/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/post_banners/wp-content/uploads/2021/09/sanjay-manohar.jpg)
E-commerce security is a major issue today. Lot of spam traffic is coming to online platforms. Sanjay Manohar, MD, McAfee Enterprise, India talks to us about these issues.
What are the current challenges in E-commerce security?
Sanjay Manohar - E-commerce websites are big targets for cyberattacks given the large consumer base they often cater to and because they also facilitate payment transactions for a large number of users. There is a looming threat of bad actors attacking the host server and not just stealing confidential data but also corrupting it with malware and viruses. E-skimming which leads to breach of sensitive credit and debit card details has become common, directly hampering the trust of consumers. While SQL injection attack gives access to view and manipulate any information in a database, cross-site scripting (XSS) allows an attacker to inject malicious scripts into trusted websites.
It is said that a massive spam is coming from the Datacentres to the websites, which is upstaging their traffic metrics. What are the challenges of Cloud and Datacentre security?
Sanjay Manohar - Datacentres have a network of servers with their own IP addresses and there are organisations who allocate these IP addresses to different users or companies. Sometimes companies get a range of IP addresses and provide a proxy service to their users. Fraudsters like to use such services since click fraud prevention methods and spam blockers block users from making too many requests in a short period of time. This is how fraudsters route their bots through data centers and proxy services to avoid detection and spam users by changing their IP addresses.
Securing the cloud and datacentres is an intensive process. Security needs to be built into the overall data center and cloud architecture from the ground up rather than as a bolt on. Organisations are increasingly embracing hybrid cloud environment where data is hosted across private cloud and a third-party data center. The aim is to achieve the cost efficiencies and agility of public cloud and ensure control and security provided by a private cloud. But the move to cloud creates unique security challenges that must be addressed to maximize protection and compliance.
One main challenge is the lack of visibility into all traffic to ascertain the organization is not victim to a targeted attack. Another key cloud challenge is providing security at the speed of the cloud deployment while still maintaining compliance. As the IT team moves to a more dynamic and agile model, network security needs to adapt just as fast as the cloud. Unfortunately, point security solutions don’t scale and so can’t migrate automatically with virtualized workloads. Another key challenge is the limited ability to manage security policies and ensure strong service-level agreements (SLAs) to support business demands. IT typically has insufficient security staff to manage security effectively and efficiently across different cloud environments.
To protect your organisation against both external attacks and insider threats means you can’t have any gaps in your cloud security environments. For external attacks, you want to discover and block inbound attacks at the perimeter and detect and block outbound command-and-control server communications. For internal threats, you must be able to find and remove malware from virtualised servers within the data center and block attacks stemming from privileged user accounts. To achieve these goals, you need complete security visibility, dynamic protection, and efficient policy management across your private and public clouds. Complete security visibility of all cloud workloads is mandatory to protect your organization because you cannot protect what you cannot see. You need simplified security management that optimizes staff resources and empowers them to efficiently deliver on SLAs while keeping the business protected.
How can technology outsmart security issues?
Sanjay Manohar - Technology today is revolutionizing many sectors. It has transformed the way businesses function today, and advancements in cutting-edge technologies like artificial intelligence, machine learning, IoT, blockchain, 5G are helping to create new business models as well as bring in new levels of efficiencies into existing ones. Having said that, all this sophisticated new tech has a flipside too – it’s also available to malicious actors. So more than technology, the onus is on the people who’re implementing it to make the difference and stay one step ahead of cybercriminals to maintain an effective security posture.
Malicious actors are becoming increasingly innovative with newer ways and techniques to hack and access sensitive data. They are also capitalising on people's lack of awareness and understanding of how these technologies work in addition to the undiscovered holes in new systems' security.
In a bid to stay ahead of cybercriminals, security professionals need to continue to bring in their A-game and upskill themselves on the latest technologies. Since cybersecurity is a team sport, collaboration across teams in an organisation and different enterprises can result in an improved effort to hunt fraudsters while also being future-ready for the unavoidable zero day when a disruption does happen. In today’s day and age, cyberattacks are imminent and how quickly a business can identify a breach, assess the impact, and mitigate the damage/risk is what will make the difference in ensuring business continuity.
How can the MSMEs secure their organisations with limited resources?
Sanjay Manohar - Engaging with competent partners who would help them in risk assessment and suggest the right security solutions will certainly prove beneficial. Medium-sized organisations with adequate capital could also engage with consulting firms and managed security service providers who cannot only offer visibility of the threat vectors but also provide managed security services, without needing to invest in skilled IT security resources.
Lastly, digitisation will also enable MSMEs to transform their business and differentiate themselves from the competition. Better use of e-platforms, enhanced payment and delivery services, a robust data privacy system, and targeted skill-building can help them to propel their digital transformation journey and derive significant business benefits.