There are increasing reports of attacks on retail point of sale (POS) systems, with the intent of making financial gains. Banks and payment channels continue to be lucrative spaces for hackers to steal priceless customer data and gain entry into customers’ accounts, says Muthu Raja Sankar, managing director, Accenture Security, Accenture India in an interview with TechObserver.in.
How enterprise security space is evolving?
More and more enterprises are deploying cloud, mobile and social solutions and channels to engage with their end-customers and drive better efficiencies. Some are even going further to enable IoT devices such as smart watches, fitness trackers, internet-enabled TVs and media players, and so on. As a result of the evolution of mobile, social, cloud and even analytics, enterprises are increasing the importance given to security and risk management technologies and solutions.
Globally, there are increasing reports of attacks on retail point of sale (POS) systems, with the intent of making financial gains. Banks and payment channels continue to be lucrative spaces for hackers to steal priceless customer data and gain entry into customers’ accounts.
Customer-facing industries which are dependent on generating revenues through internet/ mobile based platforms are seeing an increase of Denial of Service (DoS) and Distributed DoS attacks.
Trojans and malware such as Dyreza or Dyre, and Tinba have penetrated computing systems and other devices and created significant losses to customers and businesses. Both these Trojans seem to use man-in-the-browser techniques and evade two-factor authentication.
Businesses in the critical infrastructure and industrial control systems industries such as utilities, energy/power, oil and gas, etc. remain high on attackers’ radars for the widespread damage that can be caused. Some reports indicate that businesses are unable to keep pace with the increasingly complex threat landscape. On the other hand, the security strategy for such companies is changing, as physical and cyber security are converging.
And there is increased importance given to cyber security among Governments, as state-sponsored attacks are becoming cyber weapons to damage/ stop/ halt and create loss of reputation to nations and nations’ prized businesses.
What’s the outlook for the enterprise security going forward?
As businesses become more connected to the Internet of Things (IoT), edge devices such as embedded sensors, smart machines, wearable devices and connected industrial equipment expand the opportunities for attack, opening up new areas of vulnerability for security, privacy and data integrity. Despite their best efforts, organizations cannot completely protect themselves from cyber-attacks. In addition to increasing the sophistication of their defenses, they will also need to increase their resilience, i.e., the ability to bounce back from a security incident or event and resume normal operations. With the stakes so high – and the potential impact on brand reputation, shareholder value, revenue and compliance – security will increasingly become a fundamental board-level issue.
Today and more so in the future, enterprise security will need continuous monitoring, agile response and intervention, and 24x7x365 operations. This requirement of “continuous expertise”, combined with the increasing complexity of the security environment is leading enterprises to buy what they need from providers who have the functional, technical and scientific knowledge and the industry expertise to deliver sophisticated services on a moment’s notice, instead of establishing their own operations infrastructures. The industry is moving to an “As-a-Service” model, and enterprises will expect Security-As-a-Service capabilities from technology vendors.
What sectors are likely to likely to increase the demand for enterprise security solutions?
Sectors which are highly dependent on innovation and IP for their sales and revenues will need to have security at the top of their agenda for their very survival. Businesses which are very customer-focused and are collecting customer data in the process of engagement (like retail, FMCG, food and beverages, consumer electronics, etc.) face the risk of data loss and sabotage, and there have been sufficient attacks in such verticals. Critical infrastructure and industrial process businesses pose a high risk of attack due to the very nature of their business and the ripple effect a security incident can create to their end-stakeholders. Governments face the risk of reputation and more importantly the risk of national security and development.
The Healthcare sector, which offer much promise in terms of leveraging technology to benefit people with cost-effective treatments and reaching last-mile penetration, has become a prized target for cyber-attackers. One of the key reasons attributed to this is the inadequate investments made by the sector in cyber security. Stolen medical records are said to hold nearly 10 times the value of stolen Fintech startup Karbon Card raises $2 million seed funding from angel investorscredit card data, and in a black market, that is very lucrative.
So overall, each sector is realizing the dangers and risks associated with cyber-security every passing year and prioritizing technology investments in sophisticated security strategy and solutions.