Ranjith Purushothaman
Chief Manager ISG & IS Audit Dhanlaxmi Bank

The banking industry witnessed a 1318% increase in ransomware attacks in 2021. This means the industry is one of the most vulnerable sectors prone to cyberattacks. 2022 will be more critical for the sector due to the fast adoption of digital payments globally. This is a constant but growing concern for the CIOs and CISOs. Hence upskilling and educating customers are the priorities for the BFSI sector.

However, there is an overflow of awareness all around regarding cybersecurity and the solutions available around. This creates a camouflaged effect for them to pick the perfect fit.  “The banking industry is mature enough to tackle cyberattacks. And that is primarily due to the strong focus from the regulators like the RBI or SEBI. They give enormous focus on the cyber security front and have made it mandatory for the BFSI sector to keep all cybersecurity measures in place,” Ranjith Purushothaman, Chief Manager ISG & IS Audit, Dhanlaxmi Bank explains on how to come out of this maze and help their company and customers have a safer banking experience.  

According to him, the regulatory bodies have made it mandatory for the banking sector CIOs and CISOs attend various webinars. Even the RBI itself is conducting mandatory training sessions for the C-level executives. This will ensure that BFSI firms have all the security measures in place to prevent any cyberattack.

Asked if he thinks there is an overdose of awareness on cybersecurity for the BFSI sector, which is creating a camouflaged effect for the CIOs and CISOs to pick the correct solution for their firm, he says, “Of course. We have a lot of articles and resources being published on creating awareness among the CIOs and CISOs.

However, it is up to each individual to pick the right information they need to fix their problem. The right to take a call is theirs.”

“For instance, over the last two years, startups have emerged as the powerhouse providing incredible solutions and technologies to the banking sector. But what we feel is that, unlike the traditional IT systems, cybersecurity products are not matured, or we do not have a proper benchmark to evaluate their capabilities.

To me, this is correct to some extent, and it is here that the CIOs and CISOs need to take a cautious call.”

Post the data protection law was passed in the parliament, various vendors are coming up with various security variations on database encryption, masking and others. “But we are not sure if the product is mature enough to protect our data or how will it impact when an application will go down. We also must consider if these solutions will be government approved or provide ROI on the losses. There may be hidden pointers too that we may not be aware of. But how to bring these things to the surface?”, Ranjith questions.

Cybersecurity is ever-changing, and hence existing solutions need to be fine-tuned while new solutions should be created keeping the future in mind. Finally, it is about accessing the existing solutions and measuring ROI for the particular investment.

Opining on a one-size-fits-all approach leading to any cybercrime, he felt, ‘one-size-fits-all’ is an old adage now, which should be deleted from the dictionary. “It doesn’t work anymore for any industry. Banking functions have their own critical components and hence it is important to cautiously evaluate the existing and new technologies or solutions. A small miss and you open the door to cyber attackers losing millions or billions of your clients’ money and your reputation goes kaput.”

While the big banks and the small banks may offer similar services, but their process differs, which means we need to have different security solutions. However, we need to take a cautious call if our security measures aren’t paying off. We need to evaluate our ROI and scrutinise if we have made the right investment. After all, the call on having cybersecurity installed in your organisation or department depends on your balance sheet or the size of each department.

Asked if the banks are truly interested in investing in cybersecurity in the APAC region and his opinion on that the entire banking system is eager to have a better and stronger security side, he feels that there is a strong focus at the board level right now. They are even approving budgets for having strong security measures.

Focus of banking cyber security in 2022:
The Indian government is pushing various digital products and hence banks need to ensure that they have their digital payment systems in place which is foolproof and can secure our customer’s money. Customer awareness is also a key aspect. “They should know about the company and how to utilise the product.

Hence banks need to focus on educating their customers and creating awareness among them about the distinct products and the common setting controls. Hence 2022 will see a large focus on digital payment security from the BFSI industry. “, Ranjith concluded.

Educate their customers in terms of their products and security:
On the end-consumer level awareness, he said, banks are undertaking several measures to make their customers aware specifically in terms of cybersecurity through newspaper ads, Youtube videos, and even SMS. But ultimately, the customer also must become aware of certain scenarios of force because other forces (hackers) are too smart to fool the customers.

They create a critical situation to make customers panic and then share confidential information with them. Exploiting the customers emotionally is the key for hackers.

Concluding on his suggestions for the fellow banking CIOs, he said that “We need to be more proactive in identifying risks specifically as digital banking is gaining pace.

Even the older generation are using digital products. Hence, we need to understand their difficulties precisely on the cybersecurity front. We must be their gatekeepers in keeping away any attacks.”