By Amit Ghodekar
After the cyber-attack on Cosmos Bank & Many co-operative Banks in India, cybersecurity in the country has been questioned once again in many Banking, Non-Banking Finance (NBFCs) and other financial services providers. In fact, these kinds of cyber attacks are not new in the western world, and most of the major government and private institutions in the developed country are always in the list of cybercriminals, and these institutions have faced a very modern kind of major attack. Actually, those institutes which provide any kind of financial services are at the forefront of this cyber-attack. That’s why companies that provide bank or non-banking finance (NBFC) are the main targets for these hackers. Whether it is a malware attack in Iran’s Atomic Dispute Department or loot in Bangladeshi Bank or Cosmos Bank, it looks like happened in some Hollywood movies, and then someone will question whether it is really possible? And really, are cybercriminals so intelligent? The answer is yes.
Expert cyber thief (hackers) has been mobilizing large-scale crimes in big financial institutions and other large organisations. These crimes are executed well planned, all hackers from different countries come together and attack one organisation at the same time from various places in the world and share the benefits of the spoils. Bank of Bangladesh or Cosmos Bank have been attacked in a similar way. In such a case, where Loot and attacks are made from multiple countries, it is difficult to reach the perpetrator and the original culprits, besides there is no guarantee that the amount will be recovered.
We feel that such attacks have increased in our country, which is not new for the developed countries, hence, there are various attack refund technology and solutions available. Cybercriminals majorly aim at countries like Bangladesh or India, where cyber security is still at a nascent stage.
Then it is natural for anyone to ask, what measures are needed to deal with such modern cyber attacks? In fact, we also have a large number of government courts and many regulatory agencies who work hard on cyber security. Like other western countries, we also have an independent body called CERTin (Computer Emergency Team of India) to provide information on sophisticated attacks and measures. At the same time, the Reserve Bank of India has also introduced a separate cybersecurity framework for financial institutions like Bank and Non-Banking Finance (NBFC).
The Reserve Bank of India has introduced a separate division named RBEIT for research and development in cybersecurity and information technology. The cybersecurity framework of the Reserve Bank has asked for a number of provisions for cybersecurity. In this, modern equipments and technologies, as well as small cubes for cybersecurity, are also included. Cyber Security is not just a concern for the Department of Information and Technology, but it is a part of boardroom discussions.
Most of our organisation, financial institutions like big banks and Nonbanking Finance (NBFC) are now strictly adhering to the rules and suggestions, in order to organisations that provide financial services to us are safe but their scope should be increased in a big way then only we can reach the next stage in cybersecurity.
Nowadays, we have innovative technologies available in cyber security that can be used to get rid of such sophisticated attacks. Malware like viruses have been present in our computer system for many years but cannot be detected by any antivirus, are also known as an advanced persistent threat (APT). We have to use technology like ANTIAPT to detect the malware.
Likewise, different technologies are available for server security. All the controllers have asked to pay a lot of attention to the fact, all financial services organisation should monitor and keep a watch on their computer systems by using modern technologies. If we identify any objectionable activity then quick relevant remediation needs to be released.
Honeypot or Deception technology has also been widely used in western countries for many years. This technology is considered to be the most advanced and most useful technology in the world. In this technology replica of a very important computer system has been created, then replica has been replaced with real main system. When hackers try to penetrate into the replica system, assuming them as real computer system, they are easily trapped by the Department of Information Technology. Similar modern technology solutions are available that can be used to prevent cyber-attacking like attacks in Cosmos Bank. The unlimited use of the Internet, a large number of increased Smartphone users and emerging technology has exposed the systems and its providers to the cyber bursts and small ignorance in cybersecurity can cause big financial losses. After a cyber attack on Cosmos Bank, Cyber Security is seeking a new approach.
The author of the article is the Chief Information Security Officer (CISO) at Motilal Oswal Financial Services.