Why companies may need to implement new security architectures in a cashless society
The security of any organization should be a board issue as its impact affects the organisations strategic position and brand. Security has to be implemented in a top-down approach with the board setting the tone, direction and tolerable risk levels.
The current security architecture of many Nigerian companies can be likened to a house that has a wooden foundation, a glass wall and a steel roof. This is one major reason why despite the recent huge investments in information security by some companies, there are still many “cracks in the wall” and security breaches easily undermine such investments. What do we mean by this?
Let us take the financial institutions as an example. Over the years many companies have been very reactive as regards security because their security architecture was driven by the prevalent security issues or regulatory requirements at the time. They probably have never come together as a business to draw up a comprehensive security architecture that aligns with the organization’s strategic direction, or that defines the organization’s DNA for security processes, and explains how technology and personnel will assist to drive these strategy and processes.
There was a time when the major issue faced by Nigerian Banks was centred on ATM frauds; major security investments at that time had one singular goal – to reduce ATM fraud. As a result, many banks experienced significant decrease in ATM fraud over time. Also, there was a time when the Central Bank of Nigeria (CBN) mandated banks to implement Payment Card Industry Data Security Standard (PCIDSS) and Banks had to develop a target architecture that met the PCIDSS requirements. This only addressed card holder data and there were still untendered and vulnerable areas in some banks’ infrastructure that did not have adequate security investments.
The current practice in several organizations is to continue to build upon existing security architecture designed for specific battles in the past to address new security threats as they arise. This model usually leads to problems, it is very costly and likely to lead to a lot of wastage. Once the base is weak, the building faces a high risk of collapse. With the advent of the cashless society, companies can lose a significant part of their shareholders value at the click of a button.
According to a recent review of the cashless system in Nigeria, it was reported that Point of Sale (POS) deployment increased drastically from about 5,000 in 2012 to 153,167 as at April 2014. Transactions valued at ₦24 billion were recorded in April 2014 compared to ₦99 million in January 2012. If we have these numbers just from POS terminals, then it is only left to the imagination the amount of funds traversing other electronic channels – but more disturbing is the risks posed by threats to these transactional media.