India’s BFSI sector is under increased threat and has become the most targeted industry by cyber criminals. According to a report by CloudSEK, India has emerged as Asia’s new hotspot for cyberattacks.
This uptick in cyberthreats in India, can be attributed to the rising trend of digitisation and widespread adoption of online banking systems, which grew exponentially amid the pandemic. Inevitably, digital has become the most preferred mode of payment; offering convenience over cash. In March 2021,
the volume of digital payments done through UPI doubled and by November 2022, they reached over 7.3 billion, as per data unveiled by the National Payments Corporation of India (NPCI) Back in 2020, the number of cyber security incidents faced by India almost tripled in a single year to reach 11.5 lakhs. Since then, the number of such incidents has been steadily on the rise. This points to the need of urgent interventions with a long-term cybersecurity vision with a strong understanding of the nature of the threats.
Growing number of targets, evolving modus operandi
The recent cyberattacks on the BFSI sector shows that the modus operandi deployed by the hackers is both diverse and evolving. The latest in the line is one of India’s biggest public sector banks whose financial data of credit card holders surfaced on a dark web marketplace. In 2021, an IPO-bound fintech uniform came under the scanner when, allegedly, the KYC documents of millions of its users, including credit card data, popped up on a dark web portal. It was reported that the hacker had created a search engine using the leaked data enabling retrieval of KYC details of an individual using a single entry such as a phone number. The same year, a payment gateway start-up was also hacked with reports suggesting that the personal data of 10 crore cardholders was breached. Data of one of India’s largest trading platforms was also breached, with as much as 25 lakh customers’ data compromised, according to reports. The list is indeed long, featuring some of the biggest unicorns as well as established BFSI payers in the industry.
These cyberattacks all involve data breaches, which is one of the two major types of cyberattacks targeting the BFSI sector.
A reliable security toolkit
Other than data breaches, the other most lingering risk for the BFSI sector was digital banking threats. This impacts banking services, payments systems, digital and wallets, leaving customers vulnerable to theft. Credit-card based threats are also growing and made up for 15 per cent of the reported attacks.
There is also an evolving trend in the modus operandi of these actors. One of them is Malware-as-a-Service (MaaS), an unfortunate parallel for Software-as-a-Service, which lets anyone with little to no technical knowledge of hacking launch a malware attack on an individual or entity. Malware is by far the most preferred medium of cyberattacks which is usually delivered to a target through phishing, and most often through spear-phishing.
The sector is also particularly vulnerable to Distributed Denial of Service (DDoS) attacks where a network of compromised computers is deployed to create an overwhelming number of false requests to the bank’s or platform’s systems, disrupting their operations and leaving them paralysed to respond to legitimate consumer requests. Sometimes, bots are also employed during DDoS attacks. Some of the other major threats emanate from ransomware, phishing, trojans, botnet, etc. Hackers can also exploit any system vulnerabilities or use stolen credentials to access corporate servers to deploy malware. Such diverse deployment of malicious tools requires an equally dynamic response at multiple levels.
A robust security strategy
To combat the menace of cyberattacks there needs to be an end-to-end security framework that takes into account the present vulnerabilities in the system, including the lack of adequate cybersecurity standards or the lack of technological literacy or cyber hygiene among public. There should also be self-regulating mechanisms within the BFSI sector to set common minimum cybersecurity standards for the sector. However, the most critical of all measures would have to be adopted by the service providers to ensure the integrity of their systems. Capacity should be built by recruiting talent or working with security partners to monitor and improvise end-to-end systems on a proactive and regular basis rather than on a reactive basis.
All stakeholders including clients and employees must be made aware of the risks and consequences involved in a cyberattack. A cybersecure culture must be cultivated and incentivised at workplaces while training existing employees to sense and report vulnerabilities in the system.
Finally, we need targeted interventions in the form of customised security tools to address the most rampant problems such as data breaches. Solutions such as web application and API protection (WAAP) must be deployed to protect sensitive data that traditional security systems cannot effectively protect. This could keep malicious bots, DDoS attacks, and many other threats at bay.
In conclusion, the dynamic nature of threats in the cyberspace demands that the BFSI sector is compelled to stay one step ahead in the game. Continuous investment will be required in security tools, recruitment, and training not only to bolster the security architecture but also to ensure sustainable long-term growth of the sector. Ultimately, this will go a long way in ensuring that the bug stops here.
— The author, Arjun Kallawar, is Head of Solutions Engineering -India, Edgio. The views expressed are personal.
(Edited by : C H Unnikrishnan)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
I.N.D.I.A. bloc committed to predictable and stable tax environment: Jairam Ramesh
May 21, 2024 6:33 PM
Exclusive | INDIA bloc will ensure stable policy framework, simple GST, end tax terrorism: Jairam Ramesh
May 21, 2024 5:02 PM
Cong leaders 'failed' to protect party's constitution says FM Nirmala Sitharaman in Bihar
May 21, 2024 4:01 PM
Who will succeed Modi? Oppn thinks Amit Shah will, but PM said this
May 21, 2024 2:38 PM