{"id":20769,"date":"2022-12-09T10:30:03","date_gmt":"2022-12-09T18:30:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/12\/09\/news-14502\/"},"modified":"2022-12-09T10:30:03","modified_gmt":"2022-12-09T18:30:03","slug":"news-14502","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/12\/09\/news-14502\/","title":{"rendered":"Apple sets a security challenge for 2023"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/11\/holiday-e-commerce_shopping_holiday-hacking_security-breach_retail-security_by-rupixen-via-unsplash-2400x1600-100818135-small.jpg\"\/><\/p>\n<p>Given Apple&#8217;s big moves this week to roll out new data protection tools for iMessage and allow users to <a href=\"https:\/\/www.computerworld.com\/article\/3682649\/apple-finally-adds-encryption-to-icloud-backups.html\">encrypt\u00a0more of their data in iCloud<\/a>, it seems obvious that security is going to be a major Apple priority in the year ahead.<\/p>\n<p>The Biden administration\u2019s decision to blacklist the mercenary hackers at NSO Group was a welcome move, but it hasn\u2019t stopped the &#8220;surveillance-as-a-service&#8221; industry.\u00a0Instead, it&#8217;s atomized it, which means we now have <a href=\"https:\/\/www.seattletimes.com\/business\/technology\/how-the-global-spyware-industry-spiraled-out-of-control\/\" rel=\"noopener nofollow\" target=\"_blank\">more companies offering such &#8220;services&#8221; than ever before<\/a>.<\/p>\n<p>The danger is that, just as with any other technology, the attacks used by these services are proliferating and mutating. And as more entities offer them, the cost of mounting state-level surveillance attacks of this kind will fall. This has always been predictable.<\/p>\n<p>Apple introduced three powerful new data protection tools this week: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud.\u00a0The aim is to protect users against such attacks.<\/p>\n<p>While most privacy advocates welcomed the move, some governments and the FBI are aghast, claiming that more tech-driven privacy will make their work harder.<\/p>\n<p>That may be true, but the cost of <em>not<\/em> having these protections in place is likely so much greater \u2014 if governments could be trusted with surveillance tech of this type, then it would not be proliferating, right? And once that particular genie is outside the proverbial bottle, it\u2019s going to be very hard to decant it again. Already in the UK, the government claims <a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2022\/cyber-security-breaches-survey-2022#key-findings\" rel=\"noopener nofollow\" target=\"_blank\">40% of businesses<\/a> were attacked last year.<\/p>\n<p>When it comes to business, the significance is clear.\u00a0What Apple is offering its own users should surely become the minimum expectation enterprises will make of their own cloud service providers.<\/p>\n<p>That means more security, enhanced security tools, and the highest possible degree of encryption around company data, inevitably including sensitive information like patient and financial data.<\/p>\n<p>We know enterprises need to take security seriously. A rising tide of ransomware and scary statistics show this:<\/p>\n<p>Apple has been <a href=\"https:\/\/www.computerworld.com\/article\/3672528\/apple-wasnt-fooling-when-it-said-it-wanted-to-make-macs-more-secure.html\">heavily engaged in security enhancement this year<\/a>. <a href=\"https:\/\/www.applemust.com\/how-to-use-lockdown-mode-on-your-iphone-ipad-and-mac\/\" rel=\"noopener nofollow\" target=\"_blank\">Lockdown Mode<\/a>, <a href=\"https:\/\/www.computerworld.com\/article\/3663052\/wwdc22-apple-brings-declarative-device-management-to-the-mac.html\">Declarative Device Management<\/a> and numerous improvements in the APIs it offers to MDM providers to protect devices testify to this. In October, it <a href=\"https:\/\/www.applemust.com\/apple-launches-security-portal-blog-and-more\/\" rel=\"noopener nofollow\" target=\"_blank\">launched a security portal<\/a> and increased bounties offered to security researchers identifying vulnerabilities.<\/p>\n<p>The company\u2019s work is being echoed by partners. Jamf, for example, has invested in advanced security telemetry solutions provider, <a href=\"https:\/\/www.computerworld.com\/article\/3674792\/jamf-buys-zecops-to-bring-world-class-security-to-apple-enterprise.html\">ZecOps<\/a>, and is financing <a href=\"https:\/\/www.applemust.com\/jamf-to-fund-new-apple-security-and-enterprise-startups\/\" rel=\"noopener nofollow\" target=\"_blank\">innovative security startups<\/a>.<\/p>\n<p>The work extends to partners. Competitors are working together across the industry to create a <a href=\"https:\/\/www.apple.com\/uk\/newsroom\/2022\/05\/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard\/\" rel=\"noopener nofollow\" target=\"_blank\">secure password-free security model<\/a> for the online world. Work to limit tracking technologies and to ensure user privacy also feeds into this.<\/p>\n<p>Looking ahead to 2023, I anticipate we will see this work intensify.<\/p>\n<p>Why?\u00a0Because in the current geopolitical environment, the scale of state-sponsored security attacks is accelerating, which means every platform provider, government, and enterprise will need to get as tightly locked down as possible.<\/p>\n<p>Apple has already flagged this direction of travel. \u201cWe have much more planned for the coming year, including an expanded research scope for Apple Security Bounty and other program enhancements,\u201d Apple said in October.<\/p>\n<p><em>Please follow me on\u00a0<a href=\"https:\/\/social.vivaldi.net\/@jonnyevans\" rel=\"nofollow noopener\" target=\"_blank\">Mastodon<\/a>, or join me in the\u00a0<a href=\"https:\/\/mewe.com\/join\/appleholics_bar_and_grill\" rel=\"nofollow noopener\" target=\"_blank\">AppleHolic\u2019s bar &amp; grill<\/a>\u00a0and\u00a0<\/em><a href=\"https:\/\/mewe.com\/join\/apple_discussions\" rel=\"nofollow noopener\" target=\"_blank\"><em>Apple<\/em> <em>Discussions<\/em><\/a><em>\u00a0groups on MeWe.<\/em><\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3682889\/apple-sets-a-security-challenge-for-2023.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/11\/holiday-e-commerce_shopping_holiday-hacking_security-breach_retail-security_by-rupixen-via-unsplash-2400x1600-100818135-small.jpg\"\/><\/p>\n<article>\n<section class=\"page\">\n<p>Given Apple&#8217;s big moves this week to roll out new data protection tools for iMessage and allow users to <a href=\"https:\/\/www.computerworld.com\/article\/3682649\/apple-finally-adds-encryption-to-icloud-backups.html\">encrypt\u00a0more of their data in iCloud<\/a>, it seems obvious that security is going to be a major Apple priority in the year ahead.<\/p>\n<h2><strong>Stamping out surveillance<\/strong><\/h2>\n<p>The Biden administration\u2019s decision to blacklist the mercenary hackers at NSO Group was a welcome move, but it hasn\u2019t stopped the &#8220;surveillance-as-a-service&#8221; industry.\u00a0Instead, it&#8217;s atomized it, which means we now have <a href=\"https:\/\/www.seattletimes.com\/business\/technology\/how-the-global-spyware-industry-spiraled-out-of-control\/\" rel=\"noopener nofollow\" target=\"_blank\">more companies offering such &#8220;services&#8221; than ever before<\/a>.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3682889\/apple-sets-a-security-challenge-for-2023.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,714],"class_list":["post-20769","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20769"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20769\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20769"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}