Addressing Emerging Cyber Security Threats in the BFSI Sector: Recommended Measures

By Govind Rammurthy

In light of Government of India’s concerted efforts to digitize services across all sectors, particularly in streamlining paperless financial transactions, cyber security has ascended to the forefront of priorities for institutions within the BFSI sector.

It is clear that as virtually every citizen engages in, what can be aptly described as the financial ecosystem, cybercriminals are actively seeking avenues to target this sector. Furthermore, the intricate nature of technology offers savvy criminals not only opportunities to commit crimes but also means to obfuscate their activities, complicating potential investigative efforts.

As delineated above, the BFSI sector encounters a diverse spectrum of emerging threats due to its central role in handling sensitive financial data and transactions. Below are some of the emerging threats, accompanied by measures that can be implemented to effectively mitigate them:

Ransomware Attacks – Ransomware Attacks represent a constantly evolving threat landscape, casting a formidable shadow over organizations across all sectors. Particularly targeting financial institutions, cybercriminals employ increasingly sophisticated ransomware variants engineered to encrypt vital data and extort ransom payments for decryption keys. While encryption constitutes just one facet of the threat, institutions often maintain disciplined backup practices for critical data, facilitating restoration processes. However, the gravest concern arises from cybercriminals’ adeptness at exfiltrating sensitive information, subsequently leveraging it to coerce and blackmail institutions.

Measures to tackle such attacks: Implementing robust endpoint security solutions, such as eScan EDR on endpoints and gateways, is paramount. These solutions leverage advanced threat detection and prevention technologies to proactively mitigate ransomware attacks. Additionally, adopting a comprehensive solution for detecting vulnerabilities in assets is crucial, as it helps identify potential entry points for attacks against institutions.

Advanced Persistent Threats: APTs represent highly sophisticated and targeted cyber attacks orchestrated to infiltrate networks, aiming to pilfer sensitive information or engage in espionage over extended periods. APT actors employ advanced techniques, skirting traditional security defences to elude detection for prolonged durations.

Measures to tackle APT: Effectively thwarting APTs necessitates deploying advanced threat intelligence solutions and conducting regular threat-hunting activities to intercept and neutralize APTs early in the attack lifecycle. Furthermore, eScan advocates for network segmentation, colloquially termed “silos,” and the implementation of stringent access controls to curtail lateral movement within the network, thereby mitigating the impact of APTs. Additionally, CISOs are urged to conduct routine assessments of firewall traffic flows to countries with less robust cyber security frameworks, ensuring heightened vigilance against potential threats.

Insider Threats: Within the realm of cyber security, insider threats—whether deliberate or inadvertent—constitute a formidable peril to financial institutions. Individuals including employees, trusted insiders, and system administrators with access to servers and credentials, and disgruntled staff members may exploit their privileged access to pilfer or erase sensitive data, or commandeer systems for personal gain or malevolent intent.

Measures to handle Insider Threats: Chief Information Security Officers (CISOs) must oversee measures such as regular audits, stringent access controls, credential reviews, and the prompt revocation of rights for departing employees. Also, stakeholders ought to adhere to the principle of least privilege, thereby restricting access to sensitive data and systems based on job roles and responsibilities. The implementation of User and Entity Behaviour Analytics (UEBA) within endpoint and perimeter security solutions, enables the monitoring of user activities and perform behaviour analytics. This facilitates the identification of anomalies indicative of insider threats, such as unauthorized access or abnormal data exfiltration.

Third-Party Risks: Organizations frequently depend on third-party vendors, suppliers, and service providers to fulfil diverse business functions and processes, thereby heightening the susceptibility to supply chain attacks and data breaches stemming from third-party vulnerabilities.

Measures to tackle TP risks: To mitigate such risks, organizations must conduct thorough vendor risk assessments and due diligence processes to evaluate the security posture of third-party vendors and assess their compliance with best practices. Furthermore, regular monitoring of information flow to third-party vendors, coupled with routine audits of third-party activities, is essential for the timely detection and mitigation of potential risks.

Cloud Security Challenges: The integration of cloud computing, cloud storage, always-on smartphone applications, and Software-as-a-Service (SaaS) solutions presents novel security hurdles for BFSI organizations, encompassing concerns related to data privacy, compliance, and unauthorized access.

Measures to address Cloud Security: Financial institutions must prioritize the implementation of robust cloud security controls and encryption mechanisms to safeguard sensitive data stored in the cloud. Furthermore, the activation of audit trails across all cloud services, periodic review of security policies, and the establishment of methods for detecting anomalous activities within cloud environments are imperative steps toward bolstering cloud security defences.

Regulatory Compliance and Data Privacy: The introduction of the DPDP bill has compelled BFSI organizations to adhere to rigorous regulatory standards and data privacy laws, underscoring the importance of safeguarding customer data and upholding trust and confidence in financial systems’ integrity.

Measures to comply with DPDP: To fulfill these mandates, BFSI entities must deploy enterprise Data Loss Prevention (DLP) solutions to adhere to stringent cybersecurity protocols and procedures, thus ensuring alignment with regulatory mandates. Moreover, conducting regular compliance assessments, facilitated by external auditors, is essential to guarantee adherence to regulatory frameworks and guidelines.

By proactively addressing the above threats and implementing effective cybersecurity measures, financial organizations can strengthen their resilience to cyberattacks and safeguard their critical assets, data, and reputation in an increasingly digital and interconnected landscape in India.

(The author is Govind Rammurthy, CEO and Managing Director, eScan, and the views expressed in this article are his own)