-By Ishwari Chavan
The banking sector has always been victim of cyberattacks, and with COVID-19, it has become more vulnerable. Cyberattacks against banks and financial institutions across the globe increased to 238% between February 2020 and April 2020, according to VMware Carbon Black.
According to the Indian Computer Emergency Response Team (CERT-In), over 2.9 lakh cyberattacks related to digital banking were reported in 2020. A total number of 1,59,761; 2,46,514 and 2,90,445 cyber security incidents related to digital banking were reported during 2018, 2019 and 2020 respectively. These incidents included phishing attacks, network scanning and probing, viruses and website hacking.
| Year |
Number of cyber security incidents |
| 2018 |
1,59,761 |
| 2019 |
2,46,514 |
| 2020 |
2,90,445 |
Source: Indian Computer Emergency Response Team
“The kind of security threats that we see whether it is a remote mirroring of applications, localization of your data stores in your mobile, hijacking of your sessions, social engineering attacks, all of those are very easy things to do. You don’t need real hackers to do that, smart people can do this too. That’s what has happened in the banking sector where we’ve seen a lot of increase in fraud, whether it’s on the UPI side or the traditional payment side,” said Ramesh Lakshminarayan, chief information officer at HDFC Bank.
According to Heeral Sharma, senior cyber security advisor at McAfee, three challenges must be tackled to ensure cyber safety. First is the challenge of internal IT security, second is digitization of applications and of critical data such as payments and personally identifiable information (PII), and third are cloud native threats.
What are the risks?
More and more individuals are now accessing their bank accounts through banks’ mobile apps. Many of these apps, and even customers, tend to have minimal or no security, such as users keeping easy passwords or banks keeping minimum password checks for transactions.
“The cloud threats in the BFSI segment increased by 571%, which is huge. The reason is simple, the network boundaries are no longer defined. It’s all borderless. So the attackers have found out new ways to get in and penetrate at times even by using legitimate credentials.” said Sharma.
Cyber security infrastructure as a whole needs an upgrade. Banks need to rightfully utilise their cyber security budget to help advance their technology and detect all kinds of risks.
As banks have upgraded their cyber security, attackers have turned to shared banking systems and third-party networks to gain access. In case, these are not as protected, there is more risk for cyberattacks.
Even for cryptocurrency, hacks have become more advanced as the segment is still unsure on how to implement cyber security.
What should banks do?
Banks should prioritise investing in cybersecurity and build a resilient infrastructure, to address current cyber security threats and prepare for challenges in the future.
“When we talk about digital we talk about investments. Our investments will also go into the cybersecurity segment as we move towards digitization. There should not be any compromise as far as the data securities and the Data Protection Service securities are concerned,” said Upma Goel, chief financial officer at Ujjivan Small Finance Bank.
Sharma stressed on how data protection requires a completely different approach so that banks are aware on what’s happening in the cloud. “Data protection, threat protection and network security model all built in together will provide a better approach and also take care of the complexity in the multi state and collaborative environment,” she said.
“If you look at the entire security landscape, right from an employee experience to the customer experience to our own, huge disruptions are happening in the area,” Lakshminarayan said. Banks are required to reimagine some of their own technology and adapt to a three-year or four-year journey, he added.
The article is based on the panel discussion on: Fireside Chat on Bankers Chariot, Riding on Tech that took place at ETBFSI CXO conclave
