The BFSI sector is one of the most aggressive sectors in terms of adoption of emerging technologies, and is often the leader or the pioneer in helping other sectors evaluate the impact of technologies. From AI to Blockchain to RPA, the BFSI sector has shown the way for other sectors to emulate. The BFSI sector’s inclination to go on a digital overdrive has also caused it to become an attractive target for hackers, who value the huge amount of information held on customers. According to the data from RBI’s trend and progress of banking in India report, frauds related to credit cards, debit cards and internet banking increased from 58.61 crore in FY 19-20 to 63.40 crore in FY 20-21.
What can be done?
As firms in the BFSI sector hold a significant percentage of customer data, they have to be extremely vigilant for securing themselves and their end customers. Banks can follow the RBI guidelines related to the cyber security framework, while the insurance sector can follow guidelines issued by IRDA. All guidelines are meant to put in place a strong cybersecurity framework to ensure adequate cyber-security preparedness among participants in the BFSI sector, on a continuous basis.
While these are undoubtedly some of the best practices, we would like to recommend some basic processes to strengthen your cybersecurity posture.
Appoint an independent external auditor to understand key gaps in cybersecurity: A cybersecurity audit can help in undertaking a comprehensive analysis of your IT infrastructure, and help in understanding the weak links, key vulnerabilities and processes that can leave your organisation vulnerable to external or internal threats.
Secure remote access controls: With a majority of users now working from remote locations, every potential remote device can act as a security threat. Enterprises can secure access by providing access through VPNs or through virtual desktops. Enterprises can also add one more layer of security by using multi-factor authentication techniques.
Keep patching and updating: The enterprise security policy must be designed to ensure that employees constantly keep on patching their software updates. This is critical as even a single unpatched device can give a hacker an opportunity to gain access to corporate enterprise networks. BFSI organisations can address the problem of patch management by using remote cloud-based automated patch management solutions or MDM solutions to push updates to remote devices.
Leverage DR as a Service: DR is mandatory for organisations in the BFSI sector, from compliance and prevention of loss of data. From a cost and scalability perspective, Disaster Recovery as a Service (DRaaS), is a great option, as it helps BFSI organisations reduce their probability of data loss, while helping them quickly recover from any disaster.
Adopting the latest tools and technologies: By using solutions such as an intrusion prevention system (IPS) or a next generation firewall, and by using data from threat intelligence networks, BFSI firms can be better placed to improve their security processes.
Ensure awareness and enforcement of security policies: Employees are the weakest security link, and hence organisations must keep on making employees aware of the latest security hacks and phishing attacks. It is also equally important to enforce processes that ensure that employees keep on updating their passwords on a regular basis.
Leverage the expertise and experience of MSSPs: Managed Security Service Providers (MSSPs) typically have access to thousands of customer networks and invest significantly in creating the best infrastructure and hiring of the best skilled resources. MSSPs can also create test environments for testing out if the infrastructure can handle global attacks. If BFSI enterprises were to do this on their own, the investment in manpower and infrastructure can be prohibitive in nature. MSSPs can also be best equipped to identify the root cause of attacks and try to predict and prevent future attacks. MSSPs can also evaluate and implement new security models to account for policy changes with respect to employees working from home. Through automated tools, MSSPs can also give visibility of assets and their security gaps, especially when accessed remotely. Solutions suggested by MSSPs can be used for improving an organisation’s security posture. MSSPs also can help organisations in keeping their data compliant in tune with industry regulations.
The BFSI sector is one of the most critical sectors and any adverse impact on the sector can create a crippling effect on the rest of the sectors, and the economy. In view of the increasing number of cyberattacks, firms in this sector have to be extremely vigilant and try to improve their security posture by adopting some of the measures as recommended above.
Views expressed in this article are the personal opinion of Murtaza Bhatia -Director, Cyber Security Sales, NTT Ltd. in India