Tuesday, 17 October 2017

IAB LAUNCHES VIEWABILITY SDK

mobilemarketingmagazine.com
The Interactive Advertising Bureau (IAB) Tech Lab has released an Open Measurement Software Development Kit (SDK) to deliver data about ad viewability in apps. 

The in-app SDK is available now in limited beta purely for members of the Open Measurement Working Group, for testing. While the SDK has gone through extensive review and testing within the Open Measurement Working Group, which develops and maintains the SDK, the limited release will enable the IAB to collect feedback from integration partners and make any necessary adjustments before the SDK is made more widely available. 

The SDK consists of a native library for iOS and Android, as well as a JavaScript API, named OMID (Open Measurement Interface Definition), to communicate with measurement tags in a standard fashion. Initially, the SDK aims to deliver viewability metrics for in-app ads, including display, video, interstitials, and native ads. The IAB is also working on a similar solution for websites which it hopes to release early next year.
Open Measurement Working Group members Eric Picard, Pandora VP, and Brad Beal, senior product manager at Pandora, explained the reasons for the launch of the SDK in a blog post, saying: 

“Despite the complexity of supporting numerous viewability vendors on the web for any publisher, advertiser, agency, or vendor in the space – the challenge of supporting multiple vendors in mobile in-app environments has been nearly impossible to solve so far. The proliferation of vendors with their own software solutions that need to be supported in-app was causing complexity. Publishers were finding it difficult to maintain their apps and stay up to date with SDKs, and, there were discrepancies between vendors that were hard to understand and debug. Buyers were finding that inventory supply was becoming fragmented since not all publishers supported all vendors, which either restricted their options in media planning or forced them to work with different measurement partners across different publishers. And, as an industry, we frankly were not collaborating as much as we should have been to end the proliferation of fraud.”

The post goes on to explain that integrating software code from a third party into the code of the mobile app itself is fraught with all sorts of complexity and risk. “Mobile app developers must incorporate a Software Development Kit (SDK) into the code of their app to support the vendor’s tracking and analytics,” it says. “From a resourcing and time perspective, integrating with just one SDK can be costly for an organization. The process requires not only coding, but also significant testing on an ongoing basis to ensure the stability of the app. Couple this with regular SDK updates, essentially repeating the cycle, and the costs become prohibitive. And even then, SDKs can and do cause instability.”

The IAB initiative will enable publishers to deliver viewability metrics, supporting independent third-party measurement from multiple sources through the integration of one single SDK. And while there is no guarantee that the IAB’s SDK will be widely adopted, it’s worth noting that the Open Measurement Group includes some of the major players in the measurement space, including Moat, Integral Ad Science, Nielsen, Google and DoubleVerify.

'App Gap' Crisis? Big Data Visionary Urges Test Automation Rethink In IoT Age

forbes.com
Crisis? What crisis? No, I'm not talking about the 1975 Supertramp album, but research from a global leader in the test automation space demonstrating the “acute pressure” facing businesses to deliver apps in the Internet of Things (IoT) and digital era. It reveals that half of companies in the US and the UK admit to releasing apps before completing “quality testing.”
And, enterprises are being urged by the British CEO spearheading the test automation firm’s endeavours to rethink test automation to avoid the “app scrapheap.” But are matters getting to a crisis in the apps space?
In the survey commissioned by Testplant, a UK headquartered firm with a R&D presence in Boulder, Colorado, which provides what is touted as user-centric, digital automation intelligence solutions to enhance the quality and performance of the digital experience, canvassed 750 development team leaders in Britain and the United States to derive its findings.
The sample of canvassed ranged from telecoms companies, financial services groups, retailers and manufacturing firms - from listed to reasonably large companies - as well as government organizations. And the rationale for conducting the exercise was to validate what Testplant felt was the reality on ground and current thinking by companies.

