Fortifying India's financial future: Cybersecurity imperatives for banks in digital age
India is one of the fastest growing economies in the world today and has a vision to be a $5 trillion economy in the next three years. A significant percentage of this growth will come from the digital economy, which is developing at a fast pace. This can be seen from the fact that the digital economy's contribution to the overall economy was 3.5% in 2014 and went up to 10% in 2023, and is expected to reach 20% of India's GDP by 2026. If India hopes to achieve its vision, the banking sector must play a critical role in ensuring the appropriate financial infrastructure and security of every digital transaction.
But this is easier said than done. As digital transactions increase, so does the attack surface area. The RBI has constantly alerted banks on the possibility of increased cyberattacks, with the central regulator advising banks to monitor their core systems constantly. For the record, RBI's annual report for FY 2024 has highlighted that the number of fraud cases reported for the year has increased by a massive 300% compared to FY 2022. The same report says that digital fraud has exploded and increased by 708%.
Current threats faced by banks
Banks hold vast amounts of money and sensitive financial information, so they are a natural high value target for hackers. The gains can be huge for cyber criminals by exploiting even small vulnerabilities. Hackers have used a variety of methods to penetrate the defences of banks. For example, in the well-reported attack on Cosmos Co-operative Bank, hackers managed to siphon off over ₹90 crore by using a malware-based approach to compromise the bank's ATM switch server that approves debit card transaction requests.
Hackers commonly deploy phishing to lure bank customers to divulge personal information. This is usually done using a cleverly designed SMS message or an email message that directs users to a web page that looks very similar to the original (such as the income tax application). Phishing attacks have increased substantially in India due to its huge success rate.
Ransomware attacks have also gone up substantially. The RBI said last year that India's financial sector faced more than 13 lakh cyberattacks between January and October. The central regulator has also highlighted that as remote working practices have increased, the risks have increased. There is a greater probability of insecure devices accessing the network as employees use personal laptops or mobile devices.
The role of identity security in helping banks address risks
In an age where attacks are increasing rapidly, banks can use identity security as their first line of defence. Our research indicates that close to 80% of security breaches occur due to compromised privileged credentials. This is where identity security can prove to be an effective solution. With identity security, organisations can recognise which user is accessing specific applications or networks, and understand what they are doing. Banks can enforce certain security policies and processes according to compliance requirements. Identity security also helps banks implement granular access controls, which ensures that only authorised users have permission to access the systems they require to perform their roles at a given time.
Identity security solutions can also help monitor user activities and identify any deviations that can indicate a problem. For example, identity security solutions can also help flag a huge number of login attempts from an unknown location or a time inconsistent with a user's past behavioural patterns. This is extremely vital in an era where users can access systems from anywhere on the cloud, on-premises or in hybrid systems.
Having a security strategy focused on identity also helps organisations address some of the issues that have been responsible for the biggest data breaches till date this includes password reuse, identity fraud, privileged account abuse, orphaned accounts or credential thefts. By adopting an identity security-focused approach, organisations can implement policies and controls based on the work and risk profiles of their users, applications, networks or devices.
What CISOs of banks need to consider
In an evolving threat landscape, CISOs of banks need to be proactive and alert in defending their organisations against emerging threats. They must understand that the traditional perimeter-based security model is no longer relevant. CISOs must take active steps to adopt a zero-trust model and assume that every device, network or application is a potential threat. Implementing a zero-trust approach requires robust identity security and access management processes and the enforcement of least privilege principles. As privileged accounts are key targets for hackers, CISOs must consider implementing Privileged Access Management to reduce the risk of data breaches.
To effectively deal with cybersecurity incidents, it is also imperative for CISOs to enhance their incident response processes. This must include solutions that help in effective remediation and prevention of threats to minimise further damage. In case of a cyber disruption, this must be backed up by an effective business continuity or disaster recovery process.
CISOs can also use unified threat intelligence platforms that draw insights from various security tools to present a centralised view of the threat landscape. Today, CISOs can also leverage AI-powered security platforms to detect any anomalies and predict and prevent potential threats.
Most importantly, CISOs must adopt and encourage a security-first culture in a digital-first world beyond implementing the latest security tools. Security must be part of every process. This is because information security is not just dependent on technology. Culture also plays a major role; hence, every individual must think of themselves as an ambassador of information security and must be information security-aware.
In conclusion, while the benefits of adopting digital pathways are huge, they must be balanced with security controls just as a fast car can only have the confidence to go fast if it has the right braking systems. If India aspires to be a $5 trillion economy, the banking ecosystem must take the required steps to ensure the security of its digital infrastructure.
Rohan Vaidya
Rohan Vaidya is the regional director of sales, India at CyberArk.
Next Article