Mobile apps have become an integral part of any company, ranging from a startup to a large enterprise. Most apps aim to enrich the experience of customers. However, the same apps might turn out to be a gateway to compromise the weakest link in the cyber ecosystem – end users.
Cyber literacy of the end user (customer) is one of the biggest challenges of any organisation. Even if an organisation has cutting edge anti-APT (advanced persistent threat, which detects and prevents targeted attacks) solution, EDR (endpoint detection & response), IPS (intrusion prevention system), next-gen firewall, DLP (data loss prevention), etc, if the customer/ end user is not literate enough, he will give away his credentials to a silly phishing page, leading to financial and data loss.
Intelligent & fraud resilient apps are the need of the hour. Social engineering is one of the major attackvectors of any end-user compromise. Securing customer/ user from this attack needs an intelligent mobile app.
The concept here is what is called Indicators of Cyber Frauds (IoCF). A repository of fraud SMS, IP, GPS coordinates, apps, could be created and maintained. This will be similar to Indicator of Compromise (IoC). If IoCFs get triggered due to any event, the customer gets an alert. This will be a proactive step against cyber crooks.
An ecosystem of such IoCFs may be developed by a consortium of trusted apps, and a framework may be standardised for accurate proactive protection of customer interest. To address concerns of user privacy, no user data should be stored on the server. Detection and response should be on the client end, lookup can be done from the server end.
The writer is senior consultant to a Union government department