The results come a month after Testplant, in which Carlyle Group’s European TMT-focussed fund invested €657 million (c.$696m) last year, launched its AI-powered Digital Automation Intelligence Suite, which brings to testing and the promise of “full automation and predictive analytics” to ensure their customers have a robust digital experiences.
Clearly, improving user experience (UX) and productivity are the keys to success in a digital world. But it would seem not all companies are up to speed given the survey’s results, which were conducted on its behalf by Kickstart.
Given that the manual testing market today is worth around $33 billion (bn) globally, if one could use Artificial Intelligence (AI) to augment humans to make them more productive the spoils on offer could be sizeable.
(Image: Shutterstock).
Roy Cornelius, Principal Architect (Digital Apps), IT Centres of Excellence, at BT Group, reflecting in the wake of the recently conducted survey said: “Test Automation is now a critical business requirement in the world of Digital and Mobile Apps. Rapid time-to-market and delighting customers are imperatives to business success.”
He added: “Expanding automation to assist with not just test automation, but also test case creation and test results analysis is a vision I share. And this must be done ensuring an optimal digital experience on any device or network.”
John Bates, CEO of Testplant, who urged enterprises to step up to the plate and commenting said: “To win in the Digital World and avoid the ‘app scrapheap’, enterprises must go beyond the current approaches to test automation. Testing must transition to become a profit center - testing not just code quality and app performance, but delivering predictive business metrics like satisfaction and retention.”
Cambridge University educated Bates, who has been recognized as a fintech and Big Data visionary and will move between TestPlant’s London HQ and their U.S. office in Boulder, added: “Only companies that adopt intelligent, end-to-end test automation approaches for software and apps will be able to keep pace with customer demands and the DevOps teams that support them.”
Productivity Gaps
Given that almost 1 in 4 people who download an app only use it once, and 51% of users do not download any apps in a month, things might well need to change and on testing front. However, at the same time, 86% of test teams say they are meeting their test objectives.
This it turns out is because organizations have “made testing more about code compliance checking rather than about delighting users” according  to Testplant. The upshot is low user adoption, engagement and revenue. And, in turn this creates a gap in user experience.
Concurrently with all this happening, DevOps, mobile and IoT, digital, and consumerization are hugely increasing the scope of testing, but shrinking time to delivery.
Teams are in consequence unable to keep up with the pace of DevOps, or deliver what the business wants - even with the budget they have requested. This creates productivity gaps in time to market and efficiency.
App Market & Economy
Last October, market intelligence firm Newzoo released its first Global Mobile Market Report, which included global app revenues and forecasts, device brand market share and smartphone penetration, which estimated that global app revenues will reach $44.8bn in 2016 and grow to $80.6bn by 2020. But the figure rather depends on which markets and segments are included.
More recently in June 2017, a report from app analytics firm App Annie projected that the global app economy would be worth $6.3 trillion (trn) by 2021 - against $1.3trn last year. And, over this time horizon the user base using apps will see an almost doubling to 6.3bn from 3.4bn people.
Mobile commerce was cited in this report as being the single largest driver of growth for the app economy, increasing from $344 per user to $946 by 2021. Asia will witness the quickest growth, reaching $3.2 trillion (trn) in 2021, followed by the Americas hitting $1.7trn and the EMEA region at $1.0trn.
Testplant’s survey titled ‘Application Crisis Research’, which was conducted amongst development team leaders on both sides of The Pond, revealed that 68% plan to build more apps during the next twelve Months. At the same time as reporting increased volumes of development, 91% of developers agree that user expectations for innovation and quality have also increased.
The ‘App Complexity Crisis’
The research, confirming that organizations are not only planning to build more apps in the next year, noted that they will be more complex. Over the next 12-18 months, 50% of the sample said their companies will develop more apps with IoT components, more than half (58%) indicated that their companies will develop more apps with Artificial Intelligence (AI) components, and 62% of  enterprises will increase the amount of apps deploying machine learning/deep learning components.
In addition, 42% believed that they are expected to design, develop and test apps in an “unrealistic amount of time”, with over a third (36%) admitting they are not given enough time to ensure apps are properly tested before deployment.
Just over four fifths (81%) expressed the view that with more time, apps deployed by their team would have a greater impact on the business.
Over half of the respondents (56%) agreed that use of outdated techniques and tools is “holding them back” from meeting the demands of the digital world. And, 75% agreed that with better tools, apps deployed by their team would also have a greater impact on the business.
Pressure Cooker & Crunch Point
Of the survey respondents, 60% said the majority of pressure comes from within the company, whereas nearly half (49%) indicated pressure comes from competitors.
Two-thirds  (66%) of the companies canvassed felt pressure from their company to innovate quickly and worryingly according to the Testplant’s survey, this resulted in 49% putting out apps “before they go through ideal testing.” Just under half (45%) knowingly put out apps that “will perform below initial requirements”, it was found.
And when it comes to specific app testing, automation beyond execution was ranked as the “most critical challenge” by 67% of the sample, though 70% claimed they are now more focused on automated testing than they were in the past.
Bates, who was previously CEO of PLAT.One, a company with an enterprise-grade IoT platform acquired by SAP back in September 2016, asserted: “It is reaching a crunch point for businesses, under pressure to provide the most amazing services and apps to consumers, and development teams facing internal and competitive pressures, as organizations rush towards digital transformation.”
He added: “Companies are struggling to keep up with the pace of digitalization and there will be a quality toll unless businesses see the imperative to completely re-think their traditional development processes and move towards more automated, intelligent solutions and tools.”
Digital Automation & Testing
Speaking on the sidelines of a Digital Automation Intelligence Roadshow at Absolute on the 29th floor of the Millbank Tower in London hosted this week, Dr Bates said: “It has moved from testing being about checking that the code [for an application] works, to now that in order for an application to be successful, does it delight the customer, does it get 5 stars in the App store and does it have a high net promoter score?”
He added: “An app success is not just about does it work, but does it win, does it delight the customer and does it get 5 stars? And. that is all about the user experience.”
As such Testplant’s goal is to use AI and analytics to automate it all, and according to Bates “figure out the system, to automatically create the test cases and coverage, then to analyse the results and to learn using AI.”
Making an analogy in his presentation in London, Bates said that in terms of where we currently are and mapping historically for where testing is: “We are not exactly in the dark ages, but probably in 1815 in terms of the use of real-time data. We are not learning from testing, not feeding it back and not using AI. Although we are automating tests, they are manually created just like algorithms. So, we are not considering what to test but automating the test process.”
The “real opportunity” for disruption in the testing space according to Bates is to “move to an AI-powered” learning approach to testing the system. Effectively, this involves analysing the system, automatically building the script and running them.
A tester’s job will never be easy given that the systems they work with vary in scale, complexity and cost, and systems development projects differ in timescales and the pressures facing participants in the space.
As Paul Gerrard, Principal of Gerrard Consulting and a member of the Working Party that produced the Component Test Standard (BS 7925), who attended the event in London, stated in ‘The Tester’s Pocketbook’: “Process-heavy technologies, technically dazzling tools and agile approaches work well in the right context but all have their shortcomings: high ceremony, cost, maintenance and ineffectiveness; poor productivity, reliability, accountability and return on investment.” But with AI and enhanced analytics we might just get there.
Testplant convenes its next digital automation intelligence roadshow in Los Angeles on Tuesday, 17 October, 2017, which will hear speakers including Anthony Edwards, Testplant's CTO, Michael Silverman of FIS and Samir Shah from UCLA Health. Thereafter it moves to Dallas on October 19 and Philadelphia in early November.

Friday, 13 October 2017

What is Link Retargeting?

blog.retargetlinks.com
Link retargeting
To put it simply, link retargeting is just like traditional ad retargeting. The key difference is that instead of having to send customers to your site, you can display retargeted ads based on the link they click. And it can be any link – not just to your website.
Link retargeting really allows you to take your content, social, email, or even AdWords marketing farther! We’ve put together five key tips you need to know to get started.

Can I shorten a link to any content?

