BFSI VISION | Cyber Security


Agnelo D’souza
CISO, Kotak Mahindra Bank Ltd

Cyber laws in India not capable enough handle to Hi-tech crimes

Given our ability in the information security sphere, why is Cyber Security a problem
There are a few reasons why Cyber security has become such a huge problem. A couple of years ago the hackers were not as focused about what they wanted, so they would compromise a system, try to find what was valuable, and get out. Now there is more focus by hackers on targeted intrusions with specific Objectives.

Cyber Security threats have now become much more organized. An entire ecosystem has been established around the industrialization of cyber threats. It’s almost become a service offering and as the real and perceived value of cyber targets increases, we’re seeing a corresponding increase in the investment being made in new and innovative cyber threats.

The cyber security landscape is fundamentally altered by the introduction of the integrated, social, mobile, analytics, cloud (SMAC) stack, where knowledge workers access volumes of sensitive data from anywhere and at any time. If this increasing use of virtualization, mobility and social media is not managed efficiently, the security risk profile of a company may be increased significantly, resulting in a negative impact to information assets and ultimately the bottom-line.

The traditional security solutions are signature based and incapable of detecting the complex attacks. We need to get away from relying on identifying signatures of malicious traffic and move towards more of a behavior or intelligence-based approach. More importantly cyber security needs to be integrated into the Risk Management Framework of the organisation.

Cyber Security governance issues in BFSI space
Cyber security governance is currently focused heavily around compliance. Instead the focus now should be on organisational readiness to identify and deal with a breach. For large organisations, incidents are inevitable. What separates the leaders from the followers is how well the organisation as a whole can respond to the incident. Dealing with attacks from Advanced Persistent Threats (APT) requires inputs and governance from across the organisation. This is even more so in the BFSI space that is directly targeted by such threats. Once an organisation is able to realistically and accurately gauge its preparedness that is the time it has reached a level of governance maturity.

Cyber protection is only as good as the weakest link. What is the weakest link in India?
The weakest link in India is the capability and resources of law enforcement to handle hi-tech crime. Cyber-criminals from Eastern Europe to West Africa are taking advantage of the inability to be held accountable. This is manifesting in a rapidly growing number of cyber security issues in India. The second most telling problem is the lack of awareness of the seriousness of organised cybercrime. A cyber criminal today can cause huge damage, with virtually no fear of being caught. This is a very pressing national issue.