BUSINESS AND TECHNOLOGY INSIGHTS

From Cyber Security to Cyber Customer Experience

 
March 22, 2018

With increasing number of devices connected to the Internet of Things (IoT), the threat from artificial intelligence (AI)-related cyber attacks is on the rise. The lowest level of the security chain is the most vulnerable to such attacks. A recent Harvard Business Review article discusses how AI-related security attacks are posing threats to governments, private companies, and industries alike. Security breaches, such as infected user devices on ISP networks sending spam emails and ransom-ware stealing confidential customer data, impact user experience. Denial-of-service attacks have plunged markets and economies into internet black-outs. Hackers are demanding money in exchange for digital keys to unlock hacked and blocked data. And the payment demands are being made not through regular, traceable payment modes, but in hard-to-trace crypto-currency. Given this scenario, security controls must be constantly reviewed and enhanced.  According to HBR, AI will drive the future of cyber security. I concur.

Log into user experience

As customer experience becomes a top priority for companies, it is important to align security and customer experience goals, and deploy effective fraud prevention technologies to safeguard customer data. Customers’ digital experience – especially in user authentication—has not kept pace with giant leaps in security technology. Most user authentication processes are robust enough, but require users to remember multiple passwords. Single sign-on and facial recognition are good interventions, but require additional infrastructure such as enterprise directories and bio-metric validation systems. While security controls reduce risks, they sometimes put additional burden on end-users. Security costs are transferred to customers through solution pricing. The additional overhead on user interfaces sometimes compromises customer experience.

Security checks and controls should be easy to test. Quality engineering (QE) has an important role and QE teams must quickly complete security proof of concepts (PoCs) and pilots without disturbing existing running applications and software. Security test cases must be designed such that they don’t create additional overheads on customer experience, nor disrupt existing, ongoing activities and processes. For instance, encryption tests can be easily done using interceptor tools, without any external dependencies. Also, it is important to keep customers informed of the security status, along with vulnerabilities and their probability. Together, these could be clubbed as the consumer experience, or the CX score.

Personalized CX

Let’s look at two systems that can positively impact CX. First is personalized customer assistance, easily accessible through multiple channels, including telephone, chat, email, web and social media. This omni-channel assistance must be combined with easy access to senior technical resources with 24×7 support availability for critical areas.

Next comes easy-to-use, self-service security help kit. Some customer issues can be resolved or prevented without support staff intervention. As customers become tech-savvy, they can handle many issues themselves, with the help of intelligent knowledge bases and repositories, and personalized application and self-service help kits.

Keeping customers informed about latest malware and viruses also prevents accidental malicious-link-clicks, security incidents, data compromise and fraud. Customer knowledge repositories should be holistic. For example, banking customers require different knowledge assets when compared to customers of an intranet-based ERP system. In the banking domain, security must be checked from multiple aspects such as data sanitization, secure transmission, and storage. They also need to be regularly updated by skilled experts. People are the weakest link of the cyber security chain, and effective training on good security practices, threat identification, and real-life cyber security issues is important. The training must be customized for employees as well as customers.

With effective deployment, cyber-security could well drive customer delight and business success. But it’s not just about deployment of good security practices, strong controls and robust technology. While most security teams are busy focusing on pre-empting security issues, threats and attacks, it’s also imperative to plan for the future and usher in intelligent controls that can thwart tomorrow’s threats.

As organizations prepare for next-gen digital experiences, hackers are also working on complex attack algorithms. To prevent a surprise attack, it’s important to predict the future – faster than the AI bad guys. This proactive approach and mindset could well be the catalyst that enables cyber security to make a positive contribution to cyber customer experience.

Prashant Kar is a security test consultant with TCS' Quality Engineering and Transformation unit, focusing on enhancing customer experience by ensuring security across channels. He has worked in various roles across IT security including pre-sales solutioning, consulting and delivery support. He has 13 years of experience in the IT industry in application development and security testing across domains including banking, retail, insurance and logistics.