Tag: cyberattacks

Axis Bank’s Thapar, BFSI News, ET BFSI

Banking & Finance

[ad_1]

Read More/Less


Misconfiguration is one of the key risks to cyber attacks, said Rajesh Thapar, the chief information security officer of Axis Bank. Banks may bring in the best tool or technology but if it isn’t configured right, you are opening doors to cyber risks, he added.

Banks are facing an unprecedented surge in cyber attacks, and the nature of these attacks are constantly evolving the complex theft landscape.

While ransomware attacks, Denial of Service (DOS) attacks, phishing are common, with more digitalisation, the nature of such attacks is changing.

“Cyber risk is now becoming a business risk. Earlier cyber risk was a cyber risk from infrastructure perspective but today, with all the digitalisation happening, cyber risks are more becoming a business risk as it can impact a customer’s confidentiality which can lead to customer distrust. It can impact regulations, the company can be non compliant to some of the legislations and get penalties for it “, added Thapar.

Balancing customer experience alongwith security in an organisation is necessary yet complicated. Now, there is a huge pool of data, which needs to be protected and this data is the first target for hackers.

Manish Sinha, director sales engineering, India and SAARC at McAfee Enterprise, said “The risk is not just hackers attacking these data threads, the threat is them selling it away to third parties, which is more harmful to the organisation in all ways. Data leakage is a serious concern. To battle it what’s required is a unified approach for data protection in a holistic manner across the banking platforms.”

Misconfiguration a key risk to cyber attacks: Axis Bank's Thapar

Cyber attackers and hackers are being very sophisticated now in their attacks. The average dwell time of these hackers in the network, before being discovered, is increasing. More the dwell time, greater the damage, making time a very critical factor of the extent of cyber attacks.

“Security operation models are evolving. The identification and prevention of cyber threats and attacks were in a periodic cycle of assessments but now it will be in a continuous cycle of assessments. Attacks are happening all the time so organisations will need to carry out the continuous assessment model to beat cyber threats and attacks”, said Thapar.

Talking about the future model to control cyber attacks, Sinha said that the bigger challenge for the next generation cyber security teams is to prioritise the threats after identifying it. “This should come from alot of AI based engines or algorithms, which are running, and also from global threat intelligence, which can relate to the threat actors from the banking space globally, and finally look out to the regional advisories,” he said.



[ad_2]

CLICK HERE TO APPLY

Leave a comment , , , , , ,

Rapid digitisation of banks invites cyber risks as well. What are the risks, and what should banks do?, BFSI News, ET BFSI

Banking & Finance

[ad_1]

Read More/Less


-By Ishwari Chavan

The banking sector has always been victim of cyberattacks, and with COVID-19, it has become more vulnerable. Cyberattacks against banks and financial institutions across the globe increased to 238% between February 2020 and April 2020, according to VMware Carbon Black.

According to the Indian Computer Emergency Response Team (CERT-In), over 2.9 lakh cyberattacks related to digital banking were reported in 2020. A total number of 1,59,761; 2,46,514 and 2,90,445 cyber security incidents related to digital banking were reported during 2018, 2019 and 2020 respectively. These incidents included phishing attacks, network scanning and probing, viruses and website hacking.

Year Number of cyber security incidents
2018 1,59,761
2019 2,46,514
2020 2,90,445

Source: Indian Computer Emergency Response Team

“The kind of security threats that we see whether it is a remote mirroring of applications, localization of your data stores in your mobile, hijacking of your sessions, social engineering attacks, all of those are very easy things to do. You don’t need real hackers to do that, smart people can do this too. That’s what has happened in the banking sector where we’ve seen a lot of increase in fraud, whether it’s on the UPI side or the traditional payment side,” said Ramesh Lakshminarayan, chief information officer at HDFC Bank.

According to Heeral Sharma, senior cyber security advisor at McAfee, three challenges must be tackled to ensure cyber safety. First is the challenge of internal IT security, second is digitization of applications and of critical data such as payments and personally identifiable information (PII), and third are cloud native threats.

What are the risks?

More and more individuals are now accessing their bank accounts through banks’ mobile apps. Many of these apps, and even customers, tend to have minimal or no security, such as users keeping easy passwords or banks keeping minimum password checks for transactions.

