The COVID-19 pandemic has propelled online media consumption to new heights. With people forced to stay indoors, the online engagement has blown the roof. However, the side shoot of this rise is the growing security concerns. But an added jacket of security hampers users’ experience on an online platform. So, who takes the back seat? Can security and user experience co-exist? Let us have a look at some key aspects from Akamai’s recently concluded Media Summit – APAC 2020.
By Mihir Bagwe, Tech Writer at CISO MAG
The media and entertainment industry has witnessed a dramatic transformation in the past few years, especially with new emerging trends that include the short-form video applications like TikTok, Instagram Reels, and numerous other over–the–top media services (OTT) platforms worldwide. The pandemic has further accelerated the internet penetration rate more than ever – for work, socializing, and most of all, entertainment – with consumers signing up for multiple streaming services and consuming an unprecedented volume of digital content.
However, the two most important pillars in the success of this digital medium is “Quality Content” and “User Experience” (UX). Without quality and value for money, content and user experience on a media and entertainment platform cannot gain popularity or become successful. So why exactly is user experience so critical?
To Prove: Better UX = Higher Digital Success
Remember how spiral buffering or loading icon that keeps going round in circles on your screen to annoy you? Reports from Google confirm that 53% of mobile site visits are abandoned if it takes longer than three seconds to load the webpage. It also revealed strong correlations between page speed and other key performance indicators like revenue, bounce rate, session duration, and viewability. The study stated that sites loading in under five seconds generated twice the revenue and recorded 25% higher viewability than those loading in 19 seconds. This difference in numbers can make or break the deal for customer retention. Thus, in the mathematical language of proving LHS = RHS, Better UX = Higher Digital Success.
The Shaky Third Pillar
A flourishing domain often attracts an evil eye, and the evil eye are the threat actors trying to target these video and media platforms for malicious and financial gains. People often tend to reuse login credentials across various mediums, and this increases the risk of compromise. The current supply chain is so stretched and unlimited that a compromise through a third-party can virtually lead to a leak of your customers’ credentials or personally identifiable information (PII). Once leaked, these credentials are sold on the dark web ranging from a few dollars (for simple site login) to thousands of dollars per user (in case of medical data). Due to the vulnerability of users reusing credentials across different channels, threat actors then carry out credential stuffing attacks using these leaked credentials.
According to Akamai’s State of the Internet Security Report, credential stuffing attacks against the media industry has seen a huge spike in the Q1 of 2020, especially in the month of March where more than six billion malicious login attempts were observed. Correspondingly, Akamai’s research also found a 98% YoY increase in credential stuffing attacks between 2018 to 2019.
Thus, the security of these populous video and media platforms is now an ever-growing concern. However, added security, such as a CAPTCHA or any other MFA process, during the login increases the number of steps and often leads to a degraded UX that eventually leads to a higher bounce rate. So, how do we solve this problem?
What Akamai’s Expert Says
Speaking at the Akamai’s Media Summit APAC 2020, Sid Deshpande, Security Technology & Strategy Director, Akamai Technologies, stressed that a good user experience is necessary for any platform’s digital success, however, better security is utmost critical in generating consumers trust and loyalty.
Consent is the new Currency
According to Sid, media consumers expect three important measures when it comes to the security of their online accounts or presence. They are:
- Transparent security controls
- Personal / PII data security
- Prevention of account/credential abuse
All these expectations collectively point to the fact that users are now demanding more control over their own data. As Sid correctly says, “Consent is the new currency.” A user’s consent in securing, collecting, and storing their data is very important.
Security architects need to design for the least common denominator of security awareness and work with the assumption that the user may not be in a position to make the correct security related decisions related to their accounts.
Best possible security measures for users’ data can only be achieved by collaborating with the users for the common good. Choosing between security and user experience is always a tug of war. Thus, we asked Sid whether media platforms and applications should give users an option to choose between security and UX, like we now choose which cookies can be stored and used under the GDPR compliance to render additional control of user consent. He answered, “I think to a certain degree it is good to give advanced/tech-savvy users some degree of choice in the deployment of advanced or value-added security features. However, security architects need to design for the least common denominator of security awareness and work with the assumption that the user may not be in a position to make the correct security-related decisions related to their accounts.”
The debate between security and user experience in media industry will always feel like slacklining on a tight rope. Shift of weight on either side will lead to the downfall of the platform. In such a case, Sid Deshpande suggests three key prepositions for media CISOs and/or CIOs:
- Manageable security architecture: Design the security architecture as per the needs and usage of the respective media platform. Do not do too little or too much.
- Understand the attacker: Think like an attacker and you will get the answers for finding the weak spots in your network/architecture.
- Demonstrate the business value of security: Security helps in building loyalty, which in turn increases customer retention and eventually affects the growth of your media platform.
About the Author
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.