Tech M ties up with Hinduja CyQureX

Covid-19: Reimagining work with a zero-trust lens

by | Apr 22, 2020 | IT Security

Ensuring business continuity for borderless offices demands more extensive IT security frameworks.
Share to lead the transformation

The COVID-19 pandemic has resulted in widespread lockdowns. Commuting to workplaces has been suspended for all but a few essential-service organizations and personnel. To ensure business continuity, many organizations had to rush almost overnight to implement work-from-home (WFH) policies for their entire workforce. Understandably, when viewed from a ‘zero-trust lens,’ few have found themselves fully equipped to handle the surge in WFH scale, which is testing the robustness of the IT security fabric.

The state of running entire operations remotely is unprecedented! IT heads are scrambling with issues such as infrastructure availability and sizing to meet the growing demands. From a security readiness perspective, CISOs are seen doing comprehensive assessments to map the network usage patterns and risk aspects. With more employees working remotely today than ever before, the odds of potential threats have grown manifold. The biggest challenge for CISOs today is to make necessary tools and resources available to their virtual workforce without compromising confidential data.

The practical and effective strategy that works to address this challenge is ‘zero-trust lens’ approach to information security—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful.

The concept of zero trust security framework distinguishes between what’s necessary and what’s not. It stresses that everything cannot be critical and hence need not require full network access. Contrary to the trust-based perimeter defense approach, zero trust defines users and their job requirements. It provides people with adequate permissions to access applications and tools relevant to perform their job virtually, while withholding the rest of the corporate data. For instance, an HR department employee working remotely need not be given access to the sales department database.

In the current setup, it becomes even more important for CISOs to have visibility on what’s happening on the network. Looking at the fact that many employees may be accessing corporate information through personal and unfamiliar devices remotely, CISOs are expected to incorporate strong multi-factor authentication protocols to strengthen the zero-trust security framework. A strong multi-factor authentication protocol ensures controlled access to data repositories and specifies who may access information and under what conditions.

It is equally important for CISOs to educate their users regularly about not clicking insecure links and staying watchful of phishing emails, thereby preventing easy doorways to hackers and cyber crooks.

Even during these difficult times, organizations can operate to their fullest potential, if they enable their people in a right manner, using a ‘zero-trust lens’ framework to secure the borderless networks.

MORE FROM BETTER WORLD

A case for cloud-enabled COVID-19 sensors and loggers

A case for cloud-enabled COVID-19 sensors and loggers

Deepak KumarFinally, the Covishield vaccine has been approved for emergency use in India. Starting 2 January, a dry run commences for the vaccination program across the country. Hopefully, this will mark the beginning of the end for the century’s biggest threat to humanity. Use of COVID-19 sensors for temperature monitoring and control can help.  

COVID-19 has indeed been the biggest economic disruption in a century. However, it is also turning out to be a giant digital-transformation catalyst for the healthcare sector, with a windfall for the logistics sector along the way.

The necessary thrust for this rapid transformation come from the urgency to overcome transportation challenges for some of COVID-19 vaccine candidates. Leading pharmaceutical companies like Pfizer and Moderna, along with their tier-1 logistics partners like UPS and FedEx, have been at the forefront of innovating processes and technologies for the purpose.

The key challenge, as we know, has been to maintain the vaccine vials at temperatures as low as minus 70 degree Celsius until they get thawed and administered to people.

Warehousing and logistics innovations fast-tracked

As we know, the need for storing and moving around truckloads (and airplane loads) of mass vaccine vials at –70 degree C posed a giant challenge at the very outset for pharma majors, particularly Pfizer. Clearly, the supply-chain team at Pfizer started to perfect a shipping solution soon as the scientists initiated the vaccine development program in the labs.

By October 2020, while positive breakthroughs were being achieved by scientists in vaccine development, Pfizer’s supply-chain team had worked out end-to-end logistics plans with partners such as United Parcel Service (UPS) and FedEx to deliver vaccine boxes to various parts of the USA as well as to different locations around the world.

Transportation and storage need two-pronged strategy

GPS-based temperature monitoring on the move was an obvious solution but putting it into practice was not an easy task.

