In an interaction with Shweta Papriwal, Editor, indiainfoline.com, Mr Kartik Shahani, Country Manager India, Tenable India said, "Restricting access to employees on a need-to-know basis and providing permissions to employees who require it, is the first step to securing the AD. Banks in India also need to continuously monitor the AD to keep track of misconfigurations and users who are trying to access information they are not permitted to."
This new digital workforce has pushed most of the banking sectors to go online, including video conferencing that has led to increased cyberattacks. How can the banking sector thwart cyber threats in the new normal?
The financial services industry is undergoing dramatic change with highly personalised services. And each new service the business develops creates additional attack vectors for bad actors. According to CERT-In, there was a 1000% increase in malicious activity related to digital transactions over the last six months. Hence, maintaining security and trust has never been more complex, nor has it been more important.
Organisations need to establish strong cyber hygiene practices by taking a holistic view of their infrastructure, identify those assets and systems that are critical to function, and scan for flaws in the most dynamic aspects of their attack surface. In tandem, the focus must be placed on restricting access to critical systems and key internal data by addressing misconfigurations in the Active Directory to disrupt attack paths.
Focus on vulnerabilities that matter most to the business. This allows security teams to remediate and focus on vulnerabilities that are being actively exploited by threat actors rather than the thousands that might only theoretically be used. Manage risks across third-party service providers by securing connected SaaS applications through cloud access security brokers (CASB). This will help protect customer data and provide a central platform for compliance monitoring. Closing the holes attackers look to climb through can prevent attacks from being successful.
Cybercriminals prefer to target the banking sector by procuring customer and employee information and use it to perpetrate cyberattacks like ransomware. How can banks secure themselves from such threats?
One of the most important drivers of ransomware today is the vast number of software vulnerabilities and misconfigurations threat actors are able to feast on to gain a foothold inside organizations. Once inside the system, attackers will then go after the Active Directory infrastructure to gain lateral movement and compromise further systems.
Restricting access to employees on a need-to-know basis and providing permissions to employees who require it, is the first step to securing the AD. Banks in India also need to continuously monitor the AD to keep track of misconfigurations and users who are trying to access information they are not permitted to.
The recent RBI guidelines make cybersecurity a board-level decision. What is the role of the CISO considering the new guidelines?
The RBI guidelines are a step towards acknowledging that strategic business and technology decisions need to factor in cyber exposure as a quantifiable metric of cyber risk, just as other business exposures such as economic risk. CISOs need to understand where to focus resources and investment to maximize their cyber risk reduction. It is the CISOâ€™s responsibility to objectively measure cyber exposure, in non-technical terms and understand how they compare to their industry peers or organisations with top-notch security. These business insights will help security leaders foster a business-based dialogue with the Board for more informed decision making regarding cybersecurity.
The RBI is proactive in issuing cybersecurity guidelines for financial service organisations. But is following these compliances enough or do organisations need to do more?
While the RBIâ€™s guidelines are important for defining best practices, they are not enough to help organisations quantify risk. Compliance measures serve as general guidelines but they donâ€™t cater to the specific needs of an organisation. Compliance is surely necessary to meet legal obligations, but it cannot be the only measure for cybersecurity. When a data breach occurs, the C-suite needs to know the scale of the breach, the timeframe for remediation and the immediate and long-term impacts on the business.
By adhering only to compliances, security leaders cannot address these questions. Financial service organisations need to go beyond following regulatory compliances and focus on investing in cybersecurity measures that measure risks effectively.
As FinTech companies embark on data-based differentiation, the issues of data privacy and customer protection will become increasingly important. How would this affect data privacy and what can organisations do to protect customer's personal data better?
Data security and privacy must go hand in hand because data security is the technical implementation of what data privacy dictates. As the economic value of data increases, so do the risks of cyberattacks. Organisations need to ensure that data security forms an integral part of their overall privacy strategy. By leveraging technical controls and making data privacy a business priority, organisations can outline policies for data usage and access while ensuring transparency and reducing their overall cyber exposure.