Fintechs are proven to be the backbone in the digitalisation growth story. For 2020, one of our focuses would be helping Fintech companies to build secured web and mobile applications and almost negate vulnerabilities before deployment, says Sandeep Kulkarni, Director, Valency Networks, in conversation with Elets News Network (ENN).
Valency Networks have been providing professional cybersecurity services for more than a decade. How different are cyber threats today?
As everyone has witnessed, there has been a lot of evolution and changes in technology and how we used it over the last decade. The adoption of these technologies has almost been forced on all the sectors of the industry due to various business factors. While there was large scale adoption of these technologies but the industry lacked the knowledge and awareness to face the challenges arising out of it. This made a large hole to exploit the industries through technology and persist with the weaknesses in their IT infrastructure. Although some of the weaknesses were known, there were less technological solutions to address the issues. Initially, the threats were high but at the same time, cyber-attacks had human factors associated with its meaning, the success of cyber attack was dependent on the skill of the hacker and the defender. The intention of most of the cyber attacks were personal in nature back then and mostly been carried out at an individual level. The impact of these attacks was not that large.
Over the years, not only the technology has changed but awareness about cyber threats has also increased. However, the rapid adoption of advanced technology has provided broader cyberattack surface. Most of the company information, be it financial balance sheets, cost data, intellectual property, competitive information & personnel information has taken electronic form. Data by definition has become more than just information and has a huge price tag attached to it now and hence, its confidentiality, integrity and availability is paramount. Growth in electronic transactions of any nature provides convenience and speed but attracts stringent controls. The attackers have become more skilled and are now supported by sophisticated tools to carry out large scale attacks simultaneously irrespective of locations. Today cybercrime has taken an organized nature to make large scale impact and sabotage the operations of the organization by thrusting huge losses to financials, property and human lives. Ever since data has become so important, the governments and responsible industry forums have come up with many regulations and standards related to cybersecurity to comply with which the organizations should consider implementing proactively to prevent any disasters in the face of the enlarged footprint of cyber threat vectors.
Cybersecurity services provider needs to upgrade continuously on many technologies, regulations and standards framework for compliances and build own’s capability to counter threats and attacks emanating from advanced cybercrime army and warfare.
What are your cybersecurity services pertaining to the BFSI sector? Tell us about the new technologies deployed in this regard?
BFSI sector is at the forefront of new technology adoption as well as the biggest target of cyber attacks due to involvement and direct transactional dealings financially. Conventional banking of more than a decade old has been transformed in the digital wave. Internet and core banking applications were enablers for such digital transformation in BFSI. The collaborative approach which these technologies are bringing is proving to be beneficial for the BFSI sector.
Fintechs are proven to be the backbone in the digitalization growth story. Mobile banking applications and chatbots have changed customer behaviour completely. Many banks and insurance companies are using big data to study and acquire more customers, trends to remain competitive in the market.
In India, financial institutions are still hesitant to completely move from Capex to Op-ex model by adopting cloud computing. However, many have moved some of their key business operations to SaaS applications and improving further. Hybrid cloud is getting popular in BFSI for the flexibility they get. BFSI sector is particularly an early mover to adopt lot of advanced technologies like Machine Learning, AI, IoT, Blockchain, Robotic Process Automation (RPA), API platforms which is helping BFSI to process a lot of data and create a collaborative environment along with business intelligence, risk management& efficient operations. From a security standpoint advanced biometrics and cryptography is being considered as one of the solutions by financial institutions to avoid the frauds.
Valency Networks have been dealing with the entire breadth of cybersecurity needs of BFSI sector. Being on RBI’s Training Consultant’s Panel, it helps us to understand the exact compliance requirements of regulatory authorities and implement the information security framework in the organization. Valency Networks’ Risk Assessment & Risk Compliance stack of services are particularly useful to address the cybersecurity issues in the BFSI sector. Our technical expertise in performing vulnerability assessment & penetration testing (VAPT) for IT networks, web/cloud applications, core banking applications, ATMs, APIs, mobile applications, cloud infrastructure security. Our implementation experience and knowledge about global information security standards like ISO 27001, PCI-DSS, GDPR adds much-required value to establish appropriate technical & process security controls in line with the regulatory guidelines of RBI/NBFC/IRDAI and sustain information security.
What are your views on cloud deployment in India? Is India’s BFSI sector ready for it?
Cloud computing is definitely beneficial for India’s BFSI sector. It provides quick scalability, efficiency and improved customer experience. With cloud deployment, the organizations can improve their profitability by reducing the capex. The biggest advantage to BFSI sector would be adoption and integration of newer technologies like APIs, AI, ML, IoT, Augmented Reality etc. which would give tremendous advantages in terms of operational efficiency, better customer engagement, reduction in time to market and enhanced governance with audit trails. A few years back, there was a lot of apprehension about cloud infrastructure and security was the prime reason along with regulatory compliance & interoperability of applications. With the availability of the local cloud infrastructure instances in India and the evolution of hybrid cloud model, many organizations are moving their decentralized operations to the cloud. This trend is more prominent in the big organizations but smaller BFSI’s in India are still wary of the adoption of cloud due to low confidence on information security, regulatory compliance and the cost involved for transformation even after knowing the overall advantages. Main issue such organizations facing is that they lack appropriate guidance on how their information security & regulatory compliance is going to be preserved and what is needed to be done for it when they adopt cloud & other advanced technologies.
Almost everyone carries a smartphone today and subjected to several cyber threats. How do you rate Mobile App security?
Mobile application security can’t be looked in isolation to the device security and user awareness &behaviour. These aspects are equally important from data security point of view. From the organization’s perspective, the mobile application design and development should take ‘Design by Security’ approach by making security testing as one of the gate criteria during the entire life cycle of the mobile application. Very less mobile application development companies take this approach to keeping users vulnerable to their data theft directly from the application after deployment. The realization of the threats comes at a very late stage and only after the security incident is identified and reported. This is especially very important for Fintechs as they are the one who are enabling payment transactions, account management, KYC updates, customer relationship management etc. As we have seen, mobile application security still has to go a very long way, especially from the developer community.
What are your plans for 2020 pertaining to the BFSI industry?
BFSI sector and especially banking is struggling to implement & comply with all the cybersecurity requirements in regulatory guidelines. In a process, they are missing out on key must have controls in place. Moreover, frequent upgrades and new technologies are making cybersecurity complicated for them. In such a scenario, it is the responsibility of companies like us to educate the customers and provide appropriate guidance on cybersecurity using our skills. Building trust with customers is as much important. Valency Networks have been participating in many forums to bring awareness across sectors. As for BFSI, we have been on the consultant’s panel for the training of RBI. So far, we were focussed on helping our customers to secure their IT infrastructure and comply with the regulations & standards. During the journey, we have understood that it is not enough and hence we will be embarking on assisting our customers to bring security as an important aspect right from network design to establishing appropriate technical & process control while deploying new technologies. One of our important focus would be on helping Fintech companies to build secured web and mobile applications and almost negate vulnerabilities before deployment.