As we know, special boxes were designed for transporting the vials. Each box was fitted with temperature sensors and a GPS device, which was used for tracking the temperatures inside the boxes from a monitoring center. Already, in instances where the temperature of a box crossed an upper (or lower) threshold, any further movement of the box was stopped and it was immediately recalled.

At pre-shipping stage, UPS, for example, had created an ultra-low temperature (ULT) freezer farm, from where the shipments would be done to the destined locations. These ULT freezers too were equipped with COVID-19 sensors for monitoring and maintenance purposes. As per an article posted by UPS on its website, “Cloud connectivity will enable sensor-based remote monitoring, control and predictive analytics across banks of ULT freezers. A continuous stream of data will detect performance characteristics to provide critical “onboard” information to ensure proper sample management, leading to increased efficacy of biologics.”

“Future ULT freezers will introduce guided access capabilities, which will allow the tracking and visualization of vials in laboratory management systems and at freezer access points,” the article, penned by Dusty Tenney, CEO of Stirling Ultracold, further noted. Stirling Ultracold is the company making the ULT freezers for the storage of vaccines.

ULT freezers with Covid-19 sensors

Figure source: Stirling Ultracold.

Global distribution may need to be ‘with the box’

The company has readied the ULT freezers in three different form factors (see Figure), each suited for the three key stages of a vaccine supply chain. The large ULT freezers are designed for manufacturing and warehousing bases for storing large number of vaccine vials; the mid-sized models are aimed at large pharmacies and hospitals; and the portable models are well-suited for serving the needs of local points of care, including remote and mobile points. All these models can maintain ultra-cold temperatures in the range of -80 degree C to -20 degree C, and are fitted with COVID-19 sensors for monitoring and control.

For a global distribution framework to be truly effective, all these different form factors need to be used at their respective target locations. In other words, while the big boxes will need to be deployed at warehouses, the mid-size boxes will need to installed at the hospitals in cities across the world ahead of the vial shipments. This important to ensure that vials can be stored at these hospitals when the shipments arrive there in ultra-cold boxes containing vials protected with dry ice packs. (Dry ice can only keep the boxes at ultra-cold temperatures of -70 degree C for up to five days, and is not readily and sufficiently available).

Likewise, the portable ULT models also need to be shipped in advance in satellite vaccination centers and remote locations.

All the time, remote monitoring of the ULT freezers and vial boxes is constantly being done to ensure that the efficacy of the vaccines is not lost due to change in box or freezer temperature before the vial being thawed for use. 

While vanilla GPS solutions are being used for now, there is enough room for involving technologies like robotics and internet of things (IoT) in the delivery and monitoring process.

For example, if we consider the process of changing the dry ice in boxes, a human intervention could be time-consuming and hence cause the temperature of vials to rise to detrimental levels. However, with the use of robotics, this task can be accomplished in a safe and assured manner. As far as IoT is concerned, building management system (BMS) IOT connectivity is already available for Stirling’s ULT freezers.

The ULT freezers as well as shipment boxes for vaccine vials come fitted with COVID-19 sensors that can have battery lifespans of up to 10 years and support datalogging in the cloud, which makes them suited for real-time remote monitoring. For example, in case of Pfizer’s COVID-19 vaccine candidate, the solution comprises SenseAnywhere’s AiroSensors and Pt100 smart probes.

Why other vaccines too need digital monitoring and upkeep

Covishield, the vaccine candidate from Pune-based Serum Institute of India, may not require a very stringent temperature control and monitoring mechanism. The vaccines, which received the emergency-use approval and for which the dry run commences on 2 January 2021, can be safely stored in regular refrigerators. The storage temperature requirement for Covishield is 2–8 degree C, which also gives it a huge edge over other vaccine candidates in India.

Nevertheless, use of COVID-19 sensors can doubly ensure that the vials are constantly being maintained at the required temperature range. This is because power supplies can be quite unpredictable in smaller cities and towns and not all pharmacies and refrigerators are supported with power-backup facilities. By mandating that refrigerators used for storing vials be retrofitted with COVID-19 sensors for monitoring the temperatures, governments and health watchdogs can determine the efficacy efficiency of a vaccination program. In case of power failures and ineffectiveness of refrigerators, the necessary corrective actions may be taken in a timely manner.

