The digital revolution has transformed the world with its focus on time, speed, reach and quality. As its broad sweep continues to touch almost every aspect of our lives, cyber criminals have found its all encompassing ecosystem too lucrative to wreak havoc. Hence, the challenge before everyone connected to the digital world, with its vast repositories of sensitive government, business and personal customer information, is to remain ever vigilant with new safeguards put in place. The threat of data breach can not only impact the lives of end customers but can also ruin the brand equity of companies and institutions. Given the enormity of the threat of cyber crime, security testing experts often find themselves at their wits’ end while strengthening data security measures. As customers’ lives begin to be increasingly governed by software applications, the need for companies to make software security testing an important part of the overall SDLC, has become the sine-qua-non to fight the menace of cyber crime.
The digital platform has opened new vistas that till a few years back were considered part of science fiction. Today, there is hardly any activity that has not been touched by the digital revolution, more so after the advent of smartphones. Of late, we have become so dependent on software applications that willy-nilly we have become party to share sensitive personal information with app developers. Although increased digitization has made our lives easier, it has spawned a new threat of cyber crime that many of us have fallen victims to at some point of time or the other. The threat is not confined to common customers alone but applies to businesses, institutions and governments as well.
There have been many instances of data breach or breach of data security measures in banking institutions leading to a loss of people’s confidence in the system. It appears a constant game of cat and mouse is being played between security testing experts and cyber criminals with hurrahs and sighs drawn from each of the sides. Given below is a list of methods that are employed by cyber criminals to gain access into secured systems:
Phishing: Here, emails are sent to customers tricking them into revealing sensitive information. A typical example is the ‘lottery win emails from Nigeria,’ wherein bank details are sought from customers to receive the ‘jackpot money.’
Spam: Unsolicited mails containing malware or links to fraud websites, which mimic the designs of familiar websites are sent to customers. These emails trick customers into using these fraud links to share information.
Denial of Service: Also known as Distributed Denial of Service or DDOS, it includes sending a barrage of multiple service requests from a number of IP addresses to a site, preferably a financial one, causing it to crash.
Hacking: Any of the methods like phishing, malware, spyware, worms, identify theft, spam etc is employed to exploit the vulnerability of a system in order to gain entry and steal information. The theft of credit card information from banking servers can be one such example.