Banking institutions in India are poised to introduce a plethora of new initiatives that are empowered by technology. These initiatives are focused at young generation that accounts for the largest youth population across the globe. Integration of social media with banking related services is only one of the multiple steps being taken by Indian banks to ride the wave of digital innovation.

Growing security threats to BFSI institutions

Acceleration of customer services is being boosted with help of cutting edge enterprise mobility solutions such as Tab Banking service that facilitates customers to access banking services from comforts of their homes or even while on the go by using internet enabled handheld devices such as tablets.

Every technology brings with it certain concerns and the technology powered banking solutions are no exception to this. Security associated concerns are directly related to the growth of hi-tech banking solutions, thus presenting an array of challenges to be addressed effectively.  

In terms of vulnerability to security related threats, India’s financial sector stands to be the most exposed among all major sectors according to research done by several independent institutions. The 2014 Survey Report presented by KPMG clearly underlines that financial sector is running the highest risk of cyber attacks and cybercrimes. In terms of percentage as many as 58 per cent respondents opined that financial sector is the most vulnerable sector to cybercrimes.

The commonest cybercrimes that were observed by KPMG were related to ATM or Debit card cloning, and phishing attacks targeted at online banking accounts. This also includes customers being asked to share username/ password details associated with Internet banking. In essence growing use of smart phones and other modern devices for online banking is mainly attributed to greater vulnerabilities and subsequent growth in banking related cyber crimes.

Proliferation of cybercrimes that affect online transactions can be directly linked to the amazing level of sophistication adopted by cyber-criminals. In one of the most cleverly executed cybercrimes, the criminals could break into an email account of a Canada based NRI only to siphon off Rs 1.13 Cr from his account with one the banks in India. The most interesting part is that the money was transferred to two separate overseas accounts of the criminals.  

Urgent need to adapt robust policies

Reserve Bank of India (RBI) has formulated a wide-ranging information security policy and made it mandatory for all banking institutions to adhere to various requirements such as a strong incidence management process. The process of incidence management is designed to manage incidences occurring within the institution by way of effectively containing the same to prevent further exposure and plot a defined timeline for recovery.

It also clearly specified by RBI in no uncertain terms that every bank is supposed to put in place, procedures to guarantee maintenance of integrity and consistency of all business critical data that is stored electronically. This can cover data warehouses, data archives, and databases to name a few.

In order to avoid possibility of computer systems getting compromised, the central bank has directed banks to ensure regular scanning of systems for any possible flaws and address these instantly as well as proactively. RBI is also expecting banks and finance institutions are also required to design and implement stringent monitoring procedures to identify unusual behavior patterns or doubtful events that may cause challenge to security of IT assets. 

In order to mitigate possibility of a cyber attack there has to be an impregnable patch management process to address multiple weaknesses of the technical and software related systems.

It must be mentioned that audit trails for IT assets are extremely important not only for ensuring compliance with banking systems or legal and regulatory protocols but also as a future resource that can be relied upon as forensic or legal evidence to facilitate settlement of legal disputes. It should be understood that the whole process of achieving enterprise class security while ensuring compliance with wide spectrum of regulations is a long and arduous journey without any software assisted shortcuts.

According to RBI directives, due importance to fault tolerance must be given during designing and implementation of Disaster Recovery. The mission critical nature of these DR solutions calls for uninterrupted availability. The aspect of fault tolerance needs to be duly considered particularly during development process of corporate networking as well as data center solutions.

Internet banking has given rise to 24/7/365 availability of banking solutions and has significantly reduced recovery time in the event of any threat to data integrity. With legacy off-site storage and backup systems getting obsolete, there is a huge cost factor to be addressed while facing the challenges of modern technology.

Data Management Outsourcing as an expansive security cover

Proficiently managed third party data center providers promise greater data redundancy as well as security. The sophisticated and technologically advanced facilities of data center can prove to be highly efficient in monitoring and identifying the minutest flaw in the system. Thanks to cutting edge behavior recognition technology, these providers have tools in place to recognize every single online threat from malicious sources.

Multi layered security provisioning in reputed and state of the art data center also secures hosts, applications, network, and dedicated firewalls. In case of DDoS attack the behavior recognition technology is able to pinpoint any anomaly and results in diversion of zone traffic. Perpetual monitoring of logs and alerts is one of the highlights of established data centers. This is backed by appropriate settings of operating systems, an in-depth security audit, vulnerability detection mechanisms, and much more.

Real time vulnerability scanning solutions including MTvScan can efficiently overcome problems faced by real world websites that suffer from compromised server security. This can prevent attackers from targeting sensitive data. These solutions identify all possible vulnerabilities of websites and also provide detailed analysis of the need for application of security patches. Sophisticated firewalls offered by reliable data centers are capable of blocking unutilized ports to ensure security from spamming, spoofing, and malware attacks.

Virtualized DR- Cost effective and convenient option

Cloud based DR solutions can offer much need respite to banks that are experiencing hard times while complying with RBI mandates about DR sites. These solutions offer remarkable cost efficiency because an institution is only supposed to pay in the event of a disaster. Secondly, users are free to use low cost servers for routine tasks while availing services of high end servers during the disaster.

This particular alternative is not available in conventional DR that makes it mandatory for an additional backup server to be constantly available for possible switchover. The Total Cost of Ownership is also considerably lowered in case of cloud based DR due to absence of any capital investments and predictability of costs.

Financial institutions in India are on the brink of a significant transformation that is empowered by high end technology. The transformation can be facilitated with help of specialty service providers by ensuring robust immunity against security threats.