It is no longer a matter of if, but when. With the spate of cyber-attacks in recent years, any business that has not encountered online fraud should consider itself very lucky, but it is unlikely that luck will last for long.
The direness of cyber-attacks was recently illustrated when the NHS was the subject of a global ransomware attack that resulted in operations being cancelled, ambulances being diverted, and documents – such as patient records – being made unavailable. Computers in the UK were among the tens of thousands in almost 100 countries hit by malware that appeared to be using technology stolen from the National Security Agency in the US.
The cost of cyber-attacks is not just evident in the immediate aftermath, as TalkTalk found out last year when it was hit with a record £400,000 fine for the security failings that led to its hack in October 2015. The hack, which the information commissioner said could have been prevented with appropriate safeguards, resulted in the attacker accessing the personal information of more than 150,000 customers of the internet service provider. These attacks also come with a substantial price to the businesses involved. Financial Fraud Action UK reported that e-commerce fraud went up by 18% from 2015 to 2016 – costing £309m in total. This hike was attributed directly to the rise in success of these scams, which are designed to steal users’ details. It’s an area that payments company Braintree, a PayPal service, works to protect against, with tokenisation and fraud protection.
So at a time of frequent online attacks on both businesses and consumers, what can retailers do to combat the problem? David Emm, principal researcher at global cybersecurity firm Kaspersky Lab, said that not all retailers have advanced their security infrastructure.
“The constantly evolving threat landscape requires new defensive measures, one of which is the use of data encryption technologies,” Emm says. “Although more companies are encrypting data, they are not doing it at the levels needed to reduce the extent of these attacks.
“What is needed is a data-centric view of online threats starting with better identity and access control techniques, including multi-factor authentication and strong encryption to render confidential information useless to thieves.”
Also critical is for companies and security organisations to share information with each other so that online retail fraud can be tackled on a broad basis. “This means going further than just telling people what they should and shouldn’t do when it comes to using technology. It means demonstrating the various everyday scenarios, such as suspicious emails or random USB drives, that could put the company at risk, and fostering a security mindset that staff should apply to any situation they may encounter,” Emm says.
The advances in technology are being met with advances in companies’ spending to keep their information safe; US market research company International Data Corporation said thatbusinesses will spend more than $100bn(£77bn) by 2020 protecting themselves against hacks, up by more than a third from last year.
However, the National Audit Office – the public spending watchdog – recently said online fraud had been overlooked by the government, police and business and demanded an urgent response (just one in 150 police officers specialise in fraud).
To prevent the increasingly sophisticated fraud, there have been demands for business to take more action, including the use of artificial intelligence (AI) to weed out problems.
“Businesses need to use innovative techniques such as AI to analyse their data to spot and stop the bad actors in their online customers. And most of all they need to co-operate with each other, sharing their data and information, to properly define and defeat the problem,” said Martin Sweeney of Ravelin, a company which develops AI platforms.
Source: The Guardian