With the proliferation of Internet access, and the explosion of online services over the past decade, more people continue to routinely share data loosely with more organisations. As apps and websites have mushroomed, control has fragmented. This, combined with the liberal sharing of personal information on social platforms and through unsecured channels, places identity data at greater risk than ever, and in some cases offers fraudsters an open door. It is clear that technology has changed the power differential with consumers taking the lead.
This is the hybrid world, where technologies are integrated to provide the benefits of multiple deployment models. As enterprises move to cloud, optimising their operations and utilising more technologies into their business processes, so does the interplay between applications become more complex, with security as a vital component since they are the basis of continued operations in the digital age.
The Internet of Things (IoT) is fast gaining traction in the marketplace. And, with its rapid rise has also come an increase in the backend data workload, which is putting tremendous pressure on networks. Nowhere is this felt more keenly than on legacy IT infrastructures and the security environments, and it will only become more pronounced throughout 2016.
The number of “things” connected to devices that are capable of being harnessed thanks to their connectivity and reliance on APIs have the potential to become a BOT for cyber attacks such as DDoS.
Although they will undoubtedly be alarming, such attacks will drive a demand for assured security amongst consumers, eventually leading to security being a key “must-have” feature for Internet devices. Unless organisations remain proactive, the ubiquity of connected devices presents a gold mine for attackers.
Therefore we expect to see more enterprises focusing on ensuring that their IT infrastructure is stable and secure enough to support the exploding data workloads as a result of IoT on their networks. And, on the consumer side of things, manufacturers of TVs and wearable devices will be putting security at the top of their priority lists.
The pervasiveness of mobile devices in Asia Pacific and the boom in Internet banking has spawned a myriad of increasingly sophisticated cybersecurity threats. In the first three months of this year alone, new variants of financial trojans Tinbapore and new Gootkit campaigns were found to target banks and financial organisations in countries such as New Zealand, United States and Canada, amongst others. These developments point to a rapid evolution.
For example, Gootkit performs preparation by using video recording functionality before launching actual attacks on financial institutions websites. This means that fraudsters now have the ability to study the internal processes of financial transactions within a bank and look for gaps in approval processes without having to be in the bank. This is an example of the creativity that cybercriminals of today possess and the effort they are willing to put into refining the process by which they approach their victims.
That’s not the end of the story. As financial institutions deploy more enterprise-grade applications and services across traditional data centre and cloud environments, the need to understand and control their security risks has never been greater. A well-run security strategy is not just about perimeter security; rather, it is to protect availability and confidentiality of information whilst supporting business processes. Understanding and controlling risks allows organisations to innovate by leveraging technology for competitive differentiation and new customer offerings.
Organisations that depend on their online presence for survival need a holistic security strategy. One that not only protects the organisation, its employees, customers and end-users against attack vectors, but is also able to react quickly to attacks in order to minimise damage.
Accordingly, as we go further into 2016, financial institutions need to strike an equal balance between protective postures – between pure defence and mitigate-and-react approaches. If the balance is tilted in one direction, the security strategy will not be as effective.