Banks and insurance firms have started beefing up their cyber security defence systems by setting up quick response teams and conducting mock drills for disaster recovery scenarios amid heightened tensions between India and Pakistan.
In a meeting with managing directors and CEOs of banks and insurance companies on Friday, finance minister Nirmala Sitharaman directed banks to conduct regular audits of their cybersecurity systems and data centres and ensure that all digital and core banking infrastructure is fully firewalled and monitored round the clock to prevent breaches or any hostile cyber activity.
“We have taken proactive multi-layered defense strategy and we are continuously monitoring all our strategies,” said A Manimekhalai, MD & CEO, Union Bank of India, adding that banks have conducted comprehensive awareness programs to educate both staff and customers, ensuring cyber preparedness and resilience at every level.
The finance minister has instructed banks to designate two dedicated senior officials identified at the headquarters, one for reporting all cyber-related matters and the other to ensure operational matters, including the functioning of bank branches and the availability of cash in ATMs. Both dedicated officers should report any incident to CERT-In (Indian Computer Emergency Response Team) or relevant agencies and Department of Financial Services on a real-time basis.
Bankers said that their Security Operations Centre and Network Operations Centres are fully operational and on high alert. These centres are coordinating closely with CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC), facilitating real-time data sharing and threat monitoring. Banks have implemented anti-DDoS (Distributed Denial-of-Service) systems to protect against massive cyber-attacks.
“We have established a Quick Response Team composed of senior IT and operations officials to swiftly assess, contain, and mitigate any potential threats or incidents,” said senior official of a public sector bank. “The team is closely monitoring cyber threats to ensure prompt and effective action.”
According to the bankers, the Department of Financial Services had told them a week earlier to ensure smooth functioning of banking services.
It’s not just banks but companies have also witnessed a surge in cyber threats over the past few days. “Recent developments have indicated a surge in cyber threats targeting Indian businesses and critical infrastructure. Threat actors with affiliations to Pakistan have been observed deploying sophisticated malware, such as Xeno RAT and Spark RAT, aiming to infiltrate various sectors within India,” Ravindra Baviskar, Director – Sales Engineering, at global cybersecurity firm Sophos said.
Experts say that country’s rapid development in areas like e-commerce, and digital payments makes it especially vulnerable to cyberattacks due to the massive attack surface of its digital infrastructure. Companies have increased the frequency of mock drills, said experts.
“Mock drills for cybersecurity awareness are crucial to ensuring employee proactiveness while securing networks. We conduct these drills regularly for our clients, backed by core practices like real-time monitoring and a zero-trust framework,” Chetan Jain, managing director at Mumbai based cybersecurity solutions provider Inspira Enterprise said. “Insights from each drill help us further strengthen their security posture.”
There are large volumes of people using delivery apps, ecommerce apps, trading apps, financial apps and all these apps have sensitive details, and a breach in any of these platforms will adversely affect the economy, and in some cases, national security, experts said.
“The threat landscape spans from state-sponsored attacks on critical infrastructure to phishing campaigns that exploit geopolitical narratives. Companies and their Boards must understand that cyber security is not merely an IT issue, but a strategic boardroom priority,” Evaa Saiwal – Head of Liability & Cyber Insurance at Policybazaar for Business added.
Tarun Wig, Co-Founder & CEO, of security firm Innefu Labs added that as cyber threats grow more sophisticated, companies face risks ranging from ransomware and data breaches to insider threats all of which call for a proactive cybersecurity posture combining AI-driven threat detection, regular audits, and continuous training.
“Every organisation would have exposures through which adversaries can target. These exposures are: vulnerabilities, configuration errors in your technology including the cybersecurity technology, counterfeit assets and even vulnerable employees who are prone to click on and respond to phishing emails,” Satykam Acharya, Co-founder and Director, Offensive Security, Infopercept said.
“The threat landscape spans from state-sponsored attacks on critical infrastructure to phishing campaigns that exploit geopolitical narratives. Companies and their Boards must understand that cyber security is not merely an IT issue, but a strategic boardroom priority,” Evaa Saiwal – Head of Liability & Cyber Insurance at Policybazaar for Business added.
While technical initiatives like real-time threat assessment, using artificial intelligence to identify suspicious patterns, and ensuring firewalls are upgraded, addressing the vulnerabilities arising from human errors is equally important.
The most crucial sectors to secure, experts said, would be the digital platforms of BFSI entities, e-commerce and quick commerce platform, and telecom networks. These three carry the bulk of critical data like KYC information of Indian citizens, their addresses, and payments data making them lucrative targets for cyberattacks.
