Australian businesses will be critically exposed to data breaches as a result of exponential growth in mobile e-commerce unless they dramatically ramp up their focus on IT security, according to global consulting firm Protiviti.
In 2013 alone, almost 300 billion mobile transactions worth more than $930 billion were processed. By 2015, the number of mobile apps developed for smartphones and tablets will outstrip PC-based software four time over, and by 2016 more than half of the world’s top 1000 companies will be storing sensitive customer data in the cloud.
Protiviti managing director Chris Grant says, “The rapid shift from desktop to mobile internet services and from traditional data centres to the public cloud will open up a whole new world of security vulnerabilities for businesses that are unprepared for the risks”.
Australia ranked second in the world as most likely to experience a data breach from malicious or criminal attack, which is the most costly breach category for companies (according to the Ponemon Institute 2013 Cost of Data Breach Study).
“Despite these threats, many businesses remain dangerously complacent about their exposures and continue to seriously under-invest in IT security,” Grant says. “Australian companies typically allocate only 1 to 2 per cent of their IT budget to security, even though benchmarking from reputable organisations like Gartner recommends a minimum spend of at least 2 to 7 per cent, depending on factors such as regulatory requirements and individual risk factors.”
To combat risks from e-commerce, Grant recommends a ‘defence in depth’ strategy, which involves the coordinated use of multiple IT security measures to protect the organisation’s information assets on several fronts.
“These include having robust server and application security which should include a clear policy for when it’s appropriate to use the cloud. Also critical are message confidentiality and integrity measures so that communications between transacting parties are private and not able to be tampered with, and authentication and authorisation protocols so that parties are properly identified and authorised to make the relevant transactions,” Grant says.
“Sound audit controls should also be implemented so that breaches or other unauthorised activities can be quickly detected. And lastly, payment processing and settlements need to be secure and compliant with the Payment Card Industry Security Standards which protect against credit card fraud.