The short answer (pun intended!) is yes! You can shorten any link on any platform to any site. To make the most of your efforts, we recommend making sure the content is relevant to your brand. This way, you’ll improve the odds that your target customer will click.
As an example, Pampers is using link retargeting to target ‘first-time moms’. They chose to direct their audience to a relevant article in Parents Magazine: “How to prepare for your first baby?”
Link retargeting in Pampers social media campaign with short link
Step 1: The advertiser posts “retarget” short links through social media, email, press or influencer platforms.
Link retargeting launches Pampers banner ads from social media campaign
Step 2: The service will retarget only those that click on the link. In this case, it will show 150,000 banner ads to 10,000 people.

Can I use link retargeting on a standard “long” link?

Link retargeting is not possible with a standard link. This is because it requires specialized technology that allows the link to place a retargeting cookie on the computer of the person who clicks.
We’ve developed this software to make it really easy for you to turn your standard links into retargeting short links. All it takes is the click of a button in your RetargetLinks dashboard.

Can I customize my short links?

Absolutely. Our short links are quite flexible, to allow you to have them appear exactly how you’d like.
You can customize the default re.tc links (this is a link to our patent for example: re.tc/patent). You can also request a short vanity URL (su.tt or jmpr.rocks are examples from some of our clients).
Note: In the vanity URL example, you’ll need to buy the short domain name first and then follow the instructions provided in your dashboard to start link retargeting using your own short links.
When running AdWords campaigns, you’re actually able to hide the short link within your AdWords ad link (see more here on how to set up a search retargeting campaign).

How many ads will be shown and where?

Our default volume cap (the maximum ads we show per person) is 15. This displays up to 9 ads per week, 5 ads per day, and 2 ads per hour, depending on the audience. We do this to keep your brand top of mind over a two to three week period, following the launch of your campaign.
We display banner ads just like a traditional retargeting tool. Your ads will display in Google AdX, OpenX, Rubicon, AppNexus and other real-time bidding platforms across premium online publications like Vogue, Elle, Fortune, FastCompany, Wall Street Journal and all other ad-supported sites.

How do I know if my link retargeting campaign is working?

There are three key metrics we use to determine whether a link retargeting campaign is working. They are: link clicksad clicks, and conversions. We’ve included some steps here to show you how to measure these metrics.

Step One – Measure Your Link Clicks

Make sure your link retargeting campaign is reaching your target audience. Emails, online articles, social media posts, newsletters, press releases, and even Google AdWords are all ways for you to share your short links.
If you’re just starting or are looking to reach out to more targets, we recommend using RetargetLinks as a prospecting tool. You can do this by boosting posts on social media channels, or paying for ads in Google AdWords.
Then, you can tell if your campaign is working by looking at the number of link clicks on your Links Dashboard (see below).
Link retargeting performance dashboard
Pictured above is the Links Dashboard> Here, you can monitor the efficacy of your audience building (or number of cookies dropped) for each campaign.
If you’re sharing the right content to the right audience on the right channels, you’ll have a lot of clicks. The example you’ll see next is from a campaign run by the team at Traction Conference. As a result of their RetargetLinks content campaign, they had 85,138 clicks (58,296 unique) from 873 links shared via their email newsletter (direct), Twitter and Facebook pages.

Step Two – Measure Your Ad Clicks

The second indication to help you measure your campaign is to look at the number of ad clicks on your Ads Dashboard. See below the example from our friends at Traction.
Link retargeting banner ad performance dashboard
Shown above is the RetargetLinks Ads Dashboard. Use this to monitor the efficacy of your retargeting link ad campaign.
When you display relevant and compelling banner ads, you’ll catch the attention of your targets and encourage them to click to find out more.
Helpful tip: banner ads are most effective when they have consistent branding, simple messaging, a clear call-to-action (CTA), and even some element of animation. 
In the above example, Traction Conference managed to display 161,340 retargeting ads to most of the 58,138 people that clicked on their short links. Out of those, 422 people clicked for a 0.26% click-through rate. Note that this is three times the 0.10% average for banner ad performance!

Step Three – Measure Your Conversions

The final indication of performance is to look at the number of people that land on your page and ultimately the number of those that convert by purchasing your product or subscribing to your service.
In the case of Traction Conference, 947 people landed on the marketing page and 186 actually went on to purchase a ticket for the conference. The team was able to achieve a 20% conversion rate. Note that this is 10 times greater than a typical retargeting ad conversion rate.

Summary

Hopefully if you’ve made it this far down the post, you have a better idea of how link retargeting works. Now you are ready to make the most out of your campaigns.
If you have any questions, don’t hesitate to drop us a line as we’d love to hear from you! If you’re ready to get started, click here to create your first shortened retarget link!

Thursday, 28 September 2017

Top 10 Most Common Mobile App Design Mistakes

www.toptal.com
BY KENT MUNDLE - TECHNICAL EDITOR @ TOPTAL
The mobile app market is saturated with competition. Trends turn over quickly, but no niche can last very long without several competitors jumping onto the bandwagon. These conditions result in a high failure rate across the board for the mobile app market. Only 20% of downloaded apps see users return after the first use, whereas 3% of apps remain in use after a month.
If any part of an app is undesirable, or slow to get the hang of, users are more likely to install a new one, rather than stick it out with the imperfect product. Nothing is wasted for the consumer when disposing of an app - except for the efforts of the designers and developers, that is. So, why is it that so many apps fail? Is this a predictable phenomenon that app designers and developers should accept? For clients, is this success rate acceptable? What does it take to bring your designs into the top 3% of prosperous apps?
The common mistakes span from failing to maintain consistency throughout the lifespan of an app, to attracting users in the first place. How can apps be designed with intuitive simplicity, without becoming repetitive and boring? How can an app offer pleasing details, without losing sight of a greater purpose? Most apps live and die in the first few days, so here are the top ten most common mistakes that designers can avoid.
Only 3% of mobile apps are in use after being downloaded.

