
The resilience of our banking infrastructure against cyber-attacks depends on the state of preparedness of not one but all stakeholders.
A few weeks ago, all India could talk about was demonetisation, until hacker group Legion stole PM Modi’s thunder by hacking the email and twitter accounts of Rahul Gandhi, Vijay Mallya and Barkha Dutt. Then the Legion warned us that India’s banking system could be easily hacked (while adding it wouldn’t do it), sending the Indian government scurrying to rope in white hat hackers to up its cybersecurity.
Financially motivated hacking companies such as Suckfly and state actors such as China pose a larger cyber threat to our banking system than hacktivist groups like the Legion
In 2015 alone, the Indian Computer Emergency Response Team (ICERT) reported over 49,000 cyber incidents, including web intrusion, malware propagation, phishing, distributed denial of service (DDOS) attacks, web defacement etc.
This number barely indicates the actual threat level, as companies and individuals are often negligent about security and reluctant to report cyberattacks. Individually, such attacks can’t cause massive damage to the banking system. But, a coordinated approach with multiple attack tactics, which involve breaching and infecting systems with malware for information theft, poses a real threat.
A coordinated approach with multiple attack tactics, which involve breaching and infecting systems with malware for information theft, poses a real threat
The negligent attitude of businesses towards cybersecurity poses a major threat to the banking system. In the cashless economy and digitisation scramble, many companies are enabling digital transactions without proper security measures in place. They’re also reluctant to report cyberattacks, not only in the interest of brand equity, but also because our cybercrime policing measures are not really efficient.
Also, security measures and cyberattack resiliency vary across banks. Larger, well-funded banks are usually connected for real-time monitoring of cyber threats while smaller ones may not have the resources to maintain such systems.
The other weak link is us, the users. Most of us are not aware of the level of threats we face, and so we don’t take adequate measures. The increasing usage of mobile phones for digital transactions poses a major threat. With Google’s relaxed oversight on games and applications, mobiles provide an excellent environment for malware and botnet infections to proliferate. According to ICERT, over four million computer and mobiles were infected with botnet malware by June 2013.
In order to strengthen the country’s cybersecurity, the Indian government in 2013 launched the National Cyber Security Policy with an aim to obtain strategic information on threats to critical information infrastructure (CII) and to enhance its protection and resilience. Since then, there’s been an increase in cybercrime reporting and related arrests.
In June 2016, the RBI issued the Cyber Security Framework for Banks, mandating them to take a proactive approach to strengthen their cybersecurity protocols. According to the framework, it is banks’ responsibility to take an ad-hoc approach to secure their systems, and have a cyber crisis management plan in place.
According to the Cyber Security Framework for Banks, it is banks’ responsibility to take an ad-hoc approach to secure their systems, and have a cyber crisis management plan in place
The resilience of our banking infrastructure against cyberattacks depends on the state of preparedness of not one but all stakeholders.
While the government has a decent cyber security architecture in place, it has failed to implement it sufficiently. The recent Hitachi ATM hacks that compromised over three million debit cards in India, and the Kerala government site breach mark the lag between policymaking and implementation.
The government should enforce strict cyber security guidelines for public banks and hold them accountable, setting an example for other banking stakeholders