Given Apple's big moves this week to implement new data protection tools for iMessage and allow users to encrypt more data in iCloud, it seems obvious that security will be a top priority for Apple going forward next year.
The Biden administration's decision to blacklist the NSO Group's mercenary hackers was a welcome move, but it did not stop the "surveillance-as-a-service" industry. Instead, it's atomized, which means we now have more companies offering such "services" than ever before.
The danger is that, like any other technology, attacks using these services proliferate and mutate. And as more entities offer them, the cost of mounting such surveillance attacks at the state level will decrease. It has always been predictable.
Apple introduced three powerful new data protection tools this week: iMessage Contact Password Verification, Apple ID Security Keys, and Advanced Data Protection for iCloud. The goal is to protect users against these types of attacks.
While most privacy advocates welcomed the move, some governments and the FBI are dismayed, saying more technology-driven privacy will make their job more difficult.
That may be true, but the cost of not having these protections in place is likely much higher – if governments could trust surveillance technology like this, then it wouldn't proliferate, wouldn't it? No are? Y una vez que ese genio particular esté fuera de la botella proverbial, será muy difícil volver a decantarlo. Ya en el Reino Unido, el gobierno dice que el 40% de las empresas fueron atacadas el año pasado.
Why is it important for business?
When it comes to business, the importance is clear. What Apple offers its own users should certainly become the minimum expectation that companies will make of their own cloud service providers.
This means more security, enhanced security tools, and the highest degree of encryption possible for company data, which inevitably includes sensitive information such as patient and financial data.
We know that companies need to take security seriously. A rising tide of ransomware and chilling statistics prove it:
- Veracode claims that 24% of applications used in the technology sector have security vulnerabilities.
- Orange Cyberdefense's Security Navigator 2022 report confirms that ransomware has become the biggest security threat. He also observed that attackers were directly targeting security technologies, looking for vulnerabilities that could be exploited.
- Verizon's annual Threat Monitor report tells us that 62% of system intrusion incidents involved threat actors compromising partners. This should be taken as a warning to everyone, as it implies that every company and every employee (or employee's family member) can be part of a complex intrusion. In other words, no one is safe until everyone is safe.
- Released this week, Apple's own report says the total number of data breaches more than tripled between 2013 and 2021, exposing 1.100 billion personal records in 2021.
The ecosystem prepares for war
Apple has made a strong commitment to improving security this year. Lockdown mode, declarative device management, and the many API enhancements it offers MDM providers to secure devices are proof of this. In October, it launched a security portal and increased rewards offered to security researchers who identify vulnerabilities.
The company's work resonates with partners. Jamf, for example, has invested in the provider of advanced security telemetry solutions, ZecOps, and funds innovative security startups.
The work extends to the partners. Competitors across the industry are working together to create a passwordless security model for the online world. Working to limit tracking technologies and ensure user privacy also helps.
Looking to 2023, I anticipate that we will see this work intensify.
Why? Because in today's geopolitical environment, the scale of state-sponsored security attacks is accelerating, which means that all platform providers, governments, and companies will need to lock down as strictly as possible.
Apple has already marked this direction of travel. “We have much more planned for the coming year, including an expanded search scope for Apple Security Bounty and other program enhancements,” Apple said in October.
Follow me on Mastodon or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.
Copyright © 2022 IDG Communications, Inc.