We hear horror stories about users clicking on some malware-enabled payload and suddenly all of the codes for their hardware security fobs are stolen or a business email compromise (CEO fraud) attack has been launched. Unfortunately, these stories are true. Phishing and its cousins—spear phishing, vishing, smishing, pharming, and whaling—are all serious security concerns, but are they cyber-Armageddon? This special report focuses on the realities of phishing and recommends defenses you can use to reduce your risk and make it a less profitable business for the attackers.
Adhering to best practices, operational discipline and emerging standards in both web and mobile applications is paramount to to staying ahead of the cyber criminal. Thorough benchmark reporting, OTA continues to discover misconfigured servers and mobile apps which are vulnerable to abuse. As mobile usage and application development continues to grow, the need to adopt best practices in data security, app security and privacy have been highlighted. In an effort to aid site and app developers while enhancing online trust, consumer protection, and regulatory compliance, OTA has provided the resources and best practices. As learned in the development of website and software applications, developers can overlook basic standards and guidelines and fail to uniformly apply and maintain them between versions and device platforms. Creating a security and privacy discipline including robust integration from inception throughout an app's life-cycle pays long-term dividends to a company and to its users. Note as the landscape is rapidly evolving, developers need to conduct their own review for regulatory compliance.
These resources serve as a tool to help developers understand the criteria in which their applications will be evaluated in the 2014 Online Trust Audit & Honor Roll. OTA’s 2014 Audit tracks current guidelines and will evaluate and score apps against leading best practices. OTA recommends brands and developers move from a minimal compliance point-of-view to one of stewardship, making security and privacy a competitive business advantage. As outlined, it is paramount that developers implement adequate security controls, provide appropriate notification and understand privacy implications and boundaries of collection and use of data