Common Mistake #1: A Poor First Impression

Often the first use, or first day with an app, is the most critical period to hook a potential user. The first impression is so critical that it could be an umbrella point for the rest of this top ten. If anything goes wrong, or appears confusing or boring, potential users are quickly disinterested. Although, the proper balance for first impressions is tricky to handle. In some cases, a lengthy onboarding, or process to discover necessary features can bores users. Yet, an instantly stimulating app may disregard the need for a proper tutorial, and promote confusion. Find the balance between an app that is immediately intuitive, but also introduces the users to the most exciting, engaging features quickly. Keep in mind that when users are coming to your app, they’re seeing it for the first time. Go through a proper beta testing process to learn how others perceive your app from the beginning. What seems obvious to the design team, may not be for newcomers.

Improper Onboarding

Onboarding is the step by step process of introducing a user to your app. Although it can be a good way to get someone quickly oriented, onboarding can also be a drawn out process that stands in the way of your users and their content. Often these tutorials are too long, and are likely swiped through blindly.
Sometimes, users have seen your app used in public or elsewhere, such that they get the point and just want to jump in. So, allow for a sort of quick exit strategy to avoid entirely blocking out the app upon its first use. To ensure that the onboarding process is in fact effective, consider which values this can communicate and how. The onboarding process should demonstrate the value of the app in order to hook a user, rather than just an explanation.

Go easy on the intro animation

Some designers address the issue of a good first impression with gripping intro animations to dazzle new users. But, keep in mind that every time someone wants to run the app, they’re going to have to sit through the same thing over and over. If the app serves a daily function, then this will tire your users quickly. Ten seconds of someone’s day for a logo to swipe across the screen and maybe spin a couple times don’t really seem worth it after a while.

Common Mistake #2: Designing an App Without Purpose

Avoid entering the design process without succinct intentions. Apps are often designed and developed in order to follow trends, rather than to solve a problem, fill a niche, or offer a distinct service. What is the ambition for the app? For the designer and their team, the sense of purpose will affect every step of a project. This sensibility will guide each decision from the branding or marketing of an app, to the wireframe format, and button aesthetic. If the purpose is clear, each piece of the app will communicate and function as a coherent whole. Therefore, have the design and development team continually consider their decisions within a greater goal. As the project progresses, the initial ambition may change. This is okay, as long as the vision remains coherent.
Conveying this vision to your potential users means that they will understand what value the app brings to their life. Thus, this vision is an important thing to communicate in a first impression. The question becomes how quickly can you convince users of your vision for the app? How it will improve a person’s life, or provide some sort of enjoyment or comfort. If this ambition is conveyed quickly, then as long as your app is in fact useful, it will make it into the 3%.
Often joining a pre-existing market, or app niche, means that there are apps to study while designing your own. Thus, be careful how you choose to ‘re-purpose’ what is already out there. Study the existing app market, rather than skimming over it. Then, improve upon existing products with intent, rather than thoughtlessly imitating.

Common Mistake #3: Missing Out On UX Design Mapping

Be careful not to skip over a thoughtful planning of an app’s UX architecture before jumping into design work. Even before getting to a wireframing stage, the flow and structure of an app should be mapped out. Designers are often too excited to produce aesthetics and details. This results in a culture of designers who generally under appreciate UX, and the necessary logic or navigation within an app. Slow down. Sketch out the flow of the app first before worrying too much about the finer brush strokes. Often apps fail from an overarching lack of flow and organization, rather than imperfect details. However, once the design process takes off always keep the big picture in mind. The details and aesthetic should then clearly evoke the greater concept.

Common Mistake #4: Disregarding App Development Budget

As soon as the basis of the app is sketched, this is a good time to get a budget from the development team. This way you don’t reach the end of the project and suddenly need to start cutting critical features. As your design career develops, always take note of the average costs of constructing your concepts so that your design thinking responds to economic restraints. Budgets should be useful design constraints to work within.
Many failed apps try to cram too many features in from launch.
Many failed apps try to cram too many features in from launch.

Common Mistake #5: Cramming in Design Features

Hopefully, rigorous wireframing will make the distinction between necessary and excessive functions clear. The platform is already the ultimate swiss army knife, so your app doesn’t need to be. Not only will cramming an app with features lead to a likely disorienting User Experience, but an overloaded app will also be difficult to market. If the use of the app is difficult to explain in a concise way, it’s likely trying to do too much. Paring down features is always hard, but it’s necessary. Often, the best strategy might be to gain trust in the beginning with a single or few features, then later in the life of the app can new ones be ‘tested’. This way, the additional features are less likely to interfere with the crucial first few days of an apps’ life.

Common Mistake #6: Dismissing App Context

Although the conditions of most design offices practically operate within a vacuum, app designers must be aware of wider contexts. Although purpose and ambition are important, they become irrelevant if not directed within the proper context. Remember that although you and your design team may know your app very well, and find its interfacing obvious, this may not be the case for first time users, or different demographics.
Consider the immediate context or situation in which the app is intended to be used. Given the social situation, how long might the person expect to be on the app for? What else might be helpful for them to stumble upon given the circumstance? For example, UBER’s interface excels at being used very quickly. This means that for the most part, there isn’t much room for other content. This is perfect because when a user is out with friends and needing to book a ride, your conversation is hardly interrupted in the process. UBER hides a lot of support content deep within the app, but it only appears once the scenario calls for it.
Who is the target audience for the app? How might the type of user affect how the design of the app? Perhaps, consider that an app targeted for a younger user may be able to take more liberties in assuming a certain level of intuition from the user. Whereas, many functions may need to be pointed out for a less tech savvy user. Is your app meant to be accessed quickly and for a short period of time? Or, is this an app with lots of content that allows users to stay a while? How will the design convey this form of use?
A good app design should consider the context in which it is used.
A good app design should consider the context in which it is used.

