TikTok’s CEO Says The App Has Never Shared Or Been Requested To Share Data With The Chinese Government

TikTok’s CEO is gearing up for his crucial meeting in the US state capital.

He hopes to convince American lawmakers that the company has never ever shared or been requested to share data belonging to US citizens with members of the Chinese government. The news comes amid striking concerns about America’s national security which many believe is at stake and facing a threat, thanks to this app.

TikTok revealed that it would never even honor such requests if they were made to it.

CEO Shou Zi Chew would be testifying in front of Congress on Thursday as per a recently published statement set out by the country’s House of Representatives Committee.

He similarly mentioned that TikTok’s parent company called ByteDance isn’t owned or controlled by any Chinese firm or governmental organization. It functions independently of all others, adding how ByteDance isn’t China’s agent or an agent belonging to any other global nation.

So many critics of the app claim that they fear TikTok is passing on sensitive information to Chinese Government officials and prompting a leading number of calls to apply a ban on the platform due to these actions.

In the past week, TikTok mentioned how the goal of the Biden administration is to put more pressure on the app and make it separate from its Chinese parent firm ByteDance. It called for it to divest its stake in the platform or face a potential ban on the platform across the US.

Chew’s testimony added how it’s clear that bans would only be appropriate when you find no alternatives but in this case, there seems to be one so a ban is not the right solution.

It was only a few days back that the TikTok CEO added how the solution to the problem is not dividing the company or selling off the US division. That would not prove any accusations to be true and neither would it find the way out of the problem.

Similarly, the popular social media app says it has spent a staggering $1.5 billion on efforts calling for stringent data security efforts. This campaign is called Project Texas and so many lawmakers have tried hard to convince others including the Biden administration that is plan needs to be supported.

Now, it’s up to the Congress to pass its final judgment on what it feels is necessary to do during this crucial moment in time.

Read next: TikTok Assures Advertisers Everything Will Be Okay Despite A Potential Ban In The US
by Dr. Hura Anwar via Digital Information World

What Is the Supply Chain Threat and How Does it Impact Businesses Everywhere?

What Is a Supply Chain Attack?

A supply chain attack is a type of cyberattack that targets the software and hardware components of a supply chain. A supply chain is a network of organizations, people, activities, information, and resources involved in the creation and delivery of a product or service. In a supply chain attack, an attacker targets a supplier of a company or organization to gain access to the targeted organization's network or data.

Image: freepik/rawpixel

The goal of a supply chain attack is to compromise the security of the targeted organization by exploiting vulnerabilities in the supply chain. Attackers may use various tactics, such as tampering with the software or hardware components of the supply chain, introducing malware into the supply chain, or stealing sensitive information from suppliers.

Supply chain attacks are becoming increasingly common, as they provide attackers with a way to compromise multiple organizations through a single point of entry. Such attacks can be difficult to detect and defend against, as the affected organization may not be aware of the compromise until it's too late. Therefore, it's important for organizations to assess the security of their supply chains, implement appropriate security measures, and monitor their supply chain for potential vulnerabilities and threats.

How the Supply Chain Threat Impacts Businesses

Supply chain threats can have a significant impact on businesses, including the following:

• Financial impact: Supply chain threats can result in significant financial losses for businesses. For example, if a key supplier experiences a disruption or outage, it can result in production delays, missed delivery deadlines, and lost revenue.
• Reputation damage: Supply chain threats can also damage a business's reputation, particularly if they result in customer dissatisfaction or negative media coverage. Customers may lose confidence in the business's ability to deliver products and services, leading to lost sales and reduced brand value.
• Operational disruption: Supply chain threats can disrupt business operations, leading to delays, cancellations, and other issues. For example, if a supplier experiences a cybersecurity breach, it can result in downtime, lost productivity, and other operational challenges.
• Regulatory and compliance issues: Supply chain threats can also lead to regulatory and compliance issues, particularly if they result in data breaches or other security incidents. This can result in fines, legal action, and other penalties that can have a significant impact on a business's bottom line.

Research from BlackBerry revealed that in 2022, four out of five (80%) organizations were alerted of a vulnerability or attack in their software supply chain. The survey, which collected information from 1500 IT and cybersecurity decision-makers across the US, UK, and Australia, sheds light on the impact of supply chain attacks on businesses.