Warehousing and distribution companies engaged in the logistics of COVID-19 vaccines would particularly need to get equipped with appropriate sensor mechanisms. It goes without saying that IT teams at these organizations will have a special role to play in ensuring integrated and foolproof solutions in this context.

See also How smartphones could be Covid-19 testing game changers

and Aarogya Setu needs to overcome more privacy issues

TCS finds its new growth mojo in DX

TCS finds its new growth mojo in DX

After a shaky start in the FY21, due to the pandemic-induced weak business sentiments Tata Consultancy Services (TCS), top global IT services, consulting, and business solutions firm, made a solid comeback in the latter half of the year. (See: Technology trends for businesses in 2020). TCS’s strong growth momentum is the result of its persistent efforts to build transformational solutions and robust business fundamentals. 

After seeing a drop in its revenues in April this year, the country’s largest software services firm successfully navigated the operational challenge of scale, velocity, and complexity in an unbelievable manner. Its net profit in the quarter ended September 30 rose nearly 5 percent y-o-y to ₹8,433 crores. The IT major had clocked a net profit of ₹8,042 crores in the September 2019 quarter.

A couple of days back, India’s largest IT Services firm’s share price reached an all-time high of ₹2,948 on the National Stock Exchange (NSE), with a market capitalization of ₹11. 03 lakh crore. One needs to note that TCS is the only company in India to reach this milestone after Reliance.

With its deep focus on the cloud, TCS share prices have made great strides this year, growing by more than 30% since March 2020. It was only because of its confidence in its capabilities to meet the rising Dx demands that TCS embarked on a recruiting frenzy even during the pandemic. It even declared salary hikes for its employees from October this year. (See: It turned out to be a good year for Indian IT services firms)

In Q2 2020 alone, TCS announced that it signed total contract deals worth $8.6 billion.

Let’s deepen our understanding of the secret recipe that has helped the IT major generate a positive climate around its growth even during crisis times.

Readying in time for Dx opportunities

TCS’s growth has been principally marked by its rising focus on cloud and accelerated digital transformation initiatives. Over the last twelve months, India’s largest software services exporter has made substantial headways into expanding its footprints in building new and innovative cloud offerings.

As discretionary spending and virtual work environment are gaining steam, businesses move from legacy to digital IT infrastructure. These changing dynamics have resulted in TCS witnessing strong growth across banking, financial services, insurance (BFSI), healthcare, and retail verticals in Q2’21. While BFSI grew at 6.2%, Retail saw a massive 8.8% growth and Life Sciences and Healthcare at 6.9% sequentially and 17.2% on a YoY basis.

The IT services giant has a strong focus on the BFSI sector, particularly in the wake of Europe’s growing demand. Most BFSI companies in Europe are reorganizing their IT structure and focusing on digital transformation, and this provides it a significant opportunity to accelerate growth.

In a statement issued to press and analysts recently, Rajesh Gopinathan, Chief Executive Officer and Managing Director of TCS mentioned that TCS’s revenues from Europe have more than doubled in the last five years. He reflected that substantial success was the result of TCS’s enterprise agility and machine first delivery model.

This year, TCS has also set up a new European cloud center in Finland to provide end-to-end infrastructure services. In 2021, the center is expected to expand even further to support its growing customer base.

On the acquisitions front, it announced a couple of purchases recently to beef up its BFSI portfolio – Frankfurt-based Postbank Systems AG and a certain percentage of  Ireland base Pramerica Systems from insurance firm Prudential Financial Inc (PFI).

The company is also focusing extensively on its agile-based Secure Borderless Workspaces (SBW) model, which it launched recently during the lockdown. SBW is a new cloud-based operating model for businesses to seamlessly deploy virtual workspaces while taking full advantage of existing talent ecosystems and related investments.

TCS Q2’21 growth performance

Region

Growth (in %)

India

20

EMEA

8

Continental Europe

6.1

Latin America

5

UK

3.8

North America

3.6

Asia Pacific

2.9

New focus areas

Amidst the pandemic, most global enterprises have fast-tracked their transformation initiatives to beef-up their cloud-based foundations for a safe and resilient remote-work environment. There is growing momentum towards deploying AI and automation solutions for future business continuity in the remote work environment.

