The internet has evolved rapidly over the last decade, which has resulted in a significant change in the way organizations function today. Rajesh Thapar, the Chief Information Security Officer (CISO) at Axis Bank, attributes an organization’s success to its ability to enable digital transformation through innovation. AndAxis Bank has relied on Microsofttoachieve secure digital transformation.
Axis Bank is the third largest private sector bank in India, servicing large and mid-size companies, besides regular customers. With a market cap of USD 33.07 billion, the bank has over eight international centres beside India, making it essential to protect and safeguard sensitive financial data.
Ten years ago, a typical cyber agenda was only to protect the perimeter. Now, detection and response have become more crucial because breaches can happen any time and perimeters have disappeared. This has led to a dramatic change in the threat landscape.
“Earlier, security professionals largely knew the threats they were facing, which guided an organization’s security strategy. But with digital transformation journeys involving entities across the boundaries of enterprise, newer threats keep evolving. Now organizations deal with potential attack vectors all the time and one of the key objectives to protect is by minimising the risk ‘unknown unknowns,” says Thapar.
Banks align with the National Institute of Standards and Technology (NIST) cybersecurity framework. The first pillar of this framework is getting acquainted with your infrastructure and identifying risks and recognizing the regulatory mandates within which an organization must function.After identification, organizations must work to eliminate these risks with finite budgets, resources, and time. Strategizing and prioritizing become very important at this stage.
“At Axis Bank, we decided to implement different frameworks to counter threats. We used a mix of administrative, processes, and tools-based controls to safeguard our IT infrastructure,” says Thapar.
One of the oldest threat actors, which still exists, is malware. Second would be DDOS attacks, not just in the banking sector, but across every industry globally. The third actor that has evolved over the years is the supply chain risk. If an organization’s partner gets impacted, there are chances they may be impacted as well. Another emerging risk is around data-based attacks. Data protection, security, and privacy have become very important because it can be compromised by ransomware or data exfiltration attack or data privacy breach.
“Microsoft has helped us in our endeavour to protect us from many of these emerging threats. We use Azure and utilize Microsoft Office 365 for our email security. Mail-based phishing and spamming attacks are the most potent threat actors deployed against employees. Microsoft helps us counter those threats effectively. “
Before the pandemic, banks were hesitant to let their employees work from home. “We could quickly adjust to the new normal because Microsoft’s solutions, along with other solutions, helped us stay ahead of the curve. We could capitalize on these tools like Azure, Office 365, and Azure Sentinel with ease and extend remote working for employees. Microsoft also helped us strengthen identity management.”
Security is not one person’s job. It is everyone’s responsibility, and a top-down approach helps significantly. “Increasing awareness about security with the company’s board is also very important. The translation of technical jargon to business language helps, so that leaders can understand the importance of risk and guide in decision making,” adds Thapar. As part of cybersecurity culture, it is necessary to make stakeholders understand their responsibility and seek their contribution in strengthening enterprise cybersecurity.