Over half of the organizations under attack experienced data loss (58%), operational disruption (58%), intellectual property loss (55%), and reputational loss (52%), and nearly half (49%) suffered financial loss. 53% of these organizations recovered within a week, 37% took an entire month, and 10% needed as much as three months to recover.

Types of Supply Chain Attacks

Supply chains can target any organization using third-party vendors for software and infrastructure. These attacks can be grouped into the following categories:

Physical supply chain threats

This type of attack involves compromising the physical security of the supply chain. It can include theft, tampering, or interception of goods during transportation or storage. Attackers can gain access to the supply chain by posing as suppliers, using fake documents or exploiting vulnerabilities in logistics systems.

Software supply chain threats

Software supply chain threats involve attacking the software components of the supply chain, such as the tools, libraries, or frameworks used in software development. Attackers can introduce malware, backdoors, or other malicious code into the software components, which can then spread to other systems in the supply chain. This can be done by exploiting vulnerabilities in the CI/CD pipeline, using fake or compromised software packages, or exploiting weaknesses in software update processes.

Digital supply chain threats

Digital supply chain threats involve attacking the digital assets used in the supply chain, such as the data or communication systems. Attackers can use various techniques, such as social engineering or ransomware, to gain access to the digital assets of the supply chain. This can result in data theft, system downtime, or financial losses.

Business email compromise

Business email compromise (BEC) attacks involve impersonating a trusted supplier or vendor to gain access to sensitive information or payment details. Attackers can use phishing emails or other social engineering techniques to trick employees into revealing information or transferring funds to fraudulent accounts.

Insider threats

Insider threats involve employees or contractors of a supplier who intentionally or unintentionally compromise the security of the supplier's network. This can include stealing data, installing malware, or providing unauthorized access to third parties.

How to Ensure Supply Chain Security

Conduct Asset and Access Inventories

Conducting asset and access inventories is an important step in ensuring supply chain security. It involves identifying and cataloging all the hardware, software, and data assets within a supply chain, as well as defining who has access to them.

The purpose of conducting asset and access inventories is to gain a comprehensive understanding of the supply chain and to identify potential vulnerabilities that may exist. For example, if a supplier has access to sensitive information, but their security controls are weak, it can pose a risk to the security of the entire supply chain.

To conduct an asset and access inventory, organizations should follow these steps:

1. Identify all the assets within the supply chain: This includes hardware, software, and data assets. Organizations should have a clear understanding of what assets are in the supply chain, where they are located, and who has access to them.
2. Categorize assets by their level of criticality: Not all assets within the supply chain are equally important. Organizations should categorize assets based on their level of criticality to the business, such as sensitive data or mission-critical systems.
3. Identify who has access to the assets: Organizations should have a clear understanding of who has access to each asset, including employees, contractors, and third-party suppliers. Access should be defined based on roles and responsibilities, and organizations should have processes in place to manage access.
4. Assess the security controls in place: For each asset, organizations should assess the security controls that are in place to protect it. This may include physical security measures, such as locks or surveillance cameras, as well as technical security controls, such as firewalls or encryption.
5. Identify potential vulnerabilities: By assessing the assets and access controls in place, organizations can identify potential vulnerabilities and gaps in their supply chain security. This information can be used to develop a plan to address these vulnerabilities and reduce the risk of supply chain attacks.

Using Automated Security Testing Tools

Automated security testing tools can help organizations to identify and fix potential security issues before they can be exploited by attackers, including potential vulnerabilities in software components used in the supply chain, such as libraries, frameworks, and applications.

Here are some examples of automated security testing tools:

• Static application security testing (SAST): SAST tools analyze the source code of an application to identify potential vulnerabilities, often by using a set of rules to detect coding errors such as buffer overflows. SAST tools can help developers identify security issues early in the development process, reducing the risk of security flaws being introduced later in the supply chain.
• Dynamic application security testing (DAST): DAST tools test running applications to identify security vulnerabilities. These tools simulate attacks against an application and identify vulnerabilities that can be exploited by attackers, such as SQL injection or cross-site scripting (XSS). DAST tools can help identify security issues that may be missed by SAST tools.
• Software composition analysis (SCA): SCA tools analyze the software components used in an application to identify known vulnerabilities. These tools check the software components against a database of known vulnerabilities and provide a report on any issues found. SCA tools can help identify vulnerabilities introduced by third-party components used in the supply chain.
• Interactive application security testing (IAST): IAST tools combine the features of SAST and DAST tools to analyze the running application's code and identify potential security issues. IAST tools can identify vulnerabilities such as code injection or authentication bypass by monitoring the application's code while it's running. This provides a more comprehensive assessment of the application's security posture.

