While the discussion ranged from existing threats to governance issues and regulatory aspects, experts on the panel — in agreement with each other — noted that the state of preparedness was poor amongst companies across sectors.
WHAT SURVEY SAYS
* According to a recent survey by PwC, 44 per cent of cyber security breaches took place because of insiders, and 90 per cent of them did not show any prior inclination to do so
* The survey said 52 per cent of all employees pose a risk to cyber security
* Last week, Pune-based Cosmos Bank was hit by a cyber attack wherein a malware, installed in the bank’s main server, enabled around Rs 940 million to be stolen from customers' accounts
According to a recent survey by PwC, 44 per cent of cyber security breaches took place because of insiders, and 90 per cent of them did not show any prior inclination to do so. Additionally, the survey said 52 per cent of all employees pose a risk to cyber security.
This requires company managements, across industries, to develop strong cyber security policies and governance mechanisms to deal with the repercussions of a data breach.
“Organisations need to develop strategies with a lot more rigour,” he said.
Further, S Ganesh Kumar, executive director of the Reserve Bank of India (RBI), said: “The ‘i’ in security is ‘innovation’; we need to ensure that our systems are resilient.”
While the RBI has mandated that all commercial banks (and rural banks) as well as non-banking financial companies develop cyber security policies at their individual Board level as well as set up cyber security teams, the same has not been extended to cooperative banks.
Last week, Pune-based Cosmos Bank was hit by a cyber attack wherein a malware, installed in the bank’s main server, enabled around Rs940 million to be stolen from customers’ accounts.
The panel discussion then shifted to the use of Artificial Intelligence (AI) tools to assess whether there are vulnerabilities in the banking system, and how the same could be used to detect threats.
Sanjay Bahl, Director General of the Computer Emergency Response Team (CERT-in), the country’s nodal agency for cyber security issues, said that today, “we live in a VUCA world (volatility, uncertainty, complexity and ambiguity), and attackers know much more because they know the exact loopholes. Our cyber defence is manual and threats are managed independently, which is a disaster.”
IBM, for example, has developed and is working on real-time threat detection and cyber behavior technology to ensure that companies move from merely detecting cyber threats to protecting themselves, and improving their response time for handling cyber crimes.
“The whole concept is about orchestration and automation of security. It is not about detection; it is about how soon we can detect,” said Rakesh Kharwal, country leader and Business Unit Executive at IBM Security, IBM India/South Asia.
Similarly, other developers like Symantec and McAfee as well as Delhi-based companies like Lucideus Technologies, are looking for AI-based solutions for firms to effectively detect cyber attacks, while ensuring customer and institutional data is protected.
Mukesh Malik, Chief Operating Officer at Aditya Birla Capital, pointed out the need for more investment and encouragement by the government and industry, towards education and skills training.
“We need to focus on developing courses with engineering background for increasing talent management,” he said.