The recent global ‘WannaCry’ ransomware attack exposed the vulnerabilities of the connected world where a shadow group of hackers could wreck major disruption at hospitals, corporates and other public service institutions. The ever-present threat of computer viruses which comes in various forms needs constant vigil by everybody—from the simple user of a PC up to the cybersecurity experts. It is expected that such kind of threats will only continue to increase given the growing number of online transactions and financial institutions are naturally the most targeted.
Global consulting and technology services company Accenture in its latest report “Building Confidence: Solving Banking’s Cybersecurity Conundrum” said many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defence.
The report is based on a survey of 275 senior security executives across the banking and capital markets sectors. It found that 78% of executives surveyed expressed confidence in their overall cyber security strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51%, 51% and 50%, respectively).
However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks receive each day, on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36%) were successful, that is, at least some information was obtained through the breach. In these instances, it took 59% of banks several months to detect breaches. Additionally, nearly half (48%) of respondents cited internal breaches as having the greatest cybersecurity impact and 52% indicated a lack of confidence in their organisation’s ability to detect a breach through internal monitoring.
This is an eyeopener for Indian financial institutions. Piyush Singh, managing director for Accenture’s financial services group in APAC and India, said, “As Indian financial services firms are in the initial stages of adopting digital technologies they have a unique opportunity to set up proper checks and balances to prevent cyber attacks.”
You May Also Want To Watch:
Though WannaCry did not inflict any major damage in India, there are lessons to be learnt. Security software company Quick Heal Technologies said it had detected over 48,000 MS-17-010 Shadow Broker exploit hits responsible for the WannaCry ransomware outbreak in India. Among the attempted attacks by the malicious WannaCry ransomware, 60% were targeted towards enterprises and 40% towards individual customers. The top five cities impacted by WannaCry in India are Kolkata followed by Delhi, Bhubaneshwar, Pune, and Mumbai. The top five states with maximum detections are West Bengal, Maharashtra, Gujarat, NCR (Delhi), and Odisha.
In the context of cybersecurity in the Indian financial services sector, Singh said, “They should take an enterprise-wide view of cyber security, weed out cyber security protocols operating in silos, tackle the issue as a business priority, and hire and continuously train people skilled in building cyber resilient businesses. They should also focus on deploying practical testing scenarios that include highly realistic simulated attacks. No amount of vulnerability scanning or risk assessment will replicate that.”
According to the Accenture survey, while security teams detected a high number of breaches in their respective banks, virtually all (99%) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programmes and establishing effective internal escalation processes.
According to the report, developing and implementing the right governance model to drive a holistic approach to cyber security is critically important in strengthening a firm’s external and internal defence capabilities. Developing effective capabilities should be driven by a two-pronged strategy: Focused cyber security assessments on one hand and comprehensive testing on the other, it said.
According to Accenture, banks expect cyber security skills shortage while dealing with the issue. The research also points to several areas where respondents foresee a significant skills shortage, including end-point/network
security, incident response and vulnerability management. As Sanjay Katkar, MD and CTO, Quick Heal Technologies, said, “This ransomware outbreak has brought to fore the importance of robust cyber security solutions for individuals and businesses alike. Cyber criminals are not discriminating while attacking and spreading malware.”