Software applications like email and messenger have become an integral part of our personal and work life. We cannot imagine a life without e-commerce online portals or mobile applications. Our reliance on mobile and online applications for easy transfer of funds or bill payments continues to increase too. Data records generated from the slew of applications and devices are stored in data centers or cloud. With the rise of sophisticated hacking techniques, the underlying assumption that a software executes what is expected and doesn’t what is not is beginning to dispel. Security breaches and malicious incidents are evidence of the increasingly smart and creative cyber criminals out there looking to exploit vulnerabilities. The repercussions are multifold – loss of customers, market cap, financial losses because of data loss, and costs associated with the efforts that go into responding to the breach and recovering trust. Clearly, security is a key concern for any digital business, and a business cannot claim to be a truly digital organization if its applications are not secure.
Organizations must follow certain security guidelines to mitigate the risks associated with new age cyber threats, to be sustainable and customer-centric. A data-centric approach to security is required because of the sheer value of customer data for a business. Businesses need to constantly ask questions such as:
The above questions ensure confidentiality/privacy, integrity and availability of data. More commonly known as the CIA triad which forms the basis of many security guidelines.
Additionally, businesses need to ask questions like:
Being well versed with current trends in cybersecurity and assessing new cyber threats are also some of the factors essential for a secure and successful business venture.
Many organizations have a security incident response team to initiate necessary action in the event of a security breach. They identify vulnerabilities by monitoring data, analyze the incident to understand the breach and take the necessary action to resolve the incident. Advanced machine learning techniques can understand normal system behavior, detect deviations and assess risk. This, combined with the knowledge of hacking techniques helps detect unusual user and database activity. Unusual usage patterns can help determine the cause of the breach. Access credentials to various resources can be restricted and passwords reset.
Adequate security measures need to be considered regularly while building software solutions as the cost of addressing security incidents continues to increase substantially. It is imperative to consider security aspects during software development and testing to identify if the software is doing only what it is intended to do. There is no room for complacency.
Infosys Finacle’s 2019 Banking Trends report talks about the new threats likely to arise due to extensive use of digital technologies – particularly AI and Machine Learning – in cyber-attacks. Cheaper computing power and availability of open source algorithms if misused, can have severe consequences for businesses including banks. Banks will invest in security talent and use a combination of technologies across threat intelligence, data leak prevention, user behavior analytics, access management and cloud security, to combat the rising threat from technologically advanced hacking methods.
I’d conclude by echoing the popular view, “Security is a journey, not a destination”. Indeed.