Security trends and threats in the BFSI space

By: Sudeep Charles, Product Marketing Manager – Asia Pacific & Japan, Akamai Technologies

Our lives are getting digitalized and the day is not far when every aspect of it is just a click away. This is in turn paving way for increased online transactions while also making it easier for the sector to bring newer products to market rapidly. According to Reserve Bank of India the total number of bank accounts in India currently stands at around 58 crore; from this pool, only 2.2 crore bank account holders use mobile banking applications. While mobile banking transactions have jumped from Rs.1,819 crore in 2011/12 to Rs 10,000 crore in 2014/15, there was a corresponding rise in mobile fraud cases. Mobile fraud is estimated to have jumped from less than Rs 10 crore in 2011/12 to around Rs. 70 crore in 2014/15. As online transactions increase, BFSI appears to be a lucrative target for cyber criminals.

For financial institutes, brand reputation/credibility is a crucial factor. Brand damage through cyber-attacks could cause a collapse of the entity as a whole. Often not presented in the news are the attacks against co-operative and regional banks, credit unions, money transmitters, and third-party service providers (such as credit card and payment processors). In this article, we would like to look at some of the challenges and solutions that the financial sector faces along with approaches to mitigate threats.

Few of the factors that are influencing the rise of cyber-attacks are:

  • Ever-changing threat landscape: In India, there has been an increased growth of DDoS attacks. As per Akamai’s Q2 2015 State of the Internet Security report, India is said to be in the top 10 list of countries based on attributable malicious traffic for DDoS attacks at 7.43%. Attackers and threat vectors continue to get sophisticated. While the organizations build a stronger shield against these attacks, the potential attackers find ways to breach defenses by constantly evolving methodologies.

  • Ease of launching attacks: Multiple tools are available to launch attacks and cyber criminals use them to the hilt. The rise of bot nets in India has only helped in launching large-scale attacks easily and cost effectively.

  • Lack of threat Intelligence: Financial institutes are aware that the threat landscape is constantly evolving but find it a challenge to obtain actionable intelligence that can protect their online assets from the latest and greatest threats

Mitigating the Challenge

Cyber-attacks these days are well orchestrated and are customized for specific organisations, hence it is critical to have a scalable and a multi-layered security strategy in place. Especially with the rising usage of mobile sites and applications, an apt and scalable security solution to protect online assets and infrastructure is a necessity. It is the only key to reducing disruptions, maintaining revenue streams and reducing the risk of erosion of brand equity. The additional in-house measure that can be undertaken would be to cultivate and grow the expertise of security experts within the organization or tying up with partners with the expertise.

In maintaining business continuity and brand reputation, awareness about DDoS and application layer attacks along with having an effective solution in place is crucial. As a basic security framework, having the following elements will be helpful:

  • A documented information security policy
  • Awareness education and training for employees
  • Regular identification of key risks and trends
  • Information security assessments
  • Monitoring and reporting security incidents
  • Investment in technologies that mitigate risk and protect business critical data.

Protect Everything

Companies, especially financial organizations, should obtain threat intelligence on a regular basis, identify technologies that provide scale without impacting performance of assets and be ready for frequent and large scale attacks. One must remember that a one-time investment in securing online assets will seldom suffice and being aware of the latest and greatest attacks while investing a scalable technologies to protect against attacks is the way forward in combating the cyber threat.

Leave a Reply

Your email address will not be published. Required fields are marked *