Documente Academic
Documente Profesional
Documente Cultură
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
CWASEAN
The monthly magazine from Computer Weekly focusing on business IT in Southeast Asia
JULY 2016
BLACKJACK3D/ISTOCK
DATA SECURITY
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
DATA SECURITY
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
suggested Comelec had not properly secured the automated voting machines scheduled for use in the upcoming elections.
Both groups are loosely affiliated with their respective wider
hacker collectives, he said. If this attack was indeed perpetrated
by these groups, as has been claimed, then this is a case of an
attack being carried out by cyber criminals known as activists.
ELMER B. DOMINGO/WIKIMEDIA
DATA SECURITY
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
However, it does not help if governments rush to a deny security breaches that make it to the headlines, according to Cathy
Huang, research manager at IDCs Asia-Pacific services and cloud
research group.
The denial of this hacking incident reflects typical behaviour
when an organization has been hacked or their data has been
breached, she said.
DATA SECURITY
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
CW
TechTarget/CW ASEAN
55 B/C Tanjong Pagar Road
Singapore 088476
2016 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without
written permission from the publisher. TechTarget reprints are available through The YGS Group.
About TechTarget: TechTarget publishes media for information technology professionals. More than 100 focused websites
enable quick access to a deep store of news, advice and analysis about the technologies, products and processes crucial to
your job. Our live and virtual events give you direct access to independent expert commentary and advice. At IT Knowledge
Exchange, our social community, you can get advice and share solutions with peers and experts.
SECURE PAYMENTS
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
ecurity of customers details is the top payments concern for 68% of ASEAN retailers, according to the Global
Payments Insight study by ACI Worldwide and Ovum.
The study asked more than 1,600 executives at banks, retailers
and billing organizations of which 176 were from the ASEAN
region about their experiences, perceptions and expectations of
payments and how this is shaping their behaviour.
The study found that competition and security are the most
pressing e-commerce issues that are driving investments in payment systems in ASEAN. But retailers are fearful that the fast
adoption of new payments technology is risking data security.
The need to offer a wide variety of payment [systems] is
a growing trend in the past 12 months, said Leslie Choo, vicepresident of ASEAN at ACI Worldwide. With new competitors
offering more payment types, retailers have to offer these to compete from a user experience perspective.
Alternative payment methods are a big deal because card
usage or adoption can be very low in some ASEAN countries,
Choo added. Social payments and mobile are also big areas of
interest. Some 53% of retailers interviewed expect to increase
their investments in payment systems in the next year.
IDC agreed that there is a wide variety of mobile payment
options in Southeast Asia.
SECURE PAYMENTS
Home
TYLER OLSON/FOTOLIA
Theft of customer
data is top payments
technology worry for
ASEAN retailers
(fintechs) are entering ASEAN retailers, with 20 to 40% of retailers choosing to work with a startup.
For example, 40% would work with a startup for mobile QR code
payments and location-specific payment and loyalty services.
Paul Thomalla, senior vice-president at ACI Worldwide, said:
For all of these organizations, the key takeaway is that competitive pressures are driving up spending in the marketplace.
Spending small, incremental amounts will only lead to an erosion
of market share.
Thomalla added: The payment initiators of the world want to
work directly with payment operators. By doing so, they will be
able to lower payment costs, reduce complexity and increase
investments to stave off the threat of new competitors. n
Singapore is first ASEAN nation to get Apple and Samsung mobile payment services
cw asean July 2016 7
CYBER INSURANCE
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
n simple terms, there are two sides to every information security program: protection and response. A successful cyber
security program requires both. However, on both sides of the
coin, organizations must deal with five realities:
nT
here are things that they have under control and completely
operationalized.
nT
here are things they can handle, but its a pain to keep on top
of them.
nT
here are things they have to work hard at but can still manage somehow.
nT
here are things they dont know how to deal with, and
investing in process, technology or personnel will not make a
material difference.
nT
heir program is defined and managed by humans and
humans make mistakes.
The question is: how can companies deal with these inevitable realities, especially recognizing that they wont be able
to detect every attack before the damage is done or successfully mitigate every incident without a negative impact to
the business?
Necessary evil
So is cyber security insurance a necessary evil for every company
to consider? Or is it a viable option for only a few? To answer
these questions, it is important to look at the role cyber security
insurance plays within an enterprise security program but only
after determining what cyber security insurance actually is.
During the RSA Conference 2016 in San Francisco, cyber security insurance was the focus of several presentations and discussions. Experts in technology and financial services described how
it fits within a modern enterprise security program.
