The banking system around the globe is the backbone of the larger economic structure that runs the world that we live in. From salaried individuals to major corporations to nations around the world, the banking paradigm is at the core of it all.
Therefore, the security and surety of the medium are paramount. In the age of the internet and myriad mediums to purloin resources, it is more important than ever to ruminate and shore up the defences against undesired elements.
In a conversation with the Free Press Journal, Jamie Brown, Senior Director, Global Government Affairs at Tenable, an American exposure management company, spoke about the perils facing the banking world.
Access to the valuable data banks hold can be used for nefarious purposes, making attacks on banks expensive and damaging. However, data breaches are not the only risk that banks face. They are also under threat of ransomware attacks. | Representative Image
1. Why are banks always at a greater risk of being attacked?
While all industries have to manage some level of cyber risk, some sectors are more targeted and at risk than others. Banks are among the most-targeted industries owing to the great deal of sensitive and valuable information they contain, making them an attractive target for cybercriminals.
Access to the valuable data banks hold can be used for nefarious purposes, making attacks on banks expensive and damaging. However, data breaches are not the only risk that banks face. They are also under threat of ransomware attacks.
A week ago, nearly 300 small banks in India were forced to go offline due to a ransomware attack on a third party. Banks are also constantly threatened by phishing schemes, insider threats, and account takeover attacks. These threats can result in data breaches, interruptions to operations, and costly remediation.
The RBI’s nation-wide alert for proactive security is a step in the right direction to ensure that the most critical industries take a preventive approach to cybersecurity. According to the Reserve Bank of India, there were 1.3 million cyberattacks on banks in India in 2023. | File/ Representative
2. What is the importance of the RBI's nation-wide alert for proactive cybersecurity?
The RBI’s nation-wide alert for proactive security is a step in the right direction to ensure that the most critical industries take a preventive approach to cybersecurity. According to the Reserve Bank of India, there were 1.3 million cyberattacks on banks in India in 2023.
With the growing reliance on cloud-based applications, the interconnections between financial institutions, and the greater degree of dependence on third-party service providers, the attack surface has expanded.
Therefore, banks need to be proactive in their security efforts, to identify and eliminate the greatest risks to financial stability. With a proactive approach, banks in India can know their weaknesses, identify critical exposures, and take swift action to close the gaps that make them vulnerable.
3. What challenges do banks in India face regarding the adoption of preventive security measures?
Banks have always been on the leading edge of building security programmes to protect their investments, build customer trust, and adhere to a higher number of regulations. Banks in India were early adopters of cybersecurity services, but there’s a catch: Many banks built security programmes that were more traditional and reactive.
They often rely on security controls that respond to an incident rather than adopting proactive strategies that can prevent attacks from becoming successful in the first place. Coupled with institutional inertia, the move to a proactive approach to security is slow on uptake.
However, more recently, we’re seeing more frameworks and best practice guidelines, like the one the RBI issued a month ago, emphasising the need to shift from a reactive strategy, towards a more preventive one. This is coupled with infrastructure growing exponentially across public and private cloud platforms that can scale up quickly.
Preventive strategies allow for superior monitoring and assessment capabilities, which empower banks to make better decisions about how, when, and where to focus their resources to know, expose and mitigate risk before cybercriminals exploit these weaknesses.
The goal is to minimise the impact of an attack and accelerate the incident response and recovery time. This ensures banks stay cyber resilient and can bounce back quickly. | File Photo
4. If banks want to adopt a preventive security strategy, where should they begin?
The first step is gaining complete visibility into the attack surface. Visibility sheds light on business and technical risks, giving banks a bigger picture of prioritising defences against the most likely attack vectors.
The goal is to minimise the impact of an attack and accelerate the incident response and recovery time. This ensures banks stay cyber resilient and can bounce back quickly.
5. What are the tools and technologies available on the market that enable preventive security?
Exposure management platforms help banks know their weaknesses by gaining a comprehensive view of cyber risk, uncovering exposures across all assets and attack pathways. It identifies, understands and quantifies cyber weaknesses, showcasing which vulnerabilities or misconfigurations bear the greatest potential to erode an enterprise’s value, reputation and trust.
Exposure management enables swift action to eradicate priority cyber exposures anywhere in the organisational infrastructure to significantly reduce business risk. | Photo: Pixabay
Exposure management enables swift action to eradicate priority cyber exposures anywhere in the organisational infrastructure to significantly reduce business risk.
By unifying security visibility, insights, and action across the attack surface, exposure management equips banks with the capability to protect against attacks proactively — be it in the IT infrastructure, cloud environments, critical infrastructure, or anywhere in between.
