CIOs in BFSI sector are under constant pressure to live up to technology expectations, but with new deployments come new vulnerabilities. With over 130000 reported cases of cyber fraud involving an estimated Rs. 700 Crore faced by banks in India in the last decade, the sector is still far from a concrete framework and in need of a rapid security transformation.
Faster transactions, bigger ATM networks, online banking services and global collaboration in the banking sector through IT has seen services reach out to a never before number of people all around the world. In India today, there have been massive drives to open bank accounts and push to online banking and mobile banking has been on an all-time high. Although IT and digital transformation has enabled banking and financial services organizations to reach out to a large customer base with improved efficiency and a greater umbrella of services, the enhanced experience comes at a cost.
Brick and mortar Bank robberies are quickly becoming a thing of the past, and in today’s heavily digitized sector, the threat comes from the cyber attackers sitting in unknown locations, breaching networks and siphoning money anonymously without leaving a trace or in some cases without even alerting the victim organization. Such is the precision of banking fraud in the cyber landscape that most breaches are not reported or even discovered for a long after they have occurred.
The BFSI sector is vital for a growing economy and more or less is synonymous with the growth trajectory of the country. Frauds and breaches in BFSI organizations have devastating effects and these spread across sectors to the account holders as well as organizations connected with the bank financially. The growing cyber threat landscape in BFSI has been an ongoing headache for security teams in such organizations.
A History of Breach in Indian BFSI
To understand the severity of the threat landscape in Indian BFSI segment, one doesn’t have to go back far in time. One of the most significant breaches in Indian BFSI history occurred in October 2016 when an estimated 3.2 million debit cards were compromised with major Indian banks like SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit. A number of users reported unauthorized use of their cards in locations in China. This resulted in one of the India’s biggest card replacement drive in banking history.
A malware-related security breach was reportedly detected in the non-SBI ATM network, following which the public sector lender blocked around six lakh debit cards. An audit performed by SISA Information Security reports that the breach was due to malware injected into the payment gateway network of Hitachi Payment Systems.
Another major breach occurred at City Union Bank which came under attack after cybercriminals transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. This was followed by the much-publicized Cosmos Cooperative Bank breach where hackers siphoned offa whopping Rs 94.42 Crore from the Pune-headquartered second biggest cooperative bank in India to foreign and domestic bank accounts.
RBI data shows that during 2008-17, banks in India faced 130000 reported cases of cyber fraud involving an estimated Rs. 700 Crore. This is equivalent to just 0.006% of the outstanding deposits of Indian banks. By contrast, a severe cyber attack can result in bank failure even when no money is lost directly. A total of 50 incidents of cyber attacks affecting 19 financial organizations have been reported from 2016 till June, 2017, as per the government.
As examples of major global banks including the Bank of America, Citi, JP Morgan Chase, PNC, USB or Wells Fargo suggest, irrespective of the cyber investment, preparedness and management, cyber breach is a near certainty for banks. Quick breach detection and appropriate corrective actions decide the impact of such incidents on banks. Furthermore, data breaches globally at Equifax, WannaCry and Petya Cyber Attacks and many more have affected the global market, and are proof enough for the current digital vulnerabilities in the world of finance.
It is high time that Indian banks wake up to harsh cyber realities. This is a big challenge for banks, where it is no longer sufficient to protect just data centers and headquarters, rather banks today have to protect ATMs and branch offices in addition to securing incoming data even from affiliated organizations. In spite of the growing awareness to regularly update an organization’s cyber preparedness and defense mechanisms, a large number of BFSI institutions wake up to this reality only post an incident which often leads to a loss of reputation and/or financial misappropriation.
In retrospect, Indian banks do not have much choice concerning a major revamp of cybersecurity. Cyber attacks are global in nature and with better cyber-risk preparedness in OECD countries; hackers are increasingly focusing on vulnerabilities in emerging-market countries. This is like an existential problem for Indian banks.
The Gaps exploited traditionally .The main threats that a bank faces from cyber attacks are namely breach of customer data privacy, loss of reputation, business discontinuity, loss of assets/business information, post-breach information security revamping cost, third-party claims and penal actions from regulators.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE