By: Anand Sinha, AVP and Principal Product Architect, Infosys Finacle
An independent research firm specializing in digital marketing, media and commerce, predicts that global online commerce will amount to more than US$ 3.5 trillion, or nearly one-eighth of total retail sales, by 2019.
Shopping however, is just one activity. Increasingly, consumers around the world are using digital technologies to perform a variety of functions, from seeking health advice to banking to researching any topic under the sun. The downside of this rapid digitalization is an increase in cyber risk. Security analysts say 2015 was an “epic” year for cyber crime, with attacks becoming bigger, better organized and more sophisticated than ever. Think Carbanak, the US$ 1 billion fraud which was an amalgamation of APT and malware attack, and high street crime. Or the theatrically named Evil Corp’s multi-million swindle of Penneco Oil. The worst part is that the perpetrators of these crimes are still at large.
Broadly, cyber attacks are either opportunistic – using automated tests to identify system vulnerabilities and then exploiting them or deliberate – targeting a certain company or website on purpose to get hold of their money or data, or simply to gain publicity. Currently, a battle is on between organizations that are ramping up their security systems to defend against opportunistic attacks, and hackers who are trying to breach those systems with an impressive bag of tricks full of malware, such as viruses, worms and Trojans, and techniques, such as phishing, vishing, pharming, and “man in the middle”.
Meanwhile, consumers while being generally aware of the risks that lurk online, clearly hold providers responsible for ensuring they are adequately protected. Although consumers would like transactions to be as simple and process-free as possible, they are quite willing to submit to an extra layer of security – for example, stepped up authorization in case of a deviation from the regular transaction pattern – when it is clearly in their own interest.
In fact, security is becoming an important factor in the ability of companies to differentiate themselves as well as hold on to their customers. It is no longer only about averting losses or preventing damage to business reputation; it is about earning the trust and loyalty of customers. Think about it. Would you ever go back to an online store where you had lost money to fraud?
Given this, it is a good idea for enterprises to take proactive measures to educate their customers about safe online behaviors and practices, apart from keeping their systems up-to-date and insured against losses. They also need to put a robust data governance policy in place to make sure confidential or important data is encrypted, and access to it strictly regulated. It is also recommended to store some amount of data outside Internet access, or even offline. Regular security tests should be conducted to identify loopholes and vulnerabilities before it is too late. Above all, enterprises should take a planned and proactive approach to cyber security, rather than reacting to incidents in knee-jerk fashion. When it comes to the security of cyber systems, prevention is way better than cure.