Hitesh Sheth, Vectra CEO, on Cybersec During the Pandemic, Threats, and AI
Last updated June 3, 2020
The recent Coronavirus pandemic has accelerated the rise of the mobile as important connectivity, work, and communication devices. Along with this change, the need for stronger security and protection has also risen. That is especially the case in emerging markets in the developing world, where people are a lot more vulnerable to fraudulent charges and scams.
We have reached out to Upstream's CEO, Dimitris Maniatis, to discuss how their products help people and businesses keep their clients safe from a wide range of threats, as well as what is to be expected in this rapidly evolving environment in the next couple of years. Being the developer of the award-winning Secure-D solution, Upstream is considered a leader in the field and in a position to evaluate the threat landscape from a higher perspective.
What was the challenge that convinced you to hop from a digital marketing agency you founded yourself to taking on the task of creating a rising mobile network security platform?
The challenge and thrill involved with building something from scratch are unmatched. With fraud and abuse rising as an issue in the digital sphere, especially on mobile, for me, it was more of an evolutionary step rather than a hop in another direction. Building Secure-D as our platform’s security feature gave me a whole different perspective and made me a better marketer. Bringing security into the fold for Upstream has made our digital engagement offering better - and at the same time sustainable.
As the operator of a ‘state of the art’ carrier-level security platform, Secure-D, what can you tell us about the dynamics that shape the mobile threat landscape as we move deeper into 2021?
It took cybercriminals very little time to pivot to COVID-19 and then onto vaccination-based fraud. There were fraudulent sites and apps set up in no time, designed to trick people into giving out their personal information, money, or control over their device. The pandemic period has more than proved what we have been seeing and reporting all along; ad bad actors are very smart, organized, and quick to adapt. Our data for the period shows that as online gaming thrived after the pandemic outbreak, so did fraud in the field, with Games being the most troublesome app category in Google Play. Even popular, legitimate gaming apps were targeted. A year ago, this was different.
Looking ahead to the rest of the year, it means more of the same, with mobile fraud pivoting and continuing to adapt, exploiting whatever is happening in the world. And we expect mobile fraud to increase as more transactions go digital, something pushed forward by the pandemic’s catalyst effect. Mobile threats cannot be managed at the individual level. This is especially true in emerging markets where Direct Carrier Billing (DCB) is commonly used, whereby consumers can pay for services using their airtime. DCB is vulnerable, meaning that the people in emerging markets – the people who can least afford to lose money are disproportionately targeted by cybercriminals. The threat has to be tackled at the carrier level, the network level, in order to defeat fraud at scale.
Secure-D is used mostly in emerging markets and operators in developing countries. What makes these markets different from those in Europe and North America regarding the threats the users are facing?
Again, this comes back to the importance of Direct Carrier Billing in those markets. For a start, around 1.7 billion users in emerging markets are unbanked and use DCB to buy a lot of goods and services online. For these users, phone credit is like currency. This gives bad actors more opportunity to create apps and services that appear useful on the surface but are embedded with fraudulent malware that signs them up to premium services without their knowledge or consent. Advertisers are also hit hard by fraudulent apps that mimic user clicks, resulting in millions of dollars worth of advertising wasted on fake impressions and clicks.
It’s also important to point out that, for users in emerging markets, their mobile phones are often their only portal to the online world. Due to poor Wi-Fi infrastructure, a lot of users will depend on their mobile phones for everything from entertainment and video streaming to home-learning and signing up for government services. This naturally makes these users more of a target for malicious actors.
Since Upstream also helps mobile operators digitize their services and increase customer reach and engagement, what can you tell us about the impact you think the universal decision to end the use of third-party cookies will have on mobile operators?
It’s not just mobile operators that we support, by the way – it’s any business looking to engage with their audiences better and reach customers at scale.
Looking broadly at the issue, the end of third-party cookies – even though Google recently delayed killing them off until 2023 - will have a profound impact on marketers worldwide, including mobile operators. But in my experience, this kind of disruption is often the precursor to innovation, and this is no different. While challenging in the short term, I think the end of third-party data will encourage businesses to focus more on first-party data and engaging with customers in a more direct and conversational way.
We’ll no doubt see an increase in walled gardens of content that require sign-ups, but we’ll also see businesses starting to offer a much more engaging and tailored customer experience in a bid to exchange their personal details for the additional value being offered. We’ll also see channels like SMS making a huge comeback as brands work harder to create a connected customer experience -which is obviously great news for network operators.
What other challenges do you think businesses face in terms of customer reach and engagement in a post-pandemic world, and what could be a useful tool in their arsenal?