“The cloud threats in the BFSI segment increased by 571%, which is huge. The reason is simple, the network boundaries are no longer defined. It’s all borderless. So the attackers have found out new ways to get in and penetrate at times even by using legitimate credentials.” said Sharma.

Cyber security infrastructure as a whole needs an upgrade. Banks need to rightfully utilise their cyber security budget to help advance their technology and detect all kinds of risks.

As banks have upgraded their cyber security, attackers have turned to shared banking systems and third-party networks to gain access. In case, these are not as protected, there is more risk for cyberattacks.

Even for cryptocurrency, hacks have become more advanced as the segment is still unsure on how to implement cyber security.

What should banks do?

Banks should prioritise investing in cybersecurity and build a resilient infrastructure, to address current cyber security threats and prepare for challenges in the future.

“When we talk about digital we talk about investments. Our investments will also go into the cybersecurity segment as we move towards digitization. There should not be any compromise as far as the data securities and the Data Protection Service securities are concerned,” said Upma Goel, chief financial officer at Ujjivan Small Finance Bank.

Sharma stressed on how data protection requires a completely different approach so that banks are aware on what’s happening in the cloud. “Data protection, threat protection and network security model all built in together will provide a better approach and also take care of the complexity in the multi state and collaborative environment,” she said.

“If you look at the entire security landscape, right from an employee experience to the customer experience to our own, huge disruptions are happening in the area,” Lakshminarayan said. Banks are required to reimagine some of their own technology and adapt to a three-year or four-year journey, he added.

The article is based on the panel discussion on: Fireside Chat on Bankers Chariot, Riding on Tech that took place at ETBFSI CXO conclave



[ad_2]

CLICK HERE TO APPLY

Leave a comment , , , , , , , , ,

India’s financial sector banks on IDRBT for security, BFSI News, ET BFSI

Banking & Finance

[ad_1]

Read More/Less


With emerging technologies changing the way we bank, cyber security has emerged as a key area of concern. Prof D Janakiram, director of Hyderabad-based Institute for Development and Research in Banking Technology (IDRBT) this year, speaks to Swati Rathor about the threats facing our banking systems and the work IDRBT is doing to beef up their security.

How can banks strengthen security infrastructure?

Banks have to be ahead of the hacker so, we are trying to create a change in the mindset of people managing these entities. For instance, many banks are innovating on AI/ML products by getting data from social media, where it is easy to manipulate data that leads to models being fed with wrong data. Hence, the whole system can be compromised. So, data integrity as well as security becomes a very critical part of the AI/ML system and that is an active research we are pursuing. The second thing we are trying to look at is how to reduce the impact of cyberattacks. For instance, if the digital transactions are on mobile platforms, one can use geo-fencing to reduce the chances of such attacks. Apart from this, cyber drills that we conduct regularly help banks spot vulnerabilities in their systems. We also have a threat intelligence platform that gathers information across banks and multiple sources and shares it with banks.

Which technologies will impact the financial inclusion mandate in future?

Technologies like 5G are likely to provide many opportunities as they will boost the number of internet users. When you add somebody to the financial system, that person would expect more facilities such as access to credit. Now, if you want to make credit accessible, one of the key things is the profile of the person, which means we collect data. Here the usage of the AI/ML models to be able to provide both, risk models as well as prediction models, will become necessary.

What new research areas is IDRBT focusing on?

We are focusing on next-generation digital financial infrastructure. The pandemic has made it imperative that we should have a next-generation video KYC platform. Currently there are many pain points for customers as every bank and financial services entity is trying to do its own video KYC. So, we are looking at a new platform, where, if the customer does a video KYC once, it will be available for other entities to verify. We would like to make this platform a part of the India Stack so that there is a quality enhancement in terms of the digital identity platforms.

But what about new age skills in the banking sector?

IDRBT is focusing on creating a cyber security skilled workforce because it is an extremely critical need. Besides, in the financial sector, skills pertaining to AI/ML and Cloud are also very important and we are working on that along with skilling on the 5G front.



[ad_2]

CLICK HERE TO APPLY

Leave a comment , , , , , , , , ,