Beware of Dependency Confusion Attacks

Dependency confusion attacks are a type of software supply chain attack that target software development pipelines by exploiting the use of third-party dependencies. Many software development projects rely on third-party libraries and components, which are often obtained from public package repositories. Dependency confusion attacks take advantage of the fact that these repositories are not authenticated, and there is no mechanism in place to prevent the use of malicious or unauthorized packages.

In a dependency confusion attack, attackers upload malicious packages to public package repositories, which are designed to mimic the names and version numbers of legitimate packages used in software development projects. When the software development pipeline runs, it downloads the malicious package instead of the legitimate one. This can lead to the introduction of malicious code into the software, which can compromise the security of the system and allow attackers to gain access to sensitive information.

To protect against dependency confusion attacks, organizations should take the following steps:

• Use reputable sources for dependencies: Organizations should use reputable sources for third-party dependencies, such as the official websites of the package providers, rather than relying on public repositories.
• Use checksums to ensure package integrity: Developers should use checksums to verify the integrity of the packages they download. Checksums are a type of digital fingerprint that can be used to ensure that a package has not been tampered with or corrupted.
• Use explicit dependencies: Organizations should use explicit dependencies to ensure that the software development pipeline only uses the packages that have been explicitly specified. This reduces the risk of using unauthorized or malicious packages.
• Monitor package usage: Organizations should monitor the usage of packages in their software development pipelines to identify any unusual or unauthorized packages. This can help detect and prevent dependency confusion attacks.

Elevate Third-Party Risk Management

Third-party risk management involves assessing the security practices of third-party suppliers and vendors that provide goods or services to the organization. To elevate third-party risk management, organizations should take the following steps:

• Security assessments: Organizations should conduct thorough security assessments of third-party suppliers and vendors to identify potential vulnerabilities and risks. This can include reviewing security policies and procedures, conducting security audits, and assessing the suppliers' security practices.
• Contractual security obligations: Organizations should establish clear contractual security obligations with third-party suppliers and vendors. This can include requirements for data protection, security controls, and incident response. These obligations should be clearly defined and enforceable to ensure that suppliers and vendors take security seriously.
• Monitoring third-party security: Organizations should implement ongoing monitoring of third-party security practices to ensure that suppliers and vendors are maintaining the required security standards. This can include regular security assessments, vendor reviews, and audits.
• Security certifications: Organizations should require third-party suppliers and vendors to provide security certifications and attestations, such as ISO 27001 or SOC 2. These certifications and attestations provide assurance that the supplier or vendor has implemented a comprehensive security program.
• Incident response: Organizations should establish incident response procedures for third-party security incidents. These procedures should define how to detect, respond, and report incidents involving third-party suppliers and vendors.

Conclusion

As the complexity and interconnectedness of supply chains continue to increase, so does the risk of supply chain attacks. It's critical for businesses to take proactive steps to protect their supply chains, including conducting asset and access inventories, using automated security testing tools, elevating third-party risk management, and implementing other security best practices.

Organizations that fail to take supply chain security seriously are at risk of experiencing severe consequences, including data breaches, business disruptions, financial losses, intellectual property theft, compliance violations, and reputational damage. By taking a comprehensive and proactive approach to supply chain security, organizations can reduce the risk of supply chain attacks and protect their operations and customers from potential harm.

by Web Desk via Digital Information World

E-Commerce Sites Are Using Dark Patterns to Fool Consumers

Ecommerce sites need users to stick with them through thick and thin, but in spite of the fact that this is the case they tend to use some rather underhanded techniques to make that happen. For example, many ecommerce sites are guilty of using trick questions. If you were to try to cancel your subscription, you will be posed a question that will mix up the answers. This might trick you into keeping your subscription, even though your goal had been to get rid of it.

With all of that having been said and now out of the way, it is important to note that these are just some of the dark patterns that companies tend to deploy. One of the most egregious ones involves adding items to a user’s basket without telling them. This will occur regardless of whether or not the user has even shown an interest in the product to begin with.

