MOUNTING CYBER THREATS: BFSI firms need better safeguards

By Aiyappan Pillai

Amidst a plethora of digital interfaces serving consumers and businesses, the financial sector is a prime target for cyberattacks. The expanding digital economy widens the attack surface, demanding enhanced cybersecurity. Safeguarding data integrity, availability, and confidentiality is crucial for digital trust.

Financial institutions face potential targeting on two fronts. First, at the organisational level, which encompasses its employees and systems; and second, its customers along with their digital devices. Employees can become targets via hacking into business messaging accounts such as email, messenger services, SMS and posing as senior executives to authorise detrimental actions for the company. A significant internal threat emerges from introducing malware into systems.  

Financial service firms encounter significant risks, encompassing insider threats, ransomware assaults, data breaches, and the compromise of essential systems like payment, identity, and messaging. The routine use of shared credentials for common systems must be curbed. The shift to virtual workspaces has expanded the attack perimeter beyond organisational confines. Cyber-attacks often find entry points through employees’ lack of cyber hygiene, the vulnerability of remote workers’ or customers’ devices, public internet usage, and insecure system access protocols and applications.

As organisations enhance their cybersecurity posture, cybercriminals devise new ways to attack. Emerging technologies like AI and machine learning are used to aid cybercrime. Nevertheless, the same AI and ML technologies are harnessed to combat cybercrime. Data analytics aids in behaviour analysis to pinpoint possible fraudulent transactions. Sophisticated solutions are implemented to identify fraud with enhanced precision and outsmart potential fraudsters.

For comprehensive cybersecurity, an organisation needs to implement security measures spanning its complete service chain. This includes its customers, employees, their devices, connectivity networks, financial systems, and data. These measures encompass training initiatives, process enhancement, and the adoption of suitable technological solutions. The organisation should prioritise awareness-building, training for secure practices and effective recovery from attacks.

A zero-trust approach to cybersecurity helps address vulnerabilities in a structured way across components in its service chain. Multiple trust zones restrict blanket access to components in its service chain. Security awareness must becomesecond nature for everybody. Firms would do well to adopt practices that enhance their cyber-resilience.

Ensuring cybersecurity of digital infrastructure is a constant endeavour. Building cyber resilience is an on-going process. As AI capabilities and quantum computing mature, they present new threats. However, such threats and their cybersecurity countermeasures would play out like a cat and mouse game.

The writer is a senior member of Institute of Electrical and Electronics Engineers (IEEE)