The Indian financial sector is rapidly adopting emerging technologies like Artificial Intelligence, IoT, Machine Learning, Deep Learning, Blockchain, Robotics etc and Government continues the promotion of digitalisation as well. With these developments, the Indian financial sector will not be far from becoming a global techno-financial hub by 2022, says Shibu P S, Chief Information Security Officer (CISO), Indian Bank, in an interview with Elets News Network (ENN).
You are planning to provide unsecured loans ‘on the go’. Please tell us about it.
Providing seamless transactional experience to the customers ‘on the go’ is not a new or innovative technology. In the present era of digitalisation, where customers would like to get their banking transactions at their fingertips, banks/FIs can’t resist providing banking services ‘on the go’ by integrating the services and the underneath technology into a mobile form factor. As in case of any technology, providing banking services ‘on the go’ requires a study of not only the technology, but the infrastructure and security of players of the entire ecosystem which surrounds that particular technology.
If one of the parties in the ecosystems is vulnerable, it could be a payment gateway or an API leaks information/data, the whole process will be defeated as well. As the threat landscapes are changing day by day in the present complex environment, evaluation of the security of the entire ecosystem in a meaningful way before introducing any new technology/ new products may, to a larger extent, help the industry to introduce any new technology products in a more secure and sensible manner.
As per reports, data of 1.3 million accounts are available online. What are your views on that? And what steps are you taking to ensure the safety of customers’ data?
As there are multiple sources to leak the confidential information of the customers like card details, the report on the availability of the customer data online must be viewed very seriously. In the present scenario where Government policy supports more digital transactions and the convenience which digital transactions provide to the customers, it has been witnessed a hike in recent years in conducting digital transactions especially using digital wallets and through mobile platforms.
At the same time, many illegal/ illegitimate web sites exist which are trying to explore this opportunity to steal the confidential information of the customers by luring the customers to key in their credentials with a false sense of security. The customers, to a large extent, may not be in a position to assess the security of the web sites, especially in a tight situation where they need to act within a short timeframe. The above situations are exploited by the fraudsters. The data related to the customer card information (whether they are partial or incomplete) which is extracted through unsolicited means will be sold into the dark web which is a virtual world of digital crime. Though uploading the data into the dark web is regular phenomena which action are already taken by the bank, bulk uploading or availability of large data in online adds further concern, especially when it becomes a wide spread news with media importance.
Bank has been availing the services of external experts for monitoring the ‘phishing sites’ which includes ‘dark web crawling’, where the service providers would be able to extract some useful information from the dark web which otherwise is almost impossible. Bank compares the partial data with its database with all possible permutations and combinations and takes an informed decision on blocking of the cards and reissuing the same after proper information is given to the customers. SMSs are also sent to the customers as part of providing continuous education and awareness to the customers on cyber-related crimes.
Digitalisation, a boon or bane for the financial sector? Comment
The term ‘digitalisation’ transformed the whole process how it was carried out till date which is different from the word ‘mechanisation’ which denotes a simple migration of a manual process into a digital form. Digitalisation has given a new dimension for business and the customer as well and it redefined the way of conducting business and transactions. Digitalisation introduced the new ‘anywhere, anytime, any device’ culture and paved the way for a paradigm shift of technology.
The result of digitalisation the process depends on the evaluation of efficiency and security of all the related players surround that particular ecosystem. For example, when bank wants to implement a new technology product, proper consideration to be given to the security of not only the bank technology & infra, but to the infrastructure of the receiving parties, integrators, payment gateways, partners/vendors, APIs, cloud service providers etc.
In other words, a robust assessment of the security of the supply chain is most important when the organisation goes for digitalisation of their products/processes. Also do not ignore the education and awareness level of the users and customers about technology and its related risks which is utmost important for them to use the technology in a safe and secure manner. If designed in a secure way and used in a sensible manner, digitalisation is a big boon for the financial sector.
In the current scenario, where there are so many data breaches, cyber-attacks, etc, how challenging it is to be the CISO?
CISO role has always been challenging. CISO needs to understand not only the technology but the challenging transformation of business and the fast-changing threat environment also. Yes, with many reported data breaches and cyber attacks, the role has become more challenging in recent years. CISOs have a conventional bad reputation of a showstopper to new technology. This might be due to the evolving security challenges involved in implementing an innovative technological product. But CISOs of the present generation should understand how to leverage the technology in a secure and sensible manner to make maximum use out of it As mentioned earlier, the threat landscape and attack vectors are rapidly changing. When a new technology is to be introduced, apart from evaluating the perceived cyber risk, a CISO, on a continuous basis, should be able to assess the sufficiency and relevancy of the protection mechanism which is applied to that. Understanding the global challenges and possessing a bird’s eye view on global best practices may give CISO a reasonable advantage over the new and emerging cyber threat environment. Also ‘following the basic principle’ rule should never be overlooked, even when dealing with the newest and challenging technologies.
In terms of the adoption of technology, where do you see the Indian financial sector by 2022?
As the Indian financial sector rapidly adopts emerging technologies like Artificial Intelligence, IoT, Machine Learning, Deep Learning, Blockchain, Robotics etc and Government continues the promotion of digitalisation as well, Indian financial sector will not be far from becoming a global techno-financial hub by 2022, though the lack of expertise in the cybersecurity area to protect the systems and data from the most modern kind of attacks may continue as a concern.
“ The comments, suggestions, views and thoughts expressed in this article are only the personal views of the presenter and not the views of the organisation which he represents”