Common Mistake #7: Underestimating Crossing Platforms

Often apps are developed quickly as a response to changing markets or advancing competitors. This often results in web content being dragged into the mobile platform. A constant issue, which you’d think would be widely understood by now, is that often apps and other mobile content make poor transitions between the desktop, or mobile platforms. No longer can mobile design get away with scaling down web content in the hope of getting a business quickly into the mobile market. The web to mobile transition doesn’t just mean scaling everything down, but also being able to work with less. Functions, navigation and content must all be conveyed with a more minimal strategy. Another common issue appears when an app developing team aspires to release a product simultaneously on all platforms, and through different app stores. This often results in poor compatibility, or a generally buggy, unpolished app.The gymnastics of balancing multiple platforms may be too much to add onto the launch of an app. However, it doesn’t hurt to sometimes take it slowly with one OS at a time, and iron out the major issues, before worrying about compatibility between platforms.

Common Mistake #8: Overcomplicating App Design

The famous architect Mies Van der Rohe once said, “It’s better to be good than to be unique”. Ensure that your design is meeting the brief before you start breaking the box or adding flourishes. When a designer finds themselves adding things in order to make a composition more appealing or exciting, these choices will likely lack much value. Continue to ask throughout the design process, how much can I remove? Instead of designing additively, design reductively. What isn’t needed? This method is directed as much towards content, concept and function as it is aesthetics. Over complexity is often a result of a design unnecessarily breaking conventions. Several symbols and interfaces are standard within our visual and tactile language. Will your product really benefit from reworking these standards? Standard icons have proven themselves to be universally intuitive. Thus, they are often the quickest way to provide visual cues without cluttering a screen. Don’t let your design flourishes get in the way of the actual content, or function of the app. Often, apps are not given enough white space. The need for white space is a graphic concept that has transcended both digital and print, thus it shouldn’t be underrated. Give elements on the screen room to breath so that all of the work you put into navigation and UX can be felt.
The app design process can be reductive, rather than additive.
The app design process can be reductive, rather than additive.

Common Mistake #9: Design Inconsistencies

To the point on simplicity, if a design is going to introduce new standards, they have to at least be consistent across the app. Each new function or piece of content doesn’t necessarily have to be an opportunity to introduce a new design concept. Are texts uniformly formatted? Do UI elements behave in predictable, yet pleasing ways throughout the app? Design consistency must find the balance between existing within common visual language, as well as avoiding being aesthetically stagnant. The balance between intuitive consistency and boredom is a fine line.

Common Mistake #10: Under Utilizing App Beta Testing

All designers should analyze the use of their apps with some sort of feedback loop in order to learn what is and isn’t working. A common mistake in testing is for a team to do their beta testing in-house. You need to bring in fresh eyes in order to really dig into the drafts of the app. Send out an ad for beta testers and work with a select audience before going public. This can be a great way to iron out details, edit down features, and find what’s missing. Although, beta testing can be time consuming, it may be a better alternative to developing an app that flops. Anticipate that testing often takes 8 weeks for some developers to do it properly. Avoid using friends or colleagues as testers as they may not criticize the app with the honesty that you need. Using app blogs or website to review your app is another way to test the app in a public setting without a full launch. If you’re having a hard time paring down features for your app, this is a good opportunity to see what elements matter or not.
The app design market is a battleground, so designing products which are only adequate just isn’t enough. Find a way to hook users from the beginning - communicate, and demonstrate the critical values and features as soon as you can. To be able to do this, your design team must have a coherent vision of what the app is hoping to achieve. In order to establish this ambition, a rigorous story-boarding process can iron out what is and isn’t imperative. Consider which types of users your app may best fit with. Then refine and refine until absolutely nothing else can be taken away from the project without it falling apart.

Wednesday, 20 September 2017

Cybersecurity: What Every CEO and CFO Should Know

www.toptal.com
BY MELISSA LIN - FINANCE BLOG EDITOR @ TOPTAL

Executive Summary


Costs of Cybersecurity
  • In 2017, the average cost of a data breach is $7.35 million. Costs include everything from detection, containment, and recovery to business disruption, revenue loss, and equipment damage. A cyber breach can also ruin a company's reputation or customer goodwill.
  • Companies with the highest levels of business innovation have costlier attacks. A company acquisition or divestiture can increase the cost of cybercrime by 20% while the launch of a significant new application increased the cost by 18%.
  • 24% of breaches affected financial organizations, followed by healthcare and the public sector.
  • The cost to finance firms are the highest of all industries, losing an average of $16.5 million in 2013.

Small Companies Are Aware, But Not Ready
  • In the last year, hackers have breached half of all US small businesses. In the Ponemon Institute's 2013 survey, 75% of respondents did not have a formal cybersecurity incident response plan. 66% of respondents weren't confident in their organization's ability to recover from an attack.
  • A 2017 survey from cybersecurity firm Manta indicated that one in three small businesses don't have the tools in place to protect themselves.
  • In 2013, 88% of the attacks initiated against FS companies are successful in less than a day. However, only 21% of these are discovered within a day, and in the post-discovery period, only 40% of them are restored within a one-day timeframe.

High Profile Attacks on Financial Firms

  • Attack on six American banks (2012): Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo, and PNC were targets in a wave of computer attacks by a group claiming Middle Eastern ties. These were DDoS attacks, where the hackers overwhelmed the bank websites to the point of shutdown.
  • JPMorgan (2014): Around 83 million accounts were compromised by hackers. Ironically, JPMorgan spends around $250 million on computer security every year. The source of the breach was basic: The bank did not employ two-factor authentication.
  • SWIFT (2016): The Society for Worldwide Interbank Financial Telecommunication (SWIFT), an international consortium of over 11,000 banks that facilitate cross-border transfers, was hacked. The Bangladesh Bank, one of the users on the SWIFT network, was hacked in the amount of $81 million.

