The power of Zero is perhaps best understood by the Banking Financial Services and Insurance (BFSI) industry. With the advent of COVID-19, however, it took on a whole new meaning i.e., Zero Touch!
Compelled by evolving technology landscape and customer preferences and fuelled by the Digital India mission, the BFSI sector was already on track for digital transformation. Not only did the pandemic accelerate this shift but it also brought in key inflection points:
· Remote work for the long haul
· Businesses prioritising comebacks while battling the economic downturn
· The need for driving unique competitive advantage against new-age players
· Keeping up with new regulations and compliance
· Increased digital transactions
An unprecedented pace of digital transformation that requires fast decision-making and even faster deployment of new technologies. This also translates to faster cloud adoption to support the increase in digital transactions, thereby leading to complexity in the IT infrastructure.
While all this leads to significant changes and development in the BFSI sector, there is one implication that can’t be ignored – the increased risk of cyber threats. In 2020 alone, over 2.9 lakh cybersecurity incidents related to digital banking were reported, and this number is only set to rise. From anti-fraud bypass, ATM malware, cloning of digital identities and malware contagion to Advanced Persistent Threats (APTs), and social engineering i.e., phishing and employee related threats – the threat is far from over.
Also Read: NBFCs the new Innovators of BFSI Industry
The BFSI industry has been planning for potentially devastating cyberattacks and working towards building secure systems. However, issues such as complex data management, limitations associated with legacy systems, third-party vulnerabilities, dearth of skilled professionals, changing compliance landscape and a scattered network make it a Sisyphean task.
As an industry that deals with sensitive data, BFSI companies have a huge responsibility towards their customers to safeguard the same.
Banks must therefore kill the trust in their systems to gain and retain the trust of their customers. To do so they must move away from perimeter-based security and the philosophy of “defense in depth” in silos.
It’s time they adopt a radically different approach to security. In simple terms, accept the Power of Zero Trust!
A phrase coined by Forrester, the Zero Trust approach to cybersecurity abolishes the idea of a trusted network inside the corporate perimeter. It assumes that you can no longer trust anything that is within the extended infrastructure – no users, apps or devices.
A Zero Trust architecture helps address not only the rapidly changing security demands of the past decade but also the specific security demands that came to light as a result of the COVID-19. This includes:
• Mitigating common security vulnerabilities through learned trust
• Offering identity management suitable for complicated IT ecosystems
• Providing conditional access
• Enabling the shift away from passwords
A Zero Trust security model assumes that the network can be compromised at any time, by anything. This means dissociating security from the intricacy of the IT infrastructure and addressing definite user/application/server vulnerability. As an alternative to firewalls, network protocols and IoT gateways, organisations should consider data assets and applications and then determine which user roles require access to those assets.
Building on the existing policies for user access and identity management, organisations can then deploy micro-segmentation – the first and the right step towards the Zero Trust journey. Micro-segmentation creates the smallest possible Zero Trust zones, based on a least-privilege network model and aligns with principles of Zero Trust. It helps stop lateral movement and hence protects the network from APTs and data breaches, safeguards legacy assets and simplifies compliance.
A famous adage goes, “Your security is as strong as your weakest link.” Traditional reactive security measures based on perimeter protection and intrusion detection are no longer effective against sophisticated breaches. These antiquated measures are in fact opportunities for attackers. It is now time to consider cybersecurity as a business challenge as opposed to an IT challenge. It is time for BFSI companies to adopt Zero Trust and systematically equip themselves to enable proactive security against known and emerging cyber threats, while focusing on innovation and improved customer experiences.
Views expressed in the article are the personal opinion of Raja Ukil, SVP, Enterprise Business, ColorTokens Inc.