CIO Insider Logo

CIOInsider India Magazine

Separator

Security Should Be On Your Mind When Online!

Separator
Pawan Chawla, Partner & CIO, Lucideus,,

Established in 2012, Lucideus is a pure play enterprise cybersecurity company. The organization provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

No technology has been adopted as quickly as the internet in human history. It took more than 100 years after the telephone's invention in 1876 before it was adopted almost universally. Analogous deadlines for adoption of electricity and auto-mobiles were followed. However, it took only a decade to own a smartphone.

Today, most transactions take less than a minute and customers can receive online services 24X7. The sheer speed of online payments has made users switch to business and personal payment through online modes!

The number of online transactions that took place are up by around 207 percent since October 2016 which is about three-fold increase according to the Ministry of Electronics and Information Technology (MeitY). Ever since UPI is been launched by our honorable prime minister, it has taken online transaction value to a new level. In 2018 the total transactions reportedly stood at 3 billion which was reported by the National Payments Corporation of India (NPCI).

With this exponential growth in online transactions security plays a vital role. Each transaction has to be secured. The payoff to cyber criminals for

obtaining and sometimes using fraudulent payment card information makes that information very vulnerable. The largest retailers, the smallest restaurants and everyone in between are vulnerable if proper security is not in place.

Working from Inside Out with Access Control
Before thinking about external threats to security, it is important to incorporate controls for confidentiality and proper oversight of internal employee access to customers’ sensitive financial information. Access controls prevent the wrong employee from getting private information, ensuring that various functional roles within the organization have access only to subsets of information, not the entire set of private cardholder data. When thinking about Payment card security, this should be a foundational measure taken, so that threats to any potential points of data vulnerability are thwarted from the inside out.

The Importance of Data Control
•Reconciliation and verification Provide knowledge that data controls are working the way they should be.
•Continuous monitoring and alerting Raise an alert any time something unusual happens in the network.
•Reporting Ensure compliance with regulatory requirements that make organizations prove they have the proper controls in place.

Hackers are constantly changing, but one thing remains the same: organizations with public dealing such as Banks are the main targets for cyber-attacks. This is such a widespread issue that retail is the industry leading the list for attacked organizations in almost every cybersecurity report in recent years

Any organization that runs public applications must place security itself, testing and, if running bespoke applications, coding best practices on their critical path. This includes several considerations:
1.Deeply understand the Open Web Application Security Project (OWASP) Top 10
2.Emphasis on Security Test
3.Sanitize Inputs
4.Monitor Third-Party API’s and Integration
5.Authenticate everything for everyone

It’s essential to remember maintaining an IT security posture is an ongoing task that requires ongoing action and review. Place a security team of cyber-security experts which will consist of threat hunters and data analysts to predict how the most valuable data could be stolen and constantly look for signs that an intruder has gained access.

In some ways, the dangers of cybersecurity that organizations face are similar to the other disasters that occur naturally at the top of the global threat risk. It just takes one day a city or village may seem perfectly quiet, only to be torn apart by a raging storm or fierce earthquake the next day, too many organizations are lulled into a false sense of security today.

Current Issue
Businesses Getting Cloudy By 2025