Cybersecurity Prevention and Solutions
  • Real-time intelligence. The longer it takes to identify a hack, the more costly its consequences. With just 60 seconds' notification of a compromise, resulting costs could be reduced by 40%.
  • Cyber-insurance. Insurers typically limit their capacity to between $5 million and $100 million per client. As of October 2016, only 29% of US business had purchased cyber-insurance. However, the overall cyber-insurance market is estimated to be $20 billion by 2025, up from $3.25 billion today.
  • Bug bounty programs. Organizations pay outsiders ("friendly hackers") to notify them of security flaws. Companies ranging from Google and Dropbox to AT&T and LinkedIn have already adopted this practice.

Intro

“Think of [cybersecurity] more as safety and security in roads and cars. The car hasn’t really changed in the last 30 years, but a lot of security is built in, and it’s not sexy until the moment it saves your life. You’ve got bits that are hidden – airbags – and bits there to remind you to be safe like seatbelts…Some of it is about good behaviour and good attitude, some of it is about physical security to remind you there is a risk, and some of it is baked in to save you.”
– Sian John, Senior Cybersecurity Strategist at Symantec
We’ll admit it. Cybersecurity isn’t sexy. However, in today’s digital age, cybersecurity has become increasingly critical for large corporations and small startups alike. Today, the stakes are higher than ever, as “every company has become a tech company.” Technology has become more than a supplement to a company’s operations, and in many cases, the assets living on their network are their core operations. This is compounded by the fact that hacks are becoming commonplace due to the rise of mobile usage and internet of things, as well as the growing ecosystem of cybercriminals.
This article outlines the types of cybercriminals, cybercrime tactics, and contributing factors. The piece also includes tangible solutions companies can use to protect themselves. Solutions include both technological safeguards and human components. For example, leadership must recognize cybersecurity as a strategic business problem and not just an “IT problem.” In addition, some of the most effective solutions are fairly basic, such as employee education or two-factor authentication for users.

What Is a Cybercrime?

Put simply, a cybercrime is a crime with some kind of computer or cyber aspect to it. It can take shape in a variety of formats, and from individuals or groups with different motivating factors. Cyber threats are fundamentally asymmetrical risks in that small groups of individuals can cause disproportionately large amounts of damage.

Categories of Cybercriminals

  1. Financially motivated organized crime groups: Most of these groups are located in Eastern Europe
  2. Nation-state actors: People working directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities. They are generally the most sophisticated cyber attackers, with 30% originating in China.
  3. Activist groups, or “hacktivists”: Are not usually out to steal the money. They’re out to promote their religion, politics or cause; to impact reputations or to impact clients.
  4. Insiders: These are the “disillusioned, blackmailed, or even over-helpful” employees operating from within a company. However, they may not engage in cybercriminal activities intentionally; some might simply take a contact list or design document without realizing the harm it could cause.
The average age of a cybercriminal is 35, and 80% of criminal hackers are affiliated with organized crime. In short, people choose this as a profession.

Cybercrime Tactics

Cybercriminals utilize both static and dynamic methods to commit their crimes. Let’s delve in.
Chart 1: Tactics Used in Data Breaches, 2016

Distributed Denial of Service (DDoS)

A DDoS attack attempts to disrupt a network’s service. Attackers send high volumes of data or traffic through the network until it becomes overloaded and stops functioning. The incoming traffic flooding the victim originates from many different sources, potentially hundreds of thousands. This makes it impossible to stop the attack by blocking a single IP address, and makes it difficult to distinguish legitimate traffic from attack traffic.

Phishing

Often posing as a request for data from a trusted third party, phishing attacks are sent via email and ask users to click on a link and enter their personal data. It often involves psychological manipulation, invoking urgency or fear, fooling unsuspecting individuals into handing over confidential information.
There are a couple concerning factors. First, phishing emails have become sophisticated and often look just like legitimate requests for information. Second, phishing technology is now being licensed out to cybercriminals, including on-demand phishing services and off-the-shelf phishing kits. Perhaps most concerning is the fact that dark web services have enabled cybercriminals to refine their campaigns and skills. In fact, phishing emails are six times more likely to be clicked than regular consumer marketing emails.
Chart 2: Phishing Email Click Through Rates

Malware

Malware, short for “malicious software,” is designed to gain access or damage a computer. Malware is an umbrella term for a host of cyber threats including Trojans, viruses, and worms. It is often introduced to a system through email attachments, software downloads, or operating system vulnerabilities.

Internal Privilege Misuse

While the malicious insiders who leak information to WikiLeaks receive all the press and glory, a more common scenario is that an average but opportunistic employee or end-user secretly takes confidential data hoping to cash out somewhere down the line (60% of the time). Sometimes, employees get a little too curious and do some snooping (17%). Personal information and medical records (71%) are targeted for financial crimes, such as identity theft or tax-return fraud, but sometimes it’s simply for gossip.

Physical Card Skimmers

These attacks include physically implanting on an asset that reads the magnetic stripe data from a payment card (e.g., ATMs, gas pumps, POS terminals). It’s relatively quick and easy to carry out an attack like this, with the potential for relatively high yield—and so is a popular action type (8%).

Cybersecurity Consequences and Costs

Costs to Firms

Three years ago, the Wall Street Journal estimated that the cost of cybercrime in the US was $100 billion. Other reports estimated that the figure was as much as ten times higher than this. In 2017, the average cost of a data breach is $7.35 million, compared to $5.85 in 2014. Costs include everything from detection, containment, and recovery to business disruption, revenue loss, and equipment damage. Beyond monetary concerns, a cyber breach can also ruin intangibles, such as a company’s reputation or customer goodwill.
Interestingly, companies with the highest levels of business innovation often have costlier attacks. A “business innovation” could be anything from an acquisition or divestiture to entry into a new geographic market. A company acquisition or divestiture was shown to increase the cost of cybercrime by 20% while the launch of a significant new application increased the cost by 18%.
Chart 3: Average Cost Per Data Breach, Global
For financial services firms, the costs after a security breach can be attributed to business disruption, information loss, revenue loss, and other costs.
Chart 4: Percentage Cost for External Consequences

