By Vishal Salvi, Chief Information Security Officer & Head of Cyber Security Practice – Infosys
The past two years have challenging for the Banking, Financial Services, and Insurance (BFSI) sectors due to the cybersecurity challenges that emerged during the lockdown. There has been an acceleration in the number of cyber security incidents related to digital banking were reported in India. Overcoming this challenge is a formidable task given the different stages of cybersecurity maturity that banks have in India.
The digital transformation of banks was put on a fast track following demonetization in 2016. However, unlike digital-native fintech companies, whose work culture is digital-forward, banks are not traditionally digital-first because they are burdened with legacy infrastructure, thus their digital journeys were slow. Covid 19 changed all of that.
Banks had to upgrade their existing infrastructure or build new ones to ensure that the needs of their customers and employees in the ‘new normal’ were met. They had to ensure they could support the increase in the volume of digital transactions without compromising on security. They also had to enable their employees who were now working remotely to work efficiently and without interruption. In other words, they had to undergo a fresh wave of digital transformation to survive the new environment.
Cybersecurity challenges in a highly digitised, remote environment
To meet market demands, banks are now digitising all their data, processes, and remote servers. Digital technologies such as Machine Learning (ML) and Artificial Intelligence (AI) that help banks access this data and process and analyse it in real-time are becoming pervasive. However, increased digitisation also means more cybersecurity challenges which are getting more and more amplified over time.
Due to the pandemic, the number of digital transactions has increased phenomenally, and banks must ensure these are secured so that customers continue to place their trust in the system. On the other hand, with BFSIs adopting a hybrid work model, they also need to prioritise connectivity and security at the employees’ end for uninterrupted work. As UPI transactions increase, the infrastructure needs to be upgraded, scaled and made more secure.
Building a secure environment for customers and employees of the BFSI sector
Banks and financial organisations will have to prioritize cybersecurity to address the challenges that we just discussed. Banks must build an agile, resilient cyber defence infrastructure that can map up to the speed of digital transformation.
To sustain and attract customers, they need to focus on scaling up their infrastructure to meet new demands and deliver experiences that help gain customer trust. Banks have to collect relevant customer data and analyse it to understand their needs and context. Protecting this customer data becomes critical to their business and reputation. They should deliver services that provide a high-value proposition in terms of experience and convenience without compromising security.
For employees, banks have to provide flexibility without negotiating security requirements. Protocols and policies around access management will have to be redefined to include the vulnerabilities of working from homes. Video conferencing services have seen a phenomenal rise during lockdowns; these need to be secured. Automation of patch management and other security features can help alleviate risks.
From a broader perspective, banks will have to build out a security roadmap, identify industry best practices, pre-emptively address potential risks by plugging security gaps and investing in core cybersecurity domains. Continuous assessment of cybersecurity maturity levels and threat assessment is a must. While core cybersecurity-related activities such as strategy, planning, or policy-making can be best done in-house, banks must consider working with partners to execute cybersecurity at scale with access to cutting-edge technology and talent. They can then shift their undivided focus to fulfilling their core business goals.
Ultimately, cybersecurity must be made part of the organisational culture by raising awareness about it through training modules on threats and best practices for all stakeholders in the ecosystem. Alongside employees, banks must also educate customers and clients alike to identify and thwart phishing and social engineering attacks. The only way to keep an organisation secure is by securing its weakest link.
The BFSI sector must build a culture of cybersecurity and practice it continuously at all levels, across all verticals, covering all touchpoints to safeguard the customers from frauds and protect the enterprise from cyberattacks.