'Banks are up against sophisticated cybercrime'
The biggest challenge for the banking industry is "the sophistication of cybercrime," said Manish Sehgal, Chief Information Security Officer of AU Small Finance Bank, at the BFSI Leadership Summit 2021, organised by YourStory and EnterpriseStory on July 16.
Watch the video from the BFSI Leadership Summit 2021 here.
“These days, even ransomware is available as a service,” Sehgal told Dr Madanmohan Rao, Research Director, YourStory Media, in a fireside chat themed “Imminent trends and challenges in cybersecurity.” A hacker, with a little bit of money in his hands, can buy that service and attack any organisation, he added.
With most employees working from home, banks are more exposed to such threats than before. “If a device is connected with the office network, I can actually deploy the security controls on top of it,” said Sehgal. But when employees connect devices on their personal networks, either of them could be compromised. A low security device can actually infect other devices as well.
It becomes a greater challenge for small finance banks that serve customers in rural areas, who are not as tech-savvy as their urban counterparts. “Educating them is a real, big task,” said Sehgal.
To make them aware, AU Small Finance Bank has organised workshops in local languages and developed educational snippets, which they distribute through social media channels.
"We send messages to customers in their own language, so that they can understand whenever the bank contacts them, and know what information they can ask for," said Manish Sehgal, Chief Information Security Officer of AU Small Finance Bank.
With data, banks can offer personalised services to customers based on their interests and spending habits. Sehgal said data analysis is another tool banks can use to identify and prevent fraudulent transactions. “It will help us take appropriate actions against them,” he said.
Banks need to identify what is the threat landscape, their crown jewels, and conduct a cybersecurity risk or threat-risk assessment of those crown jewels, Sehgal asserted.
But cybersecurity solutions don't come cheap. Institutions need to identify the gaps in their security protocols, and take decisions based on the need to bridge those gaps. They cannot invest in everything, but should decide on the basis of their business dealings.
“Cybersecurity has become a business of frightening people and organisations,” Sehgal said.
Financial organisations need to do a risk assessment to ascertain the level of security that it is inclined to in the context of its business roadmap, he said. Banks can upgrade existing solutions to save money. But more than anything, they need to increase employee awareness.
“They are your biggest assets. They are the ones who work,” he said. “Make sure they understand that the organisation's cybersecurity is everyone’s responsibility.”
Watch the BFSI Leadership Summit 2021 here.