BFSI VISION | Cyber Security


Dr. Sriharsha A Achar
Chief People Officer & CISO, Apollo
Munich Health Insurance

Striving to be transparent about security practices
  • What are we protecting – data or information? How can we move to the information plane?
    At Apollo Munich, we work hard to ensure that the data we hold is kept secure, and that we collect only as much personal data as is required to make our customer experience with Apollo Munich as efficient and satisfying as possible.

    We strive to be transparent about our security infrastructure and practices and reach out to our customers consistently to reassure them that their data is sufficiently protected with us.

    Unlike the more common latency prediction techniques being used today, at Apollo Munich we have adopted a structural approach and predict end-to-end path performance by composing the performance of measured segments of our network. This method allows us to accurately and efficiently predict latency, bandwidth, capacity and loss rates between our infrastructure nodes.

    We demonstrate the feasibility and utility of the Information Plane service by applying it to several representative overlay services in use today. In each case, usage of the Information Plane’s predictions leads to improved overlay performance and enhanced customer experience with Apollo Munich.

  • Given our ability in the information security sphere, why is Cyber Security such a problem?
    The large-scale cyber security breaches make the headlines, and recent concerns about the Heartbleed bug, POODLE, SSLV3 Vulnerability are obvious examples.

    Yet businesses of every size are grappling with how to secure their networks, devices and data

    A company such as ours is more vulnerable than a company in the domain of manufacturing, distribution or retail, as we have large IT infrastructure into which the data of millions of customer’s flows.

    There are two different angles from which to look at cyber security. One would be to consider it as a problem or as an enabler to enhance controls for information security and customer data protection.

    The biggest challenge is that people read and try to adopt what is learnt from the Information Security Mailers but they will not implement these while accessing certain websites over the Internet. They will click on a link in social media websites they’d never click on in an email as the context is different on social media but the after-effects are the same.

    Organizations are held for Cyber Security breaches but unfortunately what is not known is that the actual root cause of Cyber Security breach is the user himself. We need to relook at Organization’s wide Information Security programs, which provides a framework for ensuring that risks are understood and that effective controls are selected and implemented.

  • What is your assessment of the cyber security governance issues in BFSI space?
    To remain competitive in the techno-savvy space, the BFSI industry is ensuring easy access and transaction process for end-users – as a result the associated security threats and challenges are mounting.

    Today a proactive approach towards security of physical assets, intellectual property, data, regulation, compliance and risk management is essential to ensuring customer confidence and relationship maintenance. Hence, the demand for Cyber Security Governance, policy and reliable business continuity measures are gaining importance to ensure streamlined operability of business processes and effective customer relationship management.

    In order to maintain Cyber Security Governance issues in the BFSI sector there should be a comprehensive Information Security Governance Framework, holistic approach in mitigating risks, Enhanced Information Security Awareness Programs for employees and senior management, dedicated Information Security Budget and last but not the least, full management support in implementing Security Governance Framework in an Organization.

  • Cyber protection is only as good as the weakest link. What is the weakest link in India?
    There are multiple factors that contribute as the weakest links in India towards cyber protection. Topping the list is the employee cadre or users not only in India, but across the globe as well.

    According to the latest findings on control system security, the number of entities with identified or suspected security breaches has increased from 28 percent to nearly 40 percent. Only nine percent can say with surety that they haven’t been breached. Esteemed establishments need to understand that compliance does not equal to security. It is vital to put in place multiple security counter measures to ensure the information asset is truly protected. With the increase of sophisticated attack vectors, employees need to be made more cyber savvy or tech savvy so that they can understand the after effects of the attack vectors and after effect of practicing the same.

  • The recent spate of cyber attacks are showing a worrying trend – we seem to be moving from simple phishing to more sophisticated attacks – how can we protect our banks?
    The banking sector completely relies on the little older forms of Information Security controls. They need to understand that today the attack vectors are changing and they are independent of the technologies implemented.

    The crux of the solution lies in implementing cutting edge technology, which can understand the latest attack vectors and are independent of the platforms. There are new threats such as APT, Sandboxed Malwares, new variants of signature-less Trojans and viruses that are raising concerns in the banking and insurance sector.

    We also need to enhance the penetration of the Information Security Awareness programs within the employee community, by looking at the more advanced SSO and Authentication methods, enhancing protection at source for customer data, converting sensitive data to hashed values etc.

  • We have seen a profusion of devices and passwords. How can we ensure customers establish their identity easily across the devices?
    Identity is a universal fact that is unique to each and every individual. We need to consider implementing Single Sign On capabilities across devices with multiple authentication methods.

    These methods could be retina scans, finger print detection, voice recognition etc. All these authentication measures are unique to individuals and these can help customers to establish their identity across the devices. Scientists are also developing digital capsules that could act as individual authentication means and can establish identity easily across devices if swallowed.