The BFSI sector stands as the lifeblood of any economy. It holds the keys to our financial well being, making it a prime target for cybercriminals. 2023 witnessed a fascinating interplay between evolving threats and innovative countermeasures, shaping the cybersecurity landscape of the BFSI sector in profound ways.
The Rising Tide of Cyber Risks
Historically quick to adopt technological innovations, the BFSI sector faced new challenges as it swiftly transitioned to remote work and embraced cloud technologies. These changes expanded access points, introducing complexities to traditional security structures. According to CERT-In data, India’s financial sector encountered over 13 lakh cyber-attacks between January and October 2023, averaging around 4,400 attacks daily. The evolution of cyber threats has been rapid, shifting from basic distributed denial of service (DDoS) attacks to more sophisticated ransomware incidents. State-sponsored cyberattacks and the integration of artificial intelligence in cybercrimes have heightened the risks, potentially causing disruptions across the financial landscape.
2023 Security Incidents Managed by CERT-In,
• Phishing: 711 incidents
• Unauthorised Network Scanning/Probing: 4,39,431 incidents
• Vulnerable Services: 7,18,548 incidents
• Virus/Malicious code: 1,44,950 incidents
• Website Defacements: 9,820 incidents
• Website Intrusion Malware Propagation: 967 incidents
• Others: 5,679 incidents
Cybersecurity Trends and Vulnerabilities
Vulnerable services accounted for 54% of all attacks, providing entry into intranets and potentially allowing malware to traverse secured networks. Unauthorised network scanning, comprising 33% of attacks, poses a significant threat, while virus code transmission follows closely with 11% of attacks. The shift to remote work and digital services has increased internet exposures, necessitating a reevaluation of security structures.
Regulatory Measures for Cybersecurity in 2023
August 24, 2023-
Modification in cyber security and cyber resilience framework of Stock Exchanges, Clearing Corporations and Depositories.
August 29, 2023-
Guidelines for Market Infrastructure Institutions (MIIs) regarding cyber security and cyber resilience.
November 07, 2023-
Master Direction on Information Technology (IT) Governance, Risk, Controls and Assurance Practices.
Approach to Innovation in Cybersecurity
AI and Machine Learning (ML): BFSI institutions turned to AI-powered tools, employing anomaly detection and threat intelligence platforms to predict and preempt cyberattacks in real-time. The integration of AI marked a significant leap in the sector’s ability to proactively identify and respond to emerging threats.
Zero Trust Security:
Departing from traditional perimeter-based defenses, BFSI organizations adopted a “zero trust” architecture. This approach granted access based on the principle of least privilege and continuous verification, enhancing overall security posture.
Cybersecurity Mesh Architecture:
Recognizing the distributed nature of the threat landscape, banks embraced cybersecurity mesh architectures. These frameworks facilitated secure communication and data sharing across the BFSI ecosystem, ensuring a robust defense against cyber threats.
Also Read | Safeguarding the Future – Addressing emerging threats and the growing importance of cybersecurity in BFSI
The Human Factor
Security Awareness Training:
Mitigating human error became a focal point as BFSI entities prioritized equipping employees with knowledge of phishing scams, social engineering tactics and best practices for password hygiene. Employee awareness emerged as a critical component of the overall cybersecurity strategy.
Red Teaming and Penetration Testing:
Simulating real-world attack scenarios through red teaming and penetration testing helped identify vulnerabilities and weaknesses in security posture. This proactive approach enabled BFSI organizations to address potential issues before malicious actors could exploit them.
Cybersecurity Culture:
Fostering a culture of security awareness within organizations emerged as a key differentiator. When every member of the BFSI sector prioritizes cybersecurity, the collective defense against cyber threats becomes stronger.
The Art of Cybersecurity Decision-Making
A critical component of cybersecurity is making well-informed decisions. BFSI organizations are increasingly recognizing the need to adopt comprehensive solutions for assessing and managing their cyber risk posture. Solutions like Cyber Risk Posture Management (CRPM) are gaining prominence, providing a holistic view of an organization’s cybersecurity strengths and weaknesses.
Conclusion
As the BFSI sector embraces digital transformation, the need for robust cybersecurity measures has never been more critical. The evolving threat landscape requires continuous adaptation and the proactive regulatory measures introduced in 2023 signify a collective effort to secure financial systems. In the face of increasing cyber risks, collaboration between financial institutions, regulatory bodies and cybersecurity experts becomes paramount for building a resilient and secure financial ecosystem
Views expressed by Swarnali Singha, Co- founder & CBO, Zeron
Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/