Cybersecurity Is Pronounced for the Financial Services Industry

The unfortunate truth is that, while no industry is immune, cybersecurity issues are particularly pronounced for financial services. According to the 2017 Verizon Data Breach Investigations Report, 24% of breaches affected financial organizations (the top industry), followed by healthcare and the public sector. For comparison, in 2012, the industry was ranked third, after the defense and the utilities and energy industries. Beyond frequency, the cost to finance firms are the highest of all industries, losing an average of $16.5 million in 2013.
Chart 5: Average Annualized Cost by Industry Sector
In financial services, the most common type of cyber breach involved DDoS attacks. And, as for all DDoS attacks, the finance industry was hit the hardest.
Chart 6: DDoS Attacks by Industry

Famous Financial Services Hackings

Attack on Six American Banks (2012)

In 2012, six major American banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo, and PNC) were targets in a wave of computer attacks by a group claiming Middle Eastern ties. The attacks caused internet blackouts and delays in online banking, resulting in frustrated customers who could not access their accounts or pay bills online.
These were DDoS attacks, where the hackers overwhelmed the bank websites to the point of shutdown. The attacks also utilized botnets, networks of infected computers that do the bidding of criminals. Sometimes, botnets are referred to as “zombie computers” that obey the commands of a “master botnet.” Unfortunately, these can be rented through black markets or lent out by criminals or governments.

JPMorgan (2014)

In summer of 2014, in the largest security breach of an American bank to date, the names, addresses, phone numbers, and email addresses of around 83 million accounts were compromised by hackers. Ironically, JPMorgan spends around $250 million on computer security every year. The 2014 breach was not the result of a sophisticated scheme. The attack did not use a zero day attack, the novel software bug that sells for millions in the black market. It also did not utilize malware that hackers in North Korea employed in their cyberattack of Sony. Rather, the source of the issue was basic: The bank did not employ two-factor authentication, which is an additional layer of security when users sign in to access data or an application. JPMorgan’s security team neglected to upgrade one of its network servers with the dual password scheme—that’s all it took.

SWIFT Payment System (2016)

In February 2016, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), an international consortium of over 11,000 banks that facilitates cross-border transfers, was hacked. The Bangladesh Bank, a user in the SWIFT network, was hacked in the amount of $81 million. Only a small proportion was recovered before the Federal Reserve Bank of New York blocked in 30 other transactions that might have transferred an additional $850 million.
These attacks show that payment networks are only as trustworthy as their weakest link. Many in the industry were not surprised by the attack. According to Justin Clarke-Salt, co-founder of Gotham Digital Science, a cybersecurity company, the attacks exploited a weakness in the system: that not every institution protects access to SWIFT in the same way. After all, “Attackers often attack people who are easier to attack…So far from what we know has been publicly reported, they have very much targeted smaller financial institutions. This is probably because they have less sophisticated controls.”

Are Small or Large Firms More Vulnerable?

Though the news often covers attacks on the largest corporations (TargetYahooHome DepotSony), small companies are not immune. In the last 12 months, hackers have breached half of all small businesses in the United States, according to the 2016 State of SMB Cybersecurity Report.
On one hand, some argue, smaller companies may not be able to recover from a cyber attack**. **According to Sian John, senior cybersecurity strategist at Symantec, companies hit with a security issue experience a “massive reputational and financial hit” for companies in the year afterwards, before returning to normality. She questioned, “If you’re a smaller company, can you survive that dip?”
On the other hand, others argue, small companies are at an advantage: “A big company is more vulnerable than a small company: They have big data pools and hundreds of people have to have access…If you are at the smaller end of the scale, being smart about business processes and understanding where those business processes might be exploited is easier than for a large organisation,” declared Richard Horne, partner at PricewaterhouseCoopers.

Cybersecurity Challenges

Factors Contributing to the Rise in Cybercrime

A “Corporate” Breed of Cybercriminals Has Emerged

Cybercriminals are now adopting corporate best practices to increase the efficiency of their attacks. Some of the most enterprising criminals are selling or licensing hacking tools to less sophisticated criminals. For example, professional criminals have been selling zero-day technology to criminals on the open market, where they are quickly commoditized. Gangs also offer ransomware as a service, which freezes computer files until the victim meets the monetary demands, and then take a cut for providing the license.
There is now an entire ecosystem of resources for cybercriminals to leverage. “Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off…We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams,” said Kevin Haley, director at Symantec.

Security of Third-Party Vendors

If a third party gets hacked, your company is at risk of losing business data or compromising employee information. For example, the 2013 Target data breach that compromised 40 million customer accounts was the result of network credentials being stolen from a third-party heating and air conditioning vendor. A 2013 study indicated that 63% of that year’s data breach investigations were linked to a third-party component.

Increased Use of Mobile Technologies by Customers

Due to a growing number of online targets, hacking has become easier than ever. In consumer banking, usage of mobile devices and apps have exploded. According to a 2014 Bain & Company study, mobile is the most-used banking channel in 13 of 22 countries and comprises 30% of all interactions globally. In addition, consumers have adopted mobile payment systems. For banks competing with fintech startups, customer convenience will remain important. They may have to weigh the potential fraud losses with losses from a more inconvenient user experience. Some institutions are utilizing advanced authentication to confront these added security risks, allowing customers to access their accounts via voice and facial recognition.

Proliferation of Internet of Things (IoT)

Internet of things (IoT) is devoted to the idea that a wide array of devices, including appliances, vehicles, and buildings, can be interconnected. For example, if your alarm rings at 7:00 a.m., it could automatically notify your coffee maker to start brewing coffee for you. IoT revolves around machine-to-machine communication; it’s mobile, virtual, and offers instantaneous connections. There are over one billion IoT devices in use today, a number expected to be over 50 billion by 2020. The issue is that many cheaper smart devices often lack proper security infrastructure. When each technology has high risk, the risk grows exponentially when combined.