Given the above, TCS has been working hard to integrate accessibility and contactless aspects into its most recent digital transformation solutions portfolio. It has also invested significantly to develop deep-technology expertise and strengthening cyber resiliency services with built-in service assurance, data segregation, and compliance with various local regulatory requirements. In October this year, the company unveiled 10 new threat management centers worldwide to provide cybersecurity services to its enterprise customers.

It also introduced several internets of things (IoT) related research and innovation programs for visionary and autonomous infrastructure, personalized medicines, and smart machines.

A wide range of research and development efforts are also being undertaken to create intellectual property (IP) on the sustainability front by leveraging emerging technologies and developing solutions around them. TCS is even venturing into data masking tools, cryptography, hash control, and access rights management for taking a substantial leap and achieve better growth in 2021.

Another crucial focus area for TCS is the machine learning approach, i.e., delivering cloud-based solutions based on AI, automation, and actionable insights to improve operational efficiency.

Maintaining a strong outlook

COVID-19 has turned out to be a catalyst for business transformation. Due to the pandemic-induced lockdowns, enterprises are rapidly scaling their digital efforts to reduce their operating expense, protect their market position, and ensure customer retention. As such, TCS, which is putting automation and new age technologies at the core of its comprehensive service offerings, is in an exceptional place to continue winning the trust of its existing clients and gain new customers

In 2021, it is expected that most enterprises will continue to see an exponential rise in their technology budgets to improve their innovation capabilities and redefining their customer experience. Touchless solutions and remote monitoring solutions, in particular, will gain significant adoption.

While TCS may see a slowdown in its accounting books due to pandemic-caused delayed revenue realizations, its strong technological fundamentals and cash position will make it an essential driver of change in many global companies’ digital transformation efforts.

By leveraging differential technologies, TCS is positioning itself to become a digital transformation leader and gain a future edge. 

 

Focus on DevOps set to grow more in 2021

Focus on DevOps set to grow more in 2021

Jatinder SinghThe coronavirus pandemic has caused an unprecedented impact on the operational and IT processes of nearly all organizations. With the role of IT changing from business enabler to mission-critical function, a growing focus on DevOps augurs well in a cloud-centric ecosystem shaping the enterprise world with breakthrough innovations.

During the crisis, one of the crucial learnings that have been identified by the enterprise leaders and everyone else is how important is the role of technology in enhancing people’s ability to continue to collaborate, work, receive essential services and learn new skills. (See: Top technology trends to look for in 2021)

The crisis also provided technology leaders an opportunity to re-energize their legacy ecosystems and reshape their business continuity plans. In light of this, DevOps, which is all about continuous improvement, is expected to play even a more crucial role in enhancing businesses’ digital capabilities in 2021.

DevOps is a software development methodology that blends software development with computing operations. Implementing a robust application methodology allows organizations to accelerate delivery and time to market in a competitive environment.

Let’s focus on some of the top DevOps trends that will shape the DevOps market next year.

AI-enabled automation

Automation is the foundation of DevOps and plays an essential role in building a robust application framework that can drive the future of agility. In 2021, AI-based DevOps automation tools will be extended across enterprise ecosystems. They will automate the incorporation of rapid data volumes, equip organizations better analyze data, and use it for automation or decision-making.

Artificial intelligence and Machine Learning, in DevOps will allow the DevOps team to review the problems and preselect the best solution after a complete assessment.

Emphasis on training, learning, and skill enhancement

Among top DevOps trends, DevOps training and learning will be a crucial priority for technology leaders. A study by DevOps Institute found that more than 50 percent of organizations prefer to build their DevOps teams from within the organization. But most organizations don’t have the luxury of creating a DevOps team from in-house resources. And due to the rapid decrease in IT budgets, it may not be possible to hire the best DevOps talent from the outside world.

As a result, organizations will increasingly focus on training and refinement of DevOps methodologies in-house in 2021.

Serverless architecture approach to grow

The technology leaders continually realize the inherent benefits offered by the serverless architecture approach. Serverless architecture is a monumental leap that gives advantages such as fully managed, scalable, and the pay-as-you-go model for DevOps applications. It also helps businesses improve delivery and quickly identify prototypes tailored to evolving customer needs.

The most significant benefit of serverless architecture is the pay-as-you-go model, which means you will pay only for resources that you would use. It’s one of the top DevOps trends that make DevOps cheaper and help many businesses reap their benefits in 2021.

