Murali Urs
The WannaCry Ransomware which hit businesses including banks globally didn’t spare India, which was the second-worst affected country in APAC according to reports. It was a reality check for financial institutions as the attack was estimated to have affected more than 150 countries and caused millions of dollars in damage. The banking system often emerges as a sitting duck since it is the softest and most effective target.
In India too, cyber frauds are on the rise. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The recent frauds at Cosmos Bank and State Bank of Mauritius branch based in Mumbai are only the beginning, with rise in digital transactions and their spread to the interiors of the country, cyber frauds at banks are on the rise.
Why Financial services?
The financial services industry is naturally a lucrative target for cyber criminals. The primary targets which are usually compromised in cyberattacks on banks are the SWITCH and SWIFT systems. SWITCH is a group of servers that are responsible for sending approval request from the ATM to the core banking system. SWIFT, on the other hand, is a global provider of a secure inter-banking messaging solution.
The SWITCH and SWIFT are the most sensitive components of the banking infrastructure, as they are responsible for the authorization of fund transfers. Each piece of information hacked—whether it is the data stored on the network, competitive intelligence, access to confidential email or trading strategies--typically has different types of buyers and methods for selling. Many forums and dark web sites exist for this purpose.
It is estimated that over 90% of all successful hacking scams start with a phishing attack. CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose finance employees due to their access to company finances and other sensitive information.
Fighting the threat
The industry needs to start thinking cybersecurity from the ground-up and not as an afterthought. Organisations must act more aggressively, constructively and comprehensively to address security threats. There needs have better understanding about simple vulnerabilities such as weak endpoint security and lack of security awareness.
100 percent security is impossible for any organisation; however, the below approach will go a long way in combating financial hacking:
The author is Country Manager – India at Barracuda Networks. Views are personal.
Discover the latest business news, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!