UM Labs

Microsoft is joining the Mutually Agreed Norms for Routing Security (MANRS) initiative, whose primary objective is to reduce the most common threats to the Internet’s routing system. This collaboration is a step in which CSP’s can try and sort out DDOS attacks at routing levels, it is a great start. However, Cyber Security is about levels of defence over multi-levels, which usually means network, applications and then the content access for the new smart cyber criminals.

In recent moves the introduction of SCA (strong customer authentication) which is a new variant on Verified by Visa (first made mobile by Visa /Mobileway partnership and SMS in 2001)  will effect european businesses that are unprepared for SCA (Europe stands to lose €57 billion in economic activity in the first 12 months) and small businesses will bear the brunt of it this,  because of the need for a standard approach as is being taken in MANRS, but with low costs of implementation, as at the volume end,  which is the small business, there is little pay as you go umbrella services for protection.

SCA will disproportionately impact small businesses: three in five businesses with under 100 employees are either unfamiliar with SCA, don’t plan on being compliant when it goes live, or are unsure when they will be ready (GDPR still not fully aware, especially on Data in Transit). Contrast this with larger merchants of more than 5,000 employees where only 1 in 25 payment professionals are unaware. The most recent version of 3D Secure, which to date has been known by consumers under names such as Verified by Visa and Mastercard Secure Code, is emerging as a popular SCA-compliant way to accept payments online. However, one in four online businesses are not yet familiar with it. Further, for those that are familiar, 24% believe they will only implement it.

74% of Gen Z shoppers have abandoned an online purchase in the past six months due to a bad checkout experience. Over half (52%) of online shoppers who abandon a purchase end up completing the transaction with a competing merchant or they resume over the phone and become a Data in Transit risk. Against this backdrop of low consumer tolerance for poor checkout design, SCA is likely to make matters worse. 73% of shoppers are unaware of new authentication requirements coming to the online checkout experience.

Initiatives and compliance are the right way to progress, SCA is another one, NIS, PSD, MiFidII, 23NYCRR500, GDPR, California Consumer Act 2018 (2020 now) , Singapore DP Act are all creditable laws and regulations with teeth attached to make sure they are taken seriously. EXCEPT Facebook seems to not care and they want to offer P2P payments- smile hard!

At Microsoft in the late 90’s early 2000’s, much of this creation started with mobile data becoming 24 hours and Real-Time, it has become the new business model for social media, retail and cyber crime, it is the need to understand who, where and what you want from data that is the panacea.

This shows that DATA IN TRANSIT is now the most functional way to express, transact, transfer or share personal, financial or secret information that is the least protected and therefore even with it being written in law to protect such data in transit, many have missed the point, especially thinking that by having encryption it is OK! Cyber Crime is over multi-levels.

Boil the ocean is what was said in a recent law enforcement meeting, we must take a step at a time, however having pointed out the Gaps in security, surely they would listen to solutions that solve these?  But of course, costs and politics often the barrier, existing legacy technology suppliers scared of losing out because they state the solutions are not there yet, all contributed to there not being the right level of services to lower residual risk, where today it off the scale.

See the design, future through the eyes of UM-Labs R&D for protection of Data in Transit, compliant and available today.

Data in Transit -Tech UK brief 2019 Final