Service Mesh to have more significance

Service Mesh is a built-in application infrastructure layer that facilitates data sharing across services and integrates actions such as encryption, load balancing, authorization, and verification. While Service Mesh may be a relatively new concept in DevOps, many industry onlookers believe that this is the best way for businesses to scale, secure and track apps, especially in the cloud-native application building process.

Security at every layer

As widespread telecommuting is becoming the new standard in the post-pandemic world, data governance, information protection, and compliance will be taken more seriously than ever. It will make it critical for enterprises to build mechanisms that give them full visibility into applications, networks, devices, cloud platforms, and other IT environment components. And DevOps is no exception either.

The DevOps model enables various cross-functional teams to collaborate effectively and make wiser decisions. However, as the DevOps model gets mature, it also faces the challenge of simplifying growing complexities in its applications.

In 2021, as one of the top DevOps trends, it is anticipated that companies will focus on implanting strong security layers to help teams collaborate without fear of threats to their network ecosystems.

With AIOps, organizations will put intelligence at the core of IT operations. There will be increasing stress on integrating artificial intelligence, machine learning, and analytics within DevOps. Concepts such as AIOps and DataOps will help businesses accelerate their software development lifecycle – build, test, release, deploy, and maintain – in 2021.

It turned out to be a good year for Indian IT services firms

It turned out to be a good year for Indian IT services firms

Back in March this year, when the Indian government announced a nationwide lockdown to break the chain of COVID-19 infection, doubts were looming large if the Indian IT Services firms would be able to weather the storm.

The situation was truly unprecedented! Employees in distress, a drop in consumer demand, frozen wages, and a struggle to adopt full-fledged work-from-home models. Top IT Services firms such as TCS, Infosys, HCL, and Wipro were all scrambling to find a way to deal with the crisis and revive their business continuity plans.

Global uncertainty had heightened the fears of a deep recession among all IT Services executives. The worst part was that the crisis had come when the GDP of the Indian economy was falling.

At that time, several industry observers called it an irreparable disaster for Indian IT Services firms. However, others were hopeful that India’s showpiece IT sector had a comeback potential. But even they could not envisage that the resurgence would be too quick.

Better deal flows

In Q12020, the pandemic outbreak stalled the growth of almost every software services exporter. However, since July this year, the top IT majors have announced about half a dozen large strategic deals that indicate strong growth momentum for the industry in 2021 and beyond. Infosys large deal with Germany’s Daimler AG and American investment major Vanguard; Wipro’s with German multinational Metro AG; and HCL’s with Swedish telecom giant Ericsson are some of the major highlights during this period.

Infosys’s Vanguard transaction, valued at $1.5 bn, is the biggest deal ever signed by the tech major in its history.

All the Indian IT services firms saw a massive upsurge in their stock market fortunes throughout the year, indicating stronger investor sentiments despite the pandemic blues. For instance, the TCS stock has gone up over 24% compared to the pre-pandemic days in February; Wipro’s stock saw 20 years high at Rs 385 and Infosys’ recorded a 52-week high share price at Rs 1,259.

Tech Mahindra, a mid-tier IT Services player, saw a record new high of Rs 909 in November 2020 on the BSE due to its large deal pipeline and 5G focus.

Silver lining of new possibilities

In the wake of the growing location-independent digital workplace, enterprises are increasingly focusing on modernizing their architectures, deploying public, private, and hybrid multi-cloud models. There has been a sharper focus and resurgent demand for analytics, intelligence, insights, cybersecurity, and operations outsourcing to improve customer experience, employee expectations, and meet diverse information security needs. (See: Tech Cos take M&A route for digital transformation supremacy)

This has provided a mammoth opportunity for IT Services companies to address these challenges by delivering high-set engineering solutions to make the organizations productive and agile. (See: CIOs’ digital transformation focus accelerates recovery for IT firms)

The credit should go to the rapid technology investments made by IT services majors to respond to enterprises’ new critical challenges. (With Encore buy, Wipro eyes DX edge in fintech)

Indian IT Services firms have been aggressive and acquiring capabilities to address the structural changes in the delivery models and long term consequences of the pandemic in the times to come. Moreover, they also offer a low-cost delivery model, helping them race ahead even in tough times.