According to some people in financial services, the concept of
cyber security insurance or cyber insurance has been around for
CYBER INSURANCE
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
Critical component
Cyber security insurance does not replace security best practices, but experts say it is a critical component that fills the gaps
of a solid, well-thought-out security program.
Any security professional will tell you that you can never be
100% protected against an attack, said Jonathan Niednagel, CEO
and co-founder of DatumSec, a risk assessment firm based in
Altadena, California. If this were true, then best practices and due
diligence should get you 95% of the way there, and cyber insurance should cover the remaining 5% exposure. Too many professionals think they can accept lax security practices because they
are covered by insurance; this could not be further from the truth.
CYBER INSURANCE
Home
Theft of customer
data is top payments
technology worry for
ASEAN retailers
covered by insurance
Jonathan Niednagel, DatumSec
Ken Allan, global information security leader at Ernst & Young,
said some enterprises find the obstacles to obtaining a sound
cyber security insurance policy too great to overcome.
One of our large banking clients conducted analysis to figure
out what it could do with its cyber security investment looking
at whether or not it could spend more money to protect more
critical items, he said.
In some cases, the technologies were so complex, and the cost
to purchase and manage them didnt justify an investment. The
bank chose to cover that risk area with cyber insurance. n
AINOA/FOTOLIA
Hidden attackers
HOME
cw asean July 2016 11
Theft of customer
data is top payments
technology worry for
ASEAN retailers
Theft of customer
data is top payments
technology worry for
ASEAN retailers
Hunting skills
Secret methods
Theft of customer
data is top payments
technology worry for
ASEAN retailers
Theft of customer
data is top payments
technology worry for
ASEAN retailers
what a software developer came up with for them to do. You need
people who can work at a raw data and content level and know
how to create new methods of detection, or at least hypothesise a
new compromise vector that you have not considered previously.
hunters for hire. Attackers have to get in some way, then they
need to obtain credentials and start moving around to target the
data, and then they have to get that data out, so that is where
we focus our attention rather than becoming caught up in chasing IOCs [indicators of compromise]. He says this approach has
proved useful in establishing the scope of an intrusion and finding
things that targeted organizations were not yet aware of.
Theft of customer
data is top payments
technology worry for
ASEAN retailers
might ask. Being able to come up with and test a theory quickly
In the face of the global shortage of cyber security skills, Yoran
and then refine and validate is really important for any cyber
is urging organizations to grow their own hunters by providing the
defence team because it gives you the chance to come up with
right environment for the most creative IT security professionals
a technique to detect, says Nanson.
to flourish, develop and hone their skills.
While a growing number of organizations recognise the need to
Hunters may not be the norm currently, but that is changing,
be more proactive in their approach to security, most lack the necand Yoran is one of the security industry figures encouraging the
essary human resources even to pursue hunting at the most ruditrend. If you dont have hunters, grow them, or at least dont stand
mentary level, which in many cases
in their way. Let them evolve into the
may be all that is necessary, while in
hunters you need, he said at the RSA
other cases, outsourcing the hunting
Conference 2016 in San Francisco.
f you don t have hunters
function to suppliers with state-ofYoran called on firms to focus their
the-art capabilities would make more
technology investments on supplegrow them et them evolve
sense.
menting and enhancing their security
into
the
hunters
you
need
Many firms would not need someteams native capabilities to make
one full-time to reverse-engineer malthem smarter, more efficient and
Amit Yoran, RSA
ware, so it would be cheaper to outmore scalable. He said they should
source that, says Myers. However, if
invest in technologies that give commost of the organizations weve been called into in the past year
prehensive network visibility to enhance human creativity and
had been more proactively hunting, they would have easily halved
problem-solving, and to create a culture that embraces the smart
their exposure time.
creative, the free thinker and the curious.
Free your people to chase the why, he said. Allow, train and
Grow your own hunters
equip your people to be hunters. Focus on empowering them with
For this reason, more companies are now seeking to have an
the tools that fuel their curiosity to find the answers they seek.
in-house hunting capability in some cases to have a specialDoing things differently is at the core of hunters-for-hire busiist on board who can derive and apply insights from company
ness Raytheon Foreground Security, which also provides the
investments in state-of-the-art technology and in other cases to
opportunity for customers to grow their own in-house capability.
avoid future cyber attacks. In that capacity, organizations must
The demand for hunter-supported security operations centers
be proactive to succeed, says Amit Yoran, president of RSA.
is mainly from big government agencies and suppliers of critical
.L
Theft of customer
data is top payments
technology worry for
ASEAN retailers