Today, customers are demanding immediacy, personalisation and seamless services from their providers. Our desire for instant gratification means that those servicing the public need to provide easy, fast, smooth and continuous ways to meet customer expectations. This is where interactive kiosks can really help organisations to deliver a high level of service in an easy to use, automated way.
In recent years, kiosks have fast gained popularity. They enhance customer satisfaction as they operate in self-service mode, and they provide crucial information or services to customers as and when they need it. Think about how you utilise such services, at a railway station to buy tickets, in a fast food outlet to order food or in other ways as you go about your daily business. Today, kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries, railway stations – you name it – providing customer access to information, products, websites, tools, or applications.
For those less familiar, an interactive kiosk is a computer terminal featuring specialised hardware and software that provides access to information and applications for communication, commerce, entertainment, or education. Integration of technology allows kiosks to perform a wide range of functions. For example, kiosks may enable users to order from a shop’s catalogue when items are not in stock, check out a library book, look up information about products, issue a hotel key card, or enter a public utility bill account number in order to perform an online transaction.
A task orientated computing platform
Put simply, kiosks are computing platforms where the user interface needs to be limited to serve a specific purpose. Whether it is a citizen-facing platform in a government building or a device in a train station, the common theme is that the user is constrained to undertake very specific tasks with that device i.e. buy a train ticket. The device itself might have a full-blown operating system but all the user can see is the app and what they need to do. Therefore, it is very important for Kiosk software platforms to be very easy to deploy and they must provide a very intuitive user experience. It is very much about the interaction the user is undertaking and little beyond that. This means the software must be optimised for user interaction in that context.
What that means is that security is often a secondary consideration. Many kiosk software providers pay lip service to security, while they focus primarily on ease of use and ease of management.
However, today we are seeing cyber-attacks escalating and becoming an everyday occurrence. Adversaries seek out new methods of attack and new threat vectors. This has resulted in kiosks becoming more of a target and an attractive platform for cyber adversaries to attack.
Most kiosk software platforms just provide a management layer to configure an endpoint device in that kiosk. By comparison, a traditional endpoint device such as a laptop, is more likely to have a greater set of defence tools deployed, actively managing and monitoring the device, regularly patching and updating it. This is not the same where kiosk platforms are concerned.
So why is this?
Often, the business can’t justify having a full-blown operating system and sophisticated defence tools on that platform, especially if they have a large number of kiosks deployed out in the field. They are normally in highly remote or widely geographically dispersed locations. This means there are significant costs involved to go out and fix them.
Likewise, organisations don’t always have the local IT resource in many of these locations to maintain the equipment and its security. If there is a patch management process in place it might not always be timely. For example, if you adopt an Android platform, Google regularly announces the vulnerabilities they have patched. This means the device manufacturers have to try and create patches for the vulnerabilities that have been announced publicly to the cybercriminals. Adversaries know there is a window of opportunity they can exploit because the software author has told them about it. That time delay can be even worse in Kiosk ecosystems, where there may be a diverse geographic spread of devices.
Or the kiosk might simply be old. One of the reasons the WannaCry ransomware attack ended up being so widespread, is that there were old computing terminals throughout the NHS, running old operating systems. Any unpatched version of Windows is susceptible, so it can end up being a false economy by attempting to run these legacy systems for too long.
Technology spread requires rethinking security
As we continue to exploit and expect technology in every far-flung corner of the world, we need to increasingly think about how we protect these devices in a more robust way. Thinking of a kiosk as just a terminal that wouldn’t be of interest to a hacker is precisely why they are so attractive to attacks, because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe.
With a heritage of creating UK National Cyber Security Centre (NCSC) certified products, Becrypt is a trusted provider of endpoint cybersecurity software solutions. Becrypt helps the most security conscious organisations to protect their customer, employee and intellectual property data. It has an established global client base which includes governments (central and defence), wider public sector, critical national infrastructure organisations and SMEs.
As one of the early pioneers in disk encryption software to today being first to market with a unique desktop operating system, Becrypt continues to bring innovation to endpoint cyber security technology. A recognised cyber security supplier to governments around the world, Becrypt’s software also meets other internationally accredited security standards. Through its extensive domain and technical expertise, Becrypt helps organisations optimise the use of new cyber security technologies and its flagship security solution Paradox delivers a highly secure platform for the modern age.