Skeptics, who had slammed the Indian IT services firms before the pandemic and doubting if it had reached a maturity stage in terms of growth, are being proven wrong. 

 

SolarWinds hack: CISOs need to revisit cyber resilience?

SolarWinds hack: CISOs need to revisit cyber resilience?

What many organizations feared came true! The year 2020 brought another shock to the business community last week with discovering a new cyber-attack, SolarWinds hack’ in the United States. The attack is an opportunity for enterprises and CISOs to reflect on their cyber resilience strategies. (See: Top enterprise cybersecurity trends of 2020)

For the unversed, California-based cybersecurity company FireEye uncovered the SolarWinds hack last week and estimated that the cyberattack campaign might have started as early as Spring 2020 and remained undetected for months.

The cyberattack emerged as one of the largest ever targeted against the U.S. Government and several other global companies, threatening organizations’ cyber resilience levels. To date, dozens of emails from the U.S. Treasury Department have been confirmed as compromised.

The attack was hurled by cybercriminals who hacked the infrastructure of an American I.T. Software company, SolarWinds, and then used illegitimate access to insert malicious code in the software updates that the company sends out to its 30,000 plus clients that also includes several departments of the U.S. Government. SolarWinds stated that the updates issued between March and June 2020 were contaminated.

Several industry onlookers have also slammed SolarWind’s lackluster approach to conquer its shortcomings. For instance, the Chief Information Security Officer’s (CISO) longstanding vacant position from its board and notifications issued to customers around deactivating antivirus tools before installing SolarWinds software.

Far-reaching effects

While the timelines of the SolarWinds hack are still unfolding, the SolarWinds breach is disturbing to the whole of the I.T. industry as it can have a far-reaching effect on many big organizations’ networks, questioning their cyber resilience levels.

The SolarWinds breach reflects that most organizations are appallingly unqualified to detect and prevent such kinds of software supply chain attacks. SolarWinds boast that it has been working with 425 of the U.S. Fortune 500 companies and hundreds of universities and colleges globally. This means that the severity of the attack can be severe in the coming days.

Top tech companies, Intel, Microsoft, Cisco, and NVIDIA, have all confirmed their exposure to the malicious software and undertaking necessary investigations to gauge the impact.

In a column published in the New York Times, Thomas P. Bossert, a former domestic security adviser to President Trump, notes that supply chain attacks of such magnitude require significant resources and sometimes years of execution.

Bossart also opined that a foreign state might have launched SolarWinds hack in a well-orchestrated way. These evaluations, if proved correct, can be more hazardous. For instance, in war-like situations, confidential data of governments can be modified or erased by hackers instantly to cause financial loss or take undue strategic advantage.

Stresses lack of preparation of organizations

As we move into 2021, the Solar Winds hack event has once again reiterated nothing is completely secure in this ever-evolving threat landscape. Indeed, no vendor or solution can fully guarantee to protect the networks of an enterprise. Perfect information security is a myth, but the key is resilience. (See: How COVID-19 has changed cybersecurity focus for 2021)

The last few weeks must have been more strenuous for CIOs and CISOs who would need to spend long-hours evaluating the impact on their networks, systems, and data from the SolarWinds cyber-attack. It’s time for enterprises to seek responses to some of the key questions more vehemently:

  • Do you have a contingency plan to combat accidental breaches and unknown threats?
  • Do you depend upon a single security vendor (say, for VPN, network monitoring, and network slicing) or want to onboard different security vendors to safeguard our networks?
  • Can you change our defense approach to strengthen our cyber resilience levels?
  • Are you regularly testing our multiple endpoints and operating systems and keeping them secure?
  • Have you evaluated the risks of third-party software vendors and analyzed their ability to combat sophisticated threats?
  • Is your service-level-agreement updated?

The SolarWinds hack event could be a catalyst for technology leaders to rethink and analyze all their security solutions and potential gates of network vulnerabilities in the context of modern-day technologies. There might be many undisclosed portions, and more details around the impairment from the breach is likely to continue to come out in the next few weeks.

 

 

 

Cybersecurity threats loom larger on e-tailers this holiday

Cybersecurity threats loom larger on e-tailers this holiday

Cybersecurity threats are looming large to get the advantage of homebound shoppers, who are mainly relying on virtual shopping this holiday season to prevent coronavirus spread. From great shopping days to Black Friday sale, every year, the entire December and January month help retailers generate huge revenues and buyers getting deep discounts.

