As leading financial institutions have adopted state-of-the-art cyber security
solutions over the past few years, many banks and financiers lag in terms of implementation of security protocols and tools, as well as in their understanding of cyber threats.
An expert panel of professionals discussed at the annual FIBAC conference
if the country’s institutions are prepared against cyber threats, given the rapid pace at which business activities such as lending are moving to digital platforms.
FIBAC is an annual banking and financial services conference organised by FICCI, the Boston Consulting Group, and the Indian Banks’ Association.
While the discussion ranged from existing threats to governance issues and regulatory aspects, experts on the panel — in agreement with each other — noted that the state of preparedness was poor amongst companies across sectors.
The banking and financial services industry has taken the lead, both globally and domestically, in improving its data security. Therefore, the lack of seriousness with respect to cyber threats is only restricted to a few institutions.
Vikas Varma, executive director of Mastercard India, noted that as the country’s financial system is taking a leap towards digital platforms, the risk of breaches also increases. Therefore, “cyber-readiness is an ever-evolving business”, he said.
WHAT SURVEY SAYS
* According to a recent survey by PwC, 44 per cent of cyber security
breaches took place because of insiders, and 90 per cent of them did not show any prior inclination to do so
* The survey said 52 per cent of all employees pose a risk to cyber security
* Last week, Pune-based Cosmos Bank was hit by a cyber attack wherein a malware, installed in the bank’s main server, enabled around Rs 940 million to be stolen from customers' accounts
According to a recent survey by PwC, 44 per cent of cyber security
breaches took place because of insiders, and 90 per cent of them did not show any prior inclination to do so. Additionally, the survey said 52 per cent of all employees pose a risk to cyber security.
This requires company managements, across industries, to develop strong cyber security
policies and governance mechanisms to deal with the repercussions of a data breach.
“Organisations need to develop strategies with a lot more rigour,” he said.
Further, S Ganesh Kumar, executive director of the Reserve Bank of India (RBI), said: “The ‘i’ in security is ‘innovation’; we need to ensure that our systems are resilient.”
While the RBI has mandated that all commercial banks (and rural banks) as well as non-banking financial companies develop cyber security
policies at their individual Board level as well as set up cyber security
teams, the same has not been extended to cooperative banks.
Last week, Pune-based Cosmos Bank was hit by a cyber attack wherein a malware, installed in the bank’s main server, enabled around Rs940 million to be stolen from customers’ accounts.
The panel discussion then shifted to the use of Artificial Intelligence (AI) tools to assess whether there are vulnerabilities in the banking system, and how the same could be used to detect threats.
Sanjay Bahl, Director General of the Computer Emergency Response Team
(CERT-in), the country’s nodal agency for cyber security
issues, said that today, “we live in a VUCA world (volatility, uncertainty, complexity and ambiguity), and attackers know much more because they know the exact loopholes. Our cyber defence is manual and threats are managed independently, which is a disaster.”
IBM, for example, has developed and is working on real-time threat detection and cyber behavior technology to ensure that companies move from merely detecting cyber threats to protecting themselves, and improving their response time for handling cyber crimes.
“The whole concept is about orchestration and automation of security. It is not about detection; it is about how soon we can detect,” said Rakesh Kharwal, country leader and Business Unit Executive at IBM Security, IBM India/South Asia.
Similarly, other developers like Symantec and McAfee
as well as Delhi-based companies like Lucideus Technologies, are looking for AI-based solutions for firms to effectively detect cyber attacks, while ensuring customer and institutional data is protected.
Mukesh Malik, Chief Operating Officer at Aditya Birla Capital, pointed out the need for more investment and encouragement by the government and industry, towards education and skills training.
“We need to focus on developing courses with engineering background for increasing talent management,” he said.