Indian banks lost a whopping Rs 12.6 crore to digital fraudulent practices in 2010. And the financial services enterprises also faced a similar security quagmire. They could not escape the onslaught of cyber frauds. Plagued by spiraling security breaches, the financial services organizations incurred significant financial losses with the average loss being Rs 6.86 crore. The cyber scams cost the financial sector dearly. Other than financial losses, they also suffered losses in terms of downtime, lost man hours and even ended up losing customers.
The rising volumes of digital attacks have set the alarm bells ringing. And the banking system is waking up to the harsh reality that their IT security levels aren’t robust enough to combat the sophisticated cyber criminals.
In an attempt to clamp down on the increasing digital frauds, the industry regulators (RBI and IRDA) are putting in place stringent regulations and governance mandates. In May 2011, RBI issued the comprehensive guidelines which covered various areas such as IT Governance, information security (including electronic banking channels like internet banking, ATMs, cards), IT operations; IT services outsourcing, Information System Audit, cyber frauds, business continuity planning, customer education and legal issues.
These regulatory mandates have given the financial institutions a nudge in the right direction. Compliance and governance mandates have emerged as the primary drivers for the adoption of IT security. “Over the last year, RBI has mandated two factor authentication at banks for all delivery channels. The RBI guidelines and impending Basel III compliance are compelling financial institutions to rethink the way information is secured and managed. We have seen that in the past 12 months, a large percentage of banks invested in identity management. The investment in technologies to address such regulations is likely to continue. Technology investments during the next financial year will be made towards stronger governance, business continuity planning, securing mobile and wireless transactions, data loss prevention and network security,” informed Ajay Goel, Managing Director, India and SAARC, Symantec.
After monitoring the threat spectrum in the vertical, the security software firm identified phishing as the highest attack threat vector in this industry. “Since November 2010, all phishing attacks on Indian brands have targeted the banking sector,” cautioned Anand Naik, Director, Technology Sales, India and SAARC, Symantec.
He concurred that the mobility, communication and internet have opened up new frontiers for the financial sector. They can now introduce new and alternate channels to achieve increase levels of customer service and experience. According to the reports by Internet and Mobile Association of India, the Indian e-commerce market to grow at 70 percent by the end of 2011. However more often than not it is an unsecured leap to mobility and Ecommerce. “Our reports identified that there was a 43 percent increase in mobile vulnerabilities in 2010,” he highlights.
The cyber threats can be obviated by rethinking the security priorities. “Financial Services organizations need to develop and enforce IT policies and automate their compliance processes. By prioritizing risks and defining policies that span across all locations, businesses can enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur or anticipate them before they happen,” recommended Goel.