Cybersecurity in BFSI
With growing internet penetration and the need for financial inclusion, banks and financial services institutions (BFSI) have been embracing digital transformation in a big way. Going digital comes with its own benefits. It helps these organizations reduce their operational cost and improve their bottom lines. It also helps eliminate the possibility of human errors. Above all, it offers greater convenience for customers, helping these financial institutions attract and retain them. While going digital does offer all these benefits, it comes with risks too– the risk of cyberattacks and consequent data breaches. The truth is, as the world continues to moves towards digitization at an accelerated pace, the measures to keep that digital world secure have not caught up.
Seshadri PS, Senior Director - Governance, Risk and Compliance, Office of the CISO
Financial firms deal with a wealth of personal and financial data. For this same reason, they are more prone to cyberattacks. And while customers have adopted digital banking and online transactions in a big way, findings from the recently published 2020 Unisys Security Index™ reflect that concerns around bankcard fraud are very high in India. According to the survey conducted by Unisys, 82% respondents are concerned about bankcard fraud and online banking. The survey also revealed that 69% of these respondents are still willing to share personal data on their buying habits with their banks to alert them of unusual purchases or possible credit card theft. Of those unwilling to share this data, 48% cited concerns around security of data shared as the main reason for their unwillingness. This is nothing short of a call to action to the BFSI sector, prompting action at two levels. First, secure their digital ecosystem and two, assure customers about the safety of online transactions and the data that they are willing to share, so there are no data security concerns lingering in their minds. By doing so, the BFSI sector can build on the momentum that digital transactions have now garnered, owing to the pandemic and general concerns around personal visits to any service provider’s outlets.
How Can the Digital Ecosystem be Secured?
With the increased usage of internet, connected devices and other such platforms, banks and financial institutions are exposed at multiple levels and the risk of cyberattacks is greater than before. In such a situation, the first step for any organization is to understand their risk exposure and prioritize technology investments accordingly. To facilitate these conversations with the senior leadership and the board, CIOs/CISOs need to be able to translate highly technical cyber risks into the language of business. Quantifying the likelihood and impact of these risks in objective financial terms is essential to gaining the executive buy-in they need to invest in data security and prioritize investments based on the probability and impact of potential risk.
When security is the ask, physical perimeters become meaningless in the interconnected world. The attack surface of every organization, including those in the BFSI sector is growing. Traditional security measures are unable to match pace with the sophisticated cyberattacks of today. This situation leaves the businesses open to attackers who aim to steal data, disrupt operations, and gain control of the IT infrastructure. Banks and other financial institutions need to establish a software defined perimeter that creates a Zero Trust environment. By utilizing the power of micro-segmentation, encryption, and dynamic isolation, these attacks, including the sponsored and sophisticated ones can be stopped in their tracks. However, should the attacker still manage to get inside, these methods can contain the breach within a given software defined perimeter.
This is possible since approaches like micro-segmentation allow companies to isolate workloads from one another and secure them individually, by creating secure zones in data centers and cloud deployments. This helps is making the network security more granular. Micro-segmentation also helps in enabling role-based access to employees, customers, partners/vendors so a breach attributed to any of these stakeholders does not lead to a full-fledged data theft with exfiltration of sensitive data. The above technologies when clubbed with network monitoring as well as AI deliver superior protection from cyberattacks.
Biometrics is yet another option where the individuals themselves and their physical attributes like face, fingerprints, iris, voice and more become their passwords. Biometrics is gaining relevance since these attributes are relatively difficult to forge and when used in combination with each other, they help establish a stronger digital identity.
What Next for BFSI Sector?
The truth is we are on the path of digitization and even after the pandemic ends, the world will continue its journey towards digitization with increased vigor. The need of the hour for the BFSI sector is to invest in information security and take advantage of increasingly effective technology solutions like biometrics, credential management, restricted access, network monitoring, and rapid isolation of intruders to secure their digital platforms. While some institutions have invested in biometrics at some level, they can further invest in data analytics and artificial intelligence to strengthen their security infrastructure. The BFSI sector is highly regulated in nature and sooner than later, measures like these to secure customer data are expected to be a part of the regulatory framework itself.
Gone are the days when cybersecurity could just be a tick box to check in the company’s IT investments portfolio. It is now one of the areas demanding immediate and sustained attention and action, for financial institutions to be able to serve their customers and win their trust. After all, consumers will always prefer an organization that manages to keep their data secure!