There are increasing reports of cyber attacks on retail point of sale (POS) systems, with the intent of making financial gains. Banks and payment channels continue to be lucrative targets for hackers seeking to steal valuable customer data and gain access to customer accounts, says Muthu Raja Sankar, managing director, Accenture Security, Accenture India in an interview with TechObserver.in.
Edited Excerpts:
How is the enterprise security space evolving?
More enterprises are deploying cloud, mobile and social solutions and channels to engage with their end customers and drive greater efficiencies. Some are going further to enable IoT devices such as smart watches, fitness trackers, internet-enabled TVs and media players. As a result of the evolution of mobile, social, cloud and analytics technologies, enterprises are placing greater importance on security and risk management solutions.
Globally, there are increasing reports of attacks on retail point of sale (POS) systems, aimed at financial gain. Banks and payment channels remain lucrative targets for hackers looking to steal valuable customer data and access customer accounts.
Customer-facing industries that generate revenue through internet or mobile platforms are experiencing more Denial of Service (DoS) and Distributed DoS attacks.
Trojans and malware such as Dyreza or Dyre, and Tinba have infiltrated computing systems and other devices, causing significant losses to customers and businesses. These Trojans appear to use man-in-the-browser techniques and evade two-factor authentication.
Businesses in critical infrastructure and industrial control systems industries such as utilities, energy/power, and oil and gas remain high on attackers’ radars due to the potential for widespread damage. Some reports indicate businesses are struggling to keep pace with the increasingly complex threat landscape. Meanwhile, security strategies for such companies are evolving as physical and cyber security converge.
Governments are also placing greater emphasis on cyber security as state-sponsored attacks become cyber weapons capable of damaging national reputations and critical businesses.
What is the outlook for enterprise security going forward?
As businesses become more connected through the Internet of Things (IoT), edge devices including embedded sensors, smart machines, wearable devices and connected industrial equipment are creating new vulnerabilities for security, privacy and data integrity. Despite best efforts, organisations cannot completely prevent cyber attacks.
In addition to strengthening defences, they will need to enhance resilience – the ability to recover from security incidents and resume normal operations. With potential impacts on brand reputation, shareholder value, revenue and compliance, security is increasingly becoming a board-level priority.
Today and in future, enterprise security will require continuous monitoring, agile response capabilities and 24/7/365 operations. This need for “continuous expertise”, combined with growing security complexity, is leading enterprises to seek solutions from specialised providers with the necessary technical knowledge and industry expertise, rather than building their own security infrastructures. The industry is moving towards an “as-a-service” model, with enterprises expecting security-as-a-service capabilities from technology vendors.
Which sectors are likely to increase demand for enterprise security solutions?
Sectors that rely heavily on innovation and intellectual property for sales and revenue must prioritise security for their survival. Customer-focused businesses collecting customer data during engagement (like retail, FMCG, food and beverages, consumer electronics) face growing risks of data loss and sabotage, with numerous attacks already occurring in these sectors.
Critical infrastructure and industrial process businesses present high-risk targets due to their operational nature and potential ripple effects from security incidents. Governments face risks to national security, development and reputation.
The healthcare sector, which promises technological benefits like cost-effective treatments and wider access, has become a prime target for cyber attackers. A key reason is inadequate cyber security investment in the sector. Stolen medical records reportedly hold nearly ten times the value of stolen credit card data on black markets, making them extremely lucrative.
Overall, every sector is becoming more aware of cyber security risks each year and is prioritising technology investments in advanced security strategies and solutions.