Ecommerce companies are also notorious for the disparity between signing up and cancelling a subscription. Signing up is something that usually requires little more than a click, but if you want to cancel this subscription you might have to make a call to a helpline and jump through countless hoop. This makes cancellation far harder than might have been the case otherwise.

A fourth dark pattern that can be noted has actually been named after none other than Mark Zuckerberg. The way Zuckering works is that it essentially fools you into thinking that you need to share certain private information, even if it is not altogether necessary.

Companies take part in such practices because of the fact that this is the sort of thing that could potentially end up boosting their revenue streams. The use of dark patterns is still somehow legal, so it is not all that likely that they will go away in the near future.

Instead, consumers will need to be wary of them and figure out what they can do to avoid falling prey to them. As the ecommerce industry grows, such dark patterns would need to be addressed in order to make the industry safer.

H/T: Merchantmachine

Read next: Americans Agree: Online Oversharing is Out of Control
by Zia Muhammad via Digital Information World

Organizations Waste 10% of Their Budgets on Unused Software Infrastructure, New Survey Reveals

Most organizations that are hoping to turn a profit need to invest heavily in all sorts of things. In spite of the fact that this is the case, not all of their investments are going to end up providing the kinds of returns that organizations are hoping for. A survey from YouGov and Oomnitza just revealed that organizations might be overshooting the necessary investments into software infrastructure by around 10% with all things having been considered and taken into account.

Essentially, organizations that are cognizant of just how important cloud computing and software architecture is going to be can often be rather trigger happy with spending money. With all of that having been said and now out of the way, it is important to note that this wastage can go up considerably based on the size of the company in question.

If we were to take a look at companies working in the fields of utilities and infrastructure, things start to look even worse than might have been the case otherwise. 43% of companies in this field waste around 10 to 20% of their annual software budgets on things that are not all that necessary. The proportion is around 32% for firms that are providing professional services.

Firms tend to rely heavily on manual processes, and this might make the problems even worse than they need to be. Manual processes can create inefficiencies, but they are just one of the many issues that are causing financial wastage in this arena.

Companies often make an inaccurate prediction about software that they need, and they also take a very long time in suspending licenses once the lack of usefulness comes to the fore. Such practices can be detrimental because of the fact that this is the sort of thing that could potentially end up wasting money that could have been spent on far more necessary things. Some streamlining is warranted here. Companies have to automate the predictions they’re operating under, and they must also eliminate or at the very least reduce waste with the right amount of haste to minimize losses.

Read next: Metaverse Dreams Take a Backseat As Generative AI Funding Takes the Lead
by Zia Muhammad via Digital Information World

Is Crypto Still Trending In 2023? This New Cryptocurrency Adoption And Sentiment Report Has The Answer

2022 was a highly unpredictable year in the world of cryptocurrency. It began on a high with so many celeb-themed marketing campaigns and plenty of advertisements linked to the Super Bowl. Unfortunately, it did not end as predicted with market shares exhibiting a 60% decline.

So many supporters of crypto were disappointed and it was nothing less than a crisis that arose. While some did see it as a ripe opportunity for investments, the majority viewed the conditions as mixed signals.

Now, as we make our way into the year 2023, we’re saying hello to a lot more uncertainty. The prices have increased slightly and the federal government continues to crack down against those taking part in trading. This coupled with the high risks attached, thanks to scams is definitely not the best news any investor would wish to hear.

Against such a background comes a new report which is a part of the third yearly study linked to crypto. It gathers so many insights from nearly 1200 US citizens. Here is where researchers took on some public perceptions, planned activities, and the confidence of people that make up today’s market.

Some key findings were witnessed, including the following as delineated below.

For starters, while the awareness of the crypto market was undoubtedly there, the rates of ownership were seen dropping from 33% to 30% in terms of American adults.

Next, the researchers noticed investors declining by almost 50% in 2022 when compared to the last two years before that. After that, only one in three owners of crypto has ended up making a profit on investments. However, they remain optimistic for obvious reasons. Today, 75% of them expect the market to continue holding its value or experience some sort of rebound this year.

Similarly, 50% of crypto owners hope to expand their respective portfolios by next year. Also, 5% of non-owners hope to make investments in this regard for the first time ever.

The report really showed how the awareness of cryptocurrency was increasing as we speak So many people were more aware of the trend this year when compared to the last two years with the percentage currently standing at 69%.

