Free Apps are Mining Data and Creating Vulnerabilities

March 17, 2023
Tik Tok, the Chinese-owned video-sharing app has been under increasing scrutiny over its security and data privacy,

March. 16, 2023 —The following was forwarded to me earlier today and I think it is an example of why there is such an uproar these days about the Chinese-owned and controlled TikTok. What most people, especially younger folks—don't care, about is that it is data that is the 21st Century Gold. Gathering, analyzing and synthesizing data for information on people and organizations is what it is all about. It might just be personal health data that is one bit of the profile they are interested in. If anything, the Chinese are experts in "playing the long game" and it might not be an immediate need, but they are collecting data for simple collection purposes.

TikTok has been banned from UK government phones amid growing concerns around the Chinese-owned video app. The global move follows similar rules in the US. In December, President Joe Biden signed legislation prohibiting TikTok on federal government devices, joining what has become a list of more than half of US states. The European Commission, the EU's executive arm, also banned employees from installing TikTok on corporate and personal devices. The US started a campaign to ban TikTok, and now the rest of the world is following suit.

The Chinese-owned video-sharing app has been under increasing scrutiny over its security and data privacy, with major concerns it could be used to promote pro-Beijing views and illicit malicious cyber-attacks.

Ross Brewer is the CRO at SimSpace, which provides military-grade cyber ranges, which are now being utilized by governments, nation-states, and private sector companies including the top 5 US banks, allowing them to assess the ability to defend themselves from attackers from threat actors.

Ross Brewer, Chief Revenue Officer (CRO) at Global cyber firm SimSpace comments:

"The move by the UK government to ban TikTok on government-issued devices is an acknowledgment of the high volume of intelligence that is being gathered by foreign nations and criminal gangs. The data gathered can then be used in further cybercrime activities by malicious hackers and the criminal networks working on their behalf. The geopolitical environment in Europe has exposed the world to what those working in intelligence and cybersecurity have known for decades. Countries like Russia, China, North Korea and Iran are prepared to go far beyond acceptable operating norms to achieve their goals. This is a wake-up and smell-the-coffee moment for the general public. The everyday citizen needs to understand that the way they use technology can not only impact them, it can also lead to their family, friends and employer being put at risk.

If you are using an app for free, this generally means the app provider is using you. You need to ask yourself, "why". Not only should governments be paying attention to this issue, but commercial organizations need to be alert to what applications are on their employees' devices and educate them on the risks. That way, governments and businesses can work together in an effort to provide a united front. Organizations in the U.K. and across Europe are now deploying the same military-grade cybersecurity simulation, testing, training, and live-fire rehearsal environments used by the US government. Governments and industries like the financial services market are conducting global and joint exercises to put their cybersecurity teams through highly pressured, technical, hands-on simulations to prepare them for their worst day in cyber i.e., a crippling nation-state attack.

While organizations have a huge number of cybersecurity tools and highly talented people to manage them, those teams, although wildly talented individually, seldom dedicate the time to training together as a team. Imagine any world-class sports team training individually but rarely coming together to practice as a team. Sadly, due to staff shortages and high workloads, this is the case in many cybersecurity teams today. With cybercrime becoming the number one issue for enterprises, boards, executives, regulators and insurers, paying more attention to these issues and investing accordingly should be at the top of their agenda."

(c)2023 Government Technology

Visit Government Technology at www.govtech.com

Distributed by Tribune Content Agency, LLC.