Plaintext: How Will Apple Handle BNPL Fraud?

Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we bring you three stories that made us think: Apple, AI, and Investments. Share the newsletter with a friend!

Apple, AI, and Investments

Looking at BNPL fraud: Apple plans to launch its own “buy now, pay later” platform to help users pay for things over four equal installments, paid monthly without interest. Called Apple Pay Later, the service will raise Apple’s profile in the financial services space. Apple moving into BNPL makes sense, as it is a growing and lucrative market (Experian: The number of BNPL users in 2021 grew to 45 million active users who spent $20.8 billion.). How will Apple handle the fraud problem in BNPL? [Read more How Retailers Can Address Buy-Now-Pay-Later Fraud ]

Reining in AI: As more and more AI applications hit the market, the question keeps getting louder: Who will set the standards for governing this emerging technology? The European Union has been hammering out its rules via the AI Act. While the AI Act, once it passes, will cover only European entities, it may do for artificial intelligence globally what GDPR has done for data security. The AI law will attempt to impose an all-encompassing framework based on the level of risk, which will have far-reaching effects on what products a company brings to market. It defines four categories of risk in AI: minimal, limited, high and unacceptable. It’s possible national authorities may have the ability to audit AI products before they hit the market. The EU AI Act will mainly affect those organizations that already collect and process personal identifiable information. Therefore, it will impact how they use advanced algorithms in processing the data. [Read more EU Debates AI Act to Protect Human Rights, Define High-Risk Uses ]

"The risks are too high for nonbinding self-regulation by companies alone," says Mauritz Kop, Transatlantic Technology Law Forum Fellow at Stanford Law School.

What Are CISOs Buying? More than half of CISOs do not feel senior executives and boards of their organizations provide ample investment to deal with cybersecurity issues, according to a recent Encore.io survey. It’s an intriguing data point, especially considering the results of the CISO survey from Forgepoint Capital, which found significant differences in security priorities based on organization size. Half of small businesses (fewer than 50 employees) said the move to the cloud is driving 75% of their security choices, compared to 73% of medium-sized businesses (50-1,000 employees), 43% of large businesses (1,000 to 10,000 employees), and just 13% of very large businesses (more than 10,000 employees). [Read More In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities ]

Headlines on Tap

• MIT CSAIL researchers develop PACMAN attack to highlight design weaknesses in Apple M1 kernel protections.
• Symbiote Linux malware 'Nearly Impossible to Detect'
• Cisco’s vision for the future of cloud security is based on simplified, horizontal coverage across multi-clouds.

Have you registered for our full-day, free, Dark Reading Virtual Event? Learn more about defense and response at How Data Breaches Happen and What to Do When They Happen on June 23.

On That Note

Forgepoint Capital’s Will Lin steps through the CISO Security Priorities Model report (which we talked about earlier):

Traditional security control areas like network, endpoint, identity, and data remain important priorities for many enterprises. However, digital transformation is bringing new areas of control to the forefront. Specifically, DevSecOps (54%) and cloud, infrastructure, and APIs (62%) were leading areas of control organizations plan to prioritize.