This year, there is a reason for e-retailers to be more vigilant against cybercriminals who could take advantage of the massive human traffic on their sites to conduct fraudulent online transactions.

According to the latest security report on the 2020 Holiday Season from McAfee, a global computer security software company, there were 419 threats per minute in Q2 2020, increasing almost 12 percent over the previous quarter. It notes that the ongoing COVID-19 pandemic has compelled more people to opt for online shopping this year. Over 68 percent of Indians have increased their shopping activity this year. These threats are likely to scale new heights during the ongoing holiday season.

The spike in web traffic can be a source of joy for many e-retailers who have been hit hard due to the pandemic’s driven economic instability. However, it has also expanded threatening surfaces that could lead to cybersecurity disasters.(See: How COVID-19 has changed cybersecurity focus for 2021 and Combating cyber threats in the new normal)

Threats in the era of new behavior

It is evident that with increased e-commerce operations during the COVID-19 pandemic, the retail sector has become very lucrative for cybercriminals. This is primarily because these sites retain sensitive customer information such as name, contact details, and credit card/ debit card numbers.

According to findings by cybersecurity firm Imperva Research Labs, the volume of attacks on retailers’ APIs has far exceeded average levels this year. While the majority of the attacks occurred from bot activity, leading attack vectors for retail API attacks in 2020 to include cross-site scripting (XSS) (42%) and SQL injection (40%).

DDoS attacks, phishing, and emailer frauds have also peaked at new scales this year. Imperva observed an average of eight-layer attacks per month against retail sites, with a significant peak in April 2020 as lockdown measures led to an increase in demand for online shopping. It is, therefore, essential for e-retailers to devise a robust strategy to address these cybersecurity threats.

In April this year, Japanese multinational consumer electronics and video game company, Nintendo, suffered a massive cyberattack on its official website, leading to data theft of over 300,000 Nintendo customers.

Many of these accounts were put in jeopardy and used as unsolicited purchases. Cybercriminals also leaked sensitive customer data such as name, password, date of birth, and payment information on the Dark Web, making a loss of brand reputation and goodwill of the Kyoto-based society. With the number of transactions witnessing a steep hike, both consumers and organizations are seeing the rise of holiday cybersecurity threats and need extra surveillance in order to stay secure.

Fraud prevention strategy

Regardless of what many industry observers say, e-retailers continue to hurt most by cybersecurity threats. For them, the only way out of cybercriminals’ grip is by employing the best class identification solutions that can fully secure their cloud infrastructure without impacting convenience.

E-retailers need to keep their cloud infrastructure up to date and proactively explore intelligent cybersecurity solutions to prevent their websites from hijacking.

Some of the best cybersecurity practices that e-retailers can espouse through advanced security solutions:

Address verification service (AVS): One of the most prevalent measures to keep fraudsters at bay is AVS. It’s an automated mechanism that matches the billing address with the payment instrument’s address, say, a credit card, to identify suspicious transaction activity.

Location monitoring: Those transactions where the shipping, billing, and the IP address are in proximity are usually safer transactions. If there is a significant remoteness between those addresses, the account or transaction must be supervised more closely. Various solutions are supported by advanced AI and analytics technologies available today that can help e-retailers monitor transactions on their sites and check for suspicious behavior.

IP address legitimacy: Fraudsters often mask their IP address to place orders with online retailers to avoid being tracked. Using cutting-edge technologies such as zero-trust and cryptographic network protocols, online retailers can prevent and mitigate such spoofing attacks. (See: Covid-19: Reimagining work with a zero-trust lens)

Multifactor authentication: A robust multifactor authentication protocol ensures digital users’ authenticity and provides secure access.

Keep your users informed: All e-retailers must keep their customers up-to-date on the latest cyberattacks and measures to navigate with caution. Information about how to keep a strong password and secure their information should be communicated frequently to customers.

There are many other modern-day tools available that can help e-retailers secure their networks from holiday cybersecurity threats. They should consult with their cybersecurity partner to ensure a secure online retail experience and prevent cybercriminals from taking unassailable advantage.

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Join to get the latest updates from Better World.

You have Successfully Subscribed!