Mr Bhatnagar has been handling his role in PCI SSC for the past 3 years. His main responsibilities have been to raise awareness around the importance of payment data security and the adoption of the PCI security standards – especially in a market the rising threat of cybercrime and data security breaches are an ever-increasing concern in the country. He also continues to work towards highlighting how the PCI SSC’s Participating Organization (PO) program provides Indian businesses with the opportunity to participate in the development of standards alongside global companies.
The rising threat of cybercrime
India has increasingly moved towards a hybrid way of working since the beginning of the pandemic. In this environment, more companies have been conducting their business online which has led to a rise in digital transactions. While this has enabled many businesses to scale their operations, working faster and more flexibly, the risk of cyber fraud and data breaches have also risen. In fact, Interpol’s 2021 ASEAN Cyberthreat Assessment found that while the pandemic accelerated digital transformation it also drove a surge in cybercrime last year. The report also highlights the fact that cybercriminals have been capitalizing on the pandemic by exploiting COVID-19 response messaging to target remote workers and steal their personal information or gain access to their company’s networks. This enables the cybercriminals to then exploit the individual or their business for their own financial gain. In this environment, data security has never been more important.
The challenges of hybrid working
It is clear that the rise of remote working has added a level of convenience to many of our lives, but it has also added a layer of complexity in ensuring our working environments are secure. The hybrid world of work has seen cybercriminals inventing new methods to target remote workers, with more channels now available to intercept and steal payment data. As such, companies are currently facing new security risks as cybercriminals continue to evolve different methods to gain access to company data, consumer information, and intellectual property. In fact, according to a report published by security solutions firm Barracuda, 87% of Indian companies were victims of cyber security attacks in the past year. This demonstrates the pivotal importance for businesses to ensure that all their employees are aware of and are following best cybersecurity practices.
While security threats have always been a challenge for both small and large organizations, according to a recent IBM report, the average cost to tackle a data breach has increased by approximately INR 8 crores due to the rise of remote workers, the largest single-year cost increase in the last seven years. In fact, cyber-attacks have increased by 400% due to remote working according to the Society for Cyberabad Security Council (SCSC). This increase has been driven by social engineering attacks, where cybercriminals manipulate a user’s behaviour into divulging confidential information, such as personal data, or performing certain actions, such as providing access to an organizations’ servers.
More recently, cross-site scripting (XSS), a process that injects data into otherwise trusted websites, and man in the middle attacks (MITM), which intercept an existing conversation or data transfer, have also gained prominence. According to Sentient Digital Inc, last year XSS attacks accounted for approximately 40% of all data breaches worldwide. As cybercriminals are constantly inventing new ways to compromise cardholder data, so too must businesses continually look to improve their cybersecurity practices to combat cybercrime to reduce their risk of financial damage.
Combating cybercrime through robust work from home training
Cybersecurity should be a top priority for every business and the ingenuity of cybercriminals to develop new methods to steal sensitive data demonstrates the critical need for businesses to invest in the appropriate training. Cybersecurity training can help establish best cybersecurity practices and shared accountability throughout an organization. By ensuring employees are adequately trained and aware of the various cyber-attacks they may fall victim to, businesses can better mitigate the risks of potential cyber-attacks. Additionally, by equipping employees with modern tools and the latest threat intelligence, they will be able to identify and respond to attempted breaches more confidently.
With the sudden shift to more employees working remotely, PCI SSC developed a specific Work from Home Security Awareness training to establish best security practices when working from these remote environments. This 45-minute training has been designed to be low cost and beneficial for all people, not just IT professionals, to make it easier for organizations to establish best security practices across their entire business.
Although businesses are now focusing on training their employees and investing in cybersecurity to maintain smooth operations, specialized programs on security awareness are crucial. According to a recent study by Infosys Knowledge Institute, cybersecurity is still the top concern for 67% of organizations, showcasing the importance of equipping and upskilling employees to enable them to operate efficiently and safely in the hybrid working world.
Benefits of a cybersecurity training
PCI SSC’s cybersecurity training aims to help learners identify common cyber-attacks and what steps to take to avoid unauthorized sharing or disclosure of sensitive data. It supports employees by providing additional guidance on securing remote working environments and best practices, including tools and additional insights into threats they need to be aware of in order to help secure payment account data.
The training emphasizes the need to understand security responsibilities and best practices so that individuals can better apply specific handling requirements and keep data secure. By training their workforce, organizations can better understand information security policies and why they are important to maintaining a secure cardholder data environment.
It is important to train all employees regardless of their level of expertise on the subject to provide them with tangible, real-world insights on security requirements and best practices. Through the appropriate training, businesses can empower their employees to better support their compliance efforts by providing them with the tools and knowledge to better adhere to security requirements and best practices while working remotely.