TECHNOLOGY AND INNOVATION



        surveyed agree with the statement.”
           This year has been particularly challenging for IT leaders, with Gartner saying “it is
        proving to be one of the noisiest years on record for CIOs” with security being just one
        of the challenges on their radar. CISOs, meanwhile, are finding their ability to make a
        meaningful impact challenged when they are not consulted in business decisions. Gartner
        points out that CISOs’ roles need to shift from technologists who prevent breaches to
        corporate strategists managing an organisation’s cyber risks.
           It is unfortunate that South African leaders also remain slow to respond to the growing
        cyber threat, with many waiting for an actual breach before they look at investing in the
        processes and architecture required to defend themselves. Cyber resilience is all about
        being able to function even if you’re breached. It must encompass both business and IT risk   Wessel Matthee
        management and it must come from the top and permeate across the entire organisation,   security to all levels of an organisation
        from business process mapping to engineering service availability, to critical vendor   is undoubtedly required to adequately
        dependency.                                                               protect a modern organisation. But
           Communication lies at the heart of the disconnect between CEO and CISO.  cyber resilience depends on leaders
           Regular incident simulations are the best way to stress test your systems, but will   understanding the challenge, co-creating
        also allow you to isolate any gaps in your processes. This is all essentially about effective   the solution with trusted partners, and
        communication and will not only improve how you communicate within teams, but will   supporting the teams that are managing
        empower the CISO to properly inform their CEO, going a long way to bridging any gap that   it. The only way this can be achieved is
        may exist.                                                                through an orchestrated approach that
           Achieving true resilience is not just about throwing tech at a problem. Adding layers of   has the CEO and CISO in lockstep.


        IS TAPPING MY CARD REALLY SAFE?





            mart solutions that offer accessible and easy digital transactions are increasingly
            becoming essential to consumer stickiness and engagement. However, as these
       Ssolutions evolve, so must the security surrounding them to ensure that both retailer
        and consumer are protected. This is particularly relevant with software Point-of-Sale (POS)
        platforms which are gaining traction in the payments space.
           “Security within this space covers multiple touchpoints, from the card to the app and   is unable to physically prove that they
        the device being used,” says Kieron Ekron, CTO at Halo Dot. “This ranges from consumer-  have the card in front of them, second-
        led security which covers secure passwords and PIN numbers and practicing good security   factor mechanisms like Verified by Visa
        hygiene, to recognising phishing scams; to business-led security that ensures every aspect   and Mastercard SecureCode are used to
        of a payments solution is secure, aligned with regulatory expectations, and compliant with   verify that the person performing the
        industry standards.”                                                      transaction is the cardholder. However,
           From PCI compliance to encryption, to PIN management and beyond, what makes a   these can add friction to customer
        good payment platform is how many of its touchpoints are secured and how rigorously   interactions and payments which can limit
        these are enforced across both the consumer and the retailer. Payment solutions need to   stickiness and engagement.
        tick multiple boxes before they’re launched into the market and retailers must ensure that   Leveraging modern SoftPOS solutions,
        the promises of robust security are kept by the solution before they implement it. Good   retailers can enhance their payments
        security practices are essential to provide both the retailer and consumer with peace of   profile without compromising on security
        mind throughout.                                                          and consumer enjoyment. These solutions
           “The litmus test of a trusted and secure payments partner is how closely they work   allow for users to tap, go and pay within
        with partners to test their applications and how methodical they’ve been in embedding   a secure environment that fosters trust
        security,” says Ekron. “There is no such thing as rapid deployment in the payment’s world   on both sides. Halo Dot has invested
        – every step must be methodical, tested, calculated and deliberate. If even one party in the   extensively into security parameters and
        payments chain, from consumer to retailer to bank and back, drops the ball then it weakens   protocols that ensure every person and
        the entire process. In this sector, the old adage ‘you’re only as strong as your weakest link’ is   company within the transaction chain is
        absolutely true.”                                                         secured and protected, putting trust and
           Fraud is a very real problem, not just in South Africa, but globally. Contactless payments   security at the heart of every engagement.
        can be misused, which is why most banks impose a maximum payment limit as they can
        prevent fraudsters from cloning and using credit or debit cards after a certain period and   For more information, go to:
        minimise the financial damage to the consumer. For online payments, where the cardholder   https://www.halodot.io/


                                                 EngineerIT | November 2022 | 37