, director of IT risk and security strategy for Tripwire. “Privacy is often treated as part of larger security initiatives. While this approach addresses some key privacy issues, others may not get the attention they deserve.”

According to Erlin, the top five data privacy mistakes businesses make are:

1. Failure to keep only essential consumer data: Many organizations keep a lot of customer data in case they need it “someday.” While this approach may seem prudent this data can easily become a major target for cyber attackers and, because it isn’t business critical, it may not receive the same protections as other, more sensitive data.

2. Failure to encrypt customer data: While there are some regulatory requirements for encrypting customer data, companies need to establish internal processes to keep data encrypted. Leaving customer data unencrypted makes it much easier for attackers to grab.

3. Failure to secure access paths: Encrypting customer data is important, but it must be decrypted for use in an application at some point. Attackers will aim to compromise the applications that use customer data in order to get to that data. “Don’t worry, the data is encrypted,” is a dangerous mind set.

4. Failure to patch known vulnerabilities: Security experts may be more interested in the technical analysis of the latest malware, but successful attacks are more likely to exploit the three year old web server vulnerability that gets them access to high value data. Patching systems isn’t glamorous but it’s essential to protecting data.

5. Failure to monitor and control simple misconfigurations: More than one of the breaches that have been in the headlines recently has been the result of a misconfigured database or server. If you’re not monitoring sever configurations for change, you have a blind spot in your security that attackers can leverage.

IoT Scale Is Outpacing Its Security – Telefonica

You knew this would happen. The pace of technological changes far outruns our ability to manage them. IoT is no different. Companies roll out new products and services and worry about securing them later. Infoworld recently ran a story about home automation horror stories. It's just the beginning. And while Scientific American debunked the Wired story of hacking a car, one has to ask, why not? These tales grab us because they strike close to home. But the industrial scale, and threats, are so much greater.

So, better late than never.

Get a handle on securing the IoT with Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations. The book brings together some of the top IoT security experts from around the world who contribute their knowledge regarding different IoT security aspects. It answers the question "How do we use efficient algorithms, models, and implementations to cover the four important aspects of IoT security; i.e., confidentiality, authentication, integrity, and availability?"

Order your copy today!

What Is the EU General Data Protection Regulation?

It has been a long time coming, but the new EU data security and privacy law, also known as the General Data Protection Regulation (GDPR), is finally close to being finalized and will likely go into effect sometime in 2017. This article includes an outline of the GDPR and why it is important for organizations to not panic over changes to the existing data rules; the current Data Protection Directive (DPD) and why the EU felt the need to change to the GDPR; some of the more important vocabulary included with the new law; and outlines of the new articles contained with the GDPR and how they will affect organizations.