October 30, 2019

Cybercrime and the rise of self-service kiosks

By Bernard Parsons

In today’s always-on world, citizens inevitably place high demands on their providers to offer them a fast seamless, personalised and often self-managed service. This means organisations need to offer simple, efficient and fast ways to meet their customers’ needs in-order to keep themselves competitive and to avoid the ‘switchiness’ of consumers. As a result, interactive self-service kiosks are rising in popularity because they provide organisations with a means of providing a high-level service, which is easy to use for the customer, in an automated, cost efficient, self-serve way.

Kiosks provide many benefits to organisations as they allow them to meet many customer expectations. For example, as kiosks are self-service they enhance customer satisfaction by instantly allowing them to access information, whilst being able to offer services as and when customers want them.

Interactive kiosks can be utilised for many purposes such as travel tickets, banking, fast food, self-service checkout and patient check-in, and are placed in a variety of different environments, from hospitals and airports to libraries.

In simple terms, kiosks are computing platforms where the user interface needs to be limited to serve a specific purpose. No matter what the purpose of the kiosk is, the fact of the matter is that it only has the ability to carry out simple tasks such as ordering food and printing off a receipt, or booking a patient in for an appointment. Even if the kiosk has a full operating system, the customer will only have visibility of the actual application. This issue means that the software for the kiosk must be easy to deploy while also providing an effective experience for the customer.

Cybersecurity and self-service kiosks

That said, for all these benefits kiosk platforms need to not only be easy to use and manage, but increasingly they must also be secure. As we see cyberattacks escalating and as adversaries seek out new methods of attack, kiosks with their increasing software footprint and interconnectivity are becoming more of an attractive platform for cyber adversaries. However, whilst organisations are increasingly aware of the need to appropriately protect and manage conventional IT systems, kiosk environments can erroneously be seen as not requiring similar controls.

So, why is this?

Maintaining the security of kiosk platforms requires appropriate scheduling of patch management. If you adopt an Android platform, Google regularly announces the vulnerabilities they have patched. This means the device manufacturers have to try and create patches for the vulnerabilities that have been announced publicly to the cybercriminals.

Adversaries know there is a window of opportunity they can exploit because the software author has told them about it. That time delay can be even worse in kiosk ecosystems, where there may be a diverse geographic spread of devices.

Maintaining any fully featured general purpose operating system with corresponding defence tools installed can be both costly and complex, and therefore is often not adequately undertaken. One of the reasons the WannaCry ransomware attack ended up being so widespread is that there were computing terminals throughout the NHS running old variants of the Windows operating system. Unpatched or unsupported versions are susceptible, so it can end up being a false economy to attempt to run legacy systems for too long.

Decision makers should choose a provider that has extensive experience in delivering kiosk-mode platforms. This should include the use of sophisticated management platforms that simplifies deployment, through-life management and configuration at every stage, helping to ensure that kiosks meet high-assurance security standards.

As kiosks become more widespread globally they are enabling customers to take control of their user experience, so there is a need to ensure that security is maintained as data is shared via the kiosk.

The benefits of kiosks are evident, they allow organisations to meet the constantly rising demands and expectations of their customers, whilst also providing the customer with an instant, simple, efficient way to access the information and service that they want and demand. But at the same time this data and information is appealing to hackers and cybercriminals and therefore it is just as important that the kiosk is kept secure.

Read more: “It’s not just about physical products”: How brands can make the most of retail technology

Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,