Businesses have spent a great deal of the past 18 months or so in a reactive state, but I think now they’re beginning to adapt to the so-called new normal and are ready to explore new ways to optimize their digital flows and customer experiences. Today’s customers are certainly more connected than they were pre-pandemic, primarily through their smartphones and tablets. A couple of years ago, a person’s mobile phone might not have been their first port of call for grocery shopping or contacting a retailer to query a purchase. That’s all changed now thanks to a mobile-first ecosystem and the reignition of channels such as live chat, SMS, and dedicated mobile apps designed to engage customers in a more conversational way that allows them to self-serve on their own terms.
I think the biggest tool that businesses have in their arsenal to take advantage of this shift is probably first-party data. But to get the most out of it, they need to be able to channel that data effectively and optimize it for mobile-first acquisition and engagement campaigns. This is where Upstream has been supporting businesses globally, particularly in emerging markets. The results we’re generating for businesses are off-the-scale, far better than they would be able to achieve by trying to engage any of the tech giants, the likes of Google and Facebook.
The conversation is naturally centering around mobile as people’s device of choice for engaging with brands today. How important is it for businesses to offer a multi-channel experience?
It’s essential. It’s not uncommon for today’s consumers to engage with several devices throughout the course of a purchasing journey. If a customer engages with a brand, they want to do it on their own terms with a device that’s convenient and appropriate. That could mean anything from logging onto a brand’s website to opening up a dedicated mobile app or giving a command to a smart speaker. We live in an age where a customer could ask their home smart speaker for an insurance quote and get an SMS sent to their phone within seconds that contains a link to the next stage of the journey.
The common theme, however, is that the smartphone tends to be the link that chains these multichannel experiences together. From two-factor authentication to resuming a journey that was started on a desktop website, smartphones make engagement more personal and conversational - which, again, is excellent news for mobile operators.
You talked about a digital divide between developed and emerging markets. What impact has this had on mobile operators during the pandemic in terms of sales and customer engagement?
There’s always been a gap in digital maturity between emerging and developed regions, and we’ve seen that gap widen during the pandemic. Developed markets tend to have a more robust fixed-line infrastructure with better cellular coverage and more affordable data. That data is also easier to purchase through apps, calls, websites, or by simply having a monthly contract that gets refreshed. It’s, therefore, easier for operators in developed markets to engage customers as they have more touchpoints and channels to work with.
Those in emerging markets, on the other hand, are behind the digital curve. Many of their customers may not have bank accounts, for instance, and will only be able to top-up their data by purchasing a top-up card with cash from a physical store. In this situation, it’s far more difficult for operators to engage with their customers and present opportunities for upselling or cross-selling. Operators need to work hard to digitize their services and sales channels as much as possible in the coming years in order to better engage their customers and connect the communities they’re serving.
You recently published a report named ‘A Pandemic on Mobile,’ finding several dangerous apps on the Play Store, as well as risky preinstalled apps on MEIZU devices. Does this mean that the software of some vendors or even Android’s official app store shouldn’t be blindly trusted?
No app or app store should ever be blindly trusted. While Google Play remains the safest place to download Android applications, around 30% of the malicious apps we identified were still available through the store. While we work very hard with mobile operators to protect users from malicious apps and bad actors, users should take some responsibility too and remain wary of what they’re downloading or the permissions each app asks for. And in particular, users should steer clear of third-party app stores altogether - they harbored more than 70% of all malicious apps throughout 2020.
In regards to fraudulent transactions, what is it that that needs to change on a grand scale for the situation to improve and render platforms like Secure-D less vital?
I think features like Secure-D are a vital part of it for the foreseeable future. When we’re brought into multiple operators in the same country, we’re effectively blocking revenues to criminals for a whole country. That is huge, and it’s creating a disincentive for them to continue targeting whole countries and regions. So we view security as a feature embedded in all things “mobile transactions” and inseparable from every digital sale, advertising, promotional tool. This is the way we have structured our own platform for mobile engagement going forward.
Beyond that, Google needs to keep plugging away at the vulnerabilities in their own processes to make Google Play safer. They have done some good work, but there’s still a lot more that they need to do.
The final layer of responsibility crosses over intelligence communities, law enforcement, and governments. This is the toughest nut to crack. Some cybersecurity organizations and regulators in some countries are very sophisticated, while in other parts of the world, they are non-existent, so, globally, we have a “leaky bucket.” Cybercriminal organizations are smart and agile, and we need at least the same level of sophistication from the other side.
If you were to give our readers a single piece of “mobile security advice,” especially now that COVID has pushed everyone and everything online, what would that be?
I think the best piece of advice for readers would be to only source apps from official app stores. While neither the Apple Store nor Google Play is completely free of threats, they remain the safest channels through which to download apps. Steer clear of third-party stores, even if the apps they are peddling appear legitimate. Some of the biggest malware threats in recent years have come from seemingly innocuous apps like video editing or camera tools that seem to serve a valuable purpose. Also, be aware of data and battery depletion; they too are tell-signs of something being off.