However, while the amount of awareness is peaking, so is the negative connotation of crypto in people’s minds. Despite that, one-third of Americans possess crypto tokens, as unveiled by this report.

As far as who is more interested in this trend. Well, it’s young to middle-aged men who are dominating this industry. Stats proved that 43% of males were more likely aware and willing to invest than females who stood their ground at 18%.

The age group of crypto token holders lies between 30 to 44. They are old enough to understand the meaning and hold some disposable income.

When the respondents were asked which year did they feel the most comfortable in making crypto investments, it was actually 2020 and 2021. And yes, there are plenty of cryptocurrencies in the market today.

But as far as 2023 is concerned, it’s Bitcoin that the majority continue to invest in. Around 78% claim they have supported this form of crypto this year, followed by Ethereum and Shiba Inu.

Over the years, the report shows how the stats related to different cryptocurrency investments have not majorly reshuffled. This is clear evidence of how so many people aren’t willing to sell off their tokens when the market is running at a decline or things are unpredictable.

Lastly, when asked why people continue to invest in crypto, the majority of respondents claimed that they saw it as an asset that would diversify their respective investments.

Read next: 87% of UK Adults Have Encountered Scams, New Survey Reveals
by Dr. Hura Anwar via Digital Information World

The Lowdown on Content Formats: Which One’s the Best?

Content is king, this much is quite clear with all things having been considered and taken into account. Marketers around the world put enormous amounts of effort into creating content so that they can figure out the right way to reach consumers that would be willing to buy products. Oftentimes it is the content itself that is the product, but in spite of the fact that this is the case the approach to said content would still be the same.

When asked which format for content worked best for them, marketers had quite a lot to say. Responding to a recent Semrush survey, 45% of marketers stated that video was the biggest priority for them. That makes a lot of sense because of the fact that this is the sort of thing that could potentially end up capitalizing on the current short form video trend that is taking over the entire world.

With all of that having been said and now out of the way, it is important to note that videos were not the only type of content that could be published. 31% stated that short form articles gave them the best possible type of performance that they could hope for. 28% also stated that turning success stories into content was yet another great way in which it could be optimized to a large degree.

19% also said that publishing case studies was a successful way to get there content out there. This just goes to show that while video is extremely popular, it is by no means the only option that content marketers can check out. Indeed, short form articles are a perfectly viable alternative that can provide a lot of progress.

All in all, this suvey has revealed that there is actually a lot of diversity when it comes to content performance. Video performs the best by far, but even if it is not included in a marketing strategy, a decent output could be developed through a mix of short form articles and success stories. Infographics were also considered high performing by 17% of survey respondents based on the survey.

Read next: Ad Revenue Hits 5 Year Low, Here’s What That Means for the Industry
by Zia Muhammad via Digital Information World

What’s the Best Way to Boost SERP Rankings?

Marketers have to focus on a number of different areas in order to improve the overall performance of the sites that they have been tasked with handling. SEO tends to be singular in the level of essentiality it holds, but in spite of the fact that this is the case there are countless ways in which it can be approached. A survey from Semrush has revealed the insights into what marketers prefer in terms of boosting search engine page rankings.

With all of that having been said and now out of the way, it is important to note that content continues to reign supreme. The top three chosen tactics in this survey were all content adjust to some degree. At the top of the list, with 55% of marketers selecting it, was creating a larger quantity of content and upping the frequency with which they post said content onto various platforms.

Improving the quality of the content came in at a close second. 53% of marketers said that they wanted to focus a bit more on making their content more valuable, and offering something that is higher in quality is a surefire way to do so with all things having been considered and taken into account.

There is also a bit of a trend in researching content to make it more appealing to a wider range of audiences than might have been the case otherwise. 37% of marketers said that they want to do more research, and these three insights top the rankings in terms of what advertisers are focusing on in 2023 so far.

However, keywords are not exactly falling out of prominence. 36% of marketers said that keywords continue to be a prime focus for them, and 35% said that they want to figure out what search intents they need to tackle to get more eyes on their content. There are several methods that are at the disposal of marketers, and they all need to be used in tandem with one another. No single silver bullet can fix all of the marketing issues that are taking over the industry at the present moment.

Read next: Web data is a game changer for business professionals according to this study
by Zia Muhammad via Digital Information World