Cybersecurity Awareness vs. Readiness to Address

Despite headlines around cybersecurity and its threats, there remains a gap between companies’ awareness and their readiness to address it. In the last year, hackers have breached half of all US small businesses. In the Ponemon Institute’s 2013 survey, 75% of respondents indicated that they did not have a formal cybersecurity incident response plan. 66% of respondents weren’t confident in their organization’s ability to recover from an attack. Further, a 2017 survey from cybersecurity firm Manta indicated that one in three small businesses don’t have the tools in place to protect themselves.
Tactically speaking, financial services companies have much to improve in terms of detecting and responding to attacks. In 2013, 88% of the attacks initiated against FS companies are successful in less than a day. However, only 21% of these are discovered within a day, and in the post-discovery period, only 40% of them are restored within a one-day timeframe.
Figure 1: Global Financial Services Firms' Response Time to Attacks Indicates Significant Gaps in Preparedness

Cybersecurity Solutions Require a Multi-pronged Approach

There isn’t a “one-size-fits-all” solution to cybersecurity. However, in general, solutions should include both sophisticated technology and more “human” components such as employee training and prioritization in the boardroom.

Actionable Threat Intelligence

Real-time Intelligence:

Real-time intelligence is a powerful tool for preventing and containing cyber attacks. The longer it takes to identify a hack, the more costly its consequences. A 2013 study by the Ponemon Institute revealed that IT executives believe that less than 10 minutes of advance notification of a security breach is sufficient time to disable the threat. With just 60 seconds’ notification of a compromise, resulting costs could be reduced by 40%.
According to James Hatch, director of cyber services at BAE Systems, “Detecting [a cyber attack] early is key…It could be the difference between losing 10% of your [computers] and 50%.” Unfortunately, in reality, on average it takes companies more than seven months to discover a malicious attack.

Complementary Actions:

Companies can take several smaller, tactical steps to protect themselves. These include:
  • Enacting a multi-layered defense strategy. Ensure that it covers your entire enterprise, all endpoints, mobile devices, applications, and data. Where possible, utilize encryption and two- or three-factor authentication for network and data access.
  • Performing a third-party vendor assessment or creating service-level agreements with third parties:Implement a “least privilege” policy regarding who and what others can access. Make it a habit to review the use of credentials with third parties. You could even take it a step further with a service level agreement (SLA), which contractually obligates that third parties comply with your company’s security policies. Your SLA should give your company the right to audit the third party’s compliance.
  • Continuously backing-up data. This can help to safeguard against ransomware, which freezes computer files until the victim meets the monetary demands. Backing up data can prove critical if your computers or servers get locked because you wouldn’t need to pay for access to your data.
  • Patching frequently. A software patch is a code update in existing software. They are often temporary fixes between full releases of software. A patch may fix a software bug, address new security vulnerability, address software stability issues, or install new drivers.
  • Whitelisting software applications. Application whitelisting would prevent computers from installing non-approved software. This allows administrators to have much more control.

Anti-hacker Insurance

An emerging trend is anti-hacker insurance, or cyber-insurance. Its scope varies across providers, but typically protects against security breaches and losses. Insurers typically limit their capacity to between $5 million and $100 million per client. As of October 2016, only 29% of US business had purchased cyber-insurance. However, the overall cyber-insurance market is estimated to be $20 billion by 2025, up from $3.25 billion today. Insurers are bullish, estimating that premiums will triple over the next few years.
For an organization to determine how much cyber insurance it needs, it should measure its cyber risk. It must understand how their assets are impacted by a cyber attack and how to prioritize them.
Chart 7: Estimated Growth of Global Cyber Insurance Premiums

Bug Bounty Programs

Another new idea in the industry is something called a bug bounty program, where an organization pays outsiders (“friendly hackers”) to notify it of security flaws. Companies ranging from Google and Dropbox to AT&T and LinkedIn have already adopted this practice.
Figure 2: Price List: Bug Bounties

Don’t Forget the Human Component

  • An “IT problem” becomes a strategic business problem. For many CEOs and CFOs, hacking can be frustrating because they don’t understand the enemy. According to Richard Anderson, chairman of the Institute of Risk Management, “There are still a lot of people sitting astride larger companies who still regard it as something the geeks look after, rather than it being a business issue.” However, as the statistics have demonstrated, this could not be further from the truth.
    Deloitte white paper suggests creating a dedicated cyber threat management team and creating a “cyber risk-aware culture.” It is also recommended that organizations designate a chief information security officer (CISO). For example, neither JPMorgan nor Target had CISOs when they were breached in 2014 and 2013, respectively.
  • Back to basics: Employee training. Data breaches are often the result of humans’ psychological weaknesses. It’s therefore critical to educate your employees about the warning signs of security breaches, safe practices (being careful around opening email attachments, where they are surfing), and how to respond to a suspected takeover.

Parting Thoughts

A common rebuttal to the increasing attention to the dangers of cybersecurity is, “What, then? Are we just supposed to stop innovating for fear of attacks?” The answer is, not exactly. However, it could be helpful for companies to view cybersecurity as a matter of ethics. That is, cybersecurity should not merely be a matter of technology, but one of morality as well. After all, is it ethical to create and sell technology that leaves consumers vulnerable? With Silicon Valley’s “growth or die” and sometimes short-sighted culture, this is likely an unpopular attitude.
However, there is precedent in other sectors. For example, the American Medical Association and American Bar Association require professionals to follow their respective ethical codes. Doctors must pledge the Hippocratic oath, one of the oldest binding documents in history, which mandates that doctors vow to protect their patients. Similarly, lawyers follow a Model Rules of Professional Conduct, vowing to protect and respect their clients.
We’d all do well to remember that though technology may come and go, right and wrong never changes.

UNDERSTANDING THE BASICS

What is cybersecurity all about?

Put simply, a cybercrime is a crime with some kind of computer or cyber aspect to it. It can take shape in a variety of formats, and from individuals or groups with different motivating factors. Cyber threats are asymmetrical risks in that a few individuals can cause disproportionately large amounts of damage.