India's Financial Sector Faces Numerous Cyber ChallengesRajesh Pant Focuses on Financial Cyber Challenges at ISMG Event
As its economy continues to grow and mature, India finds itself on the cusp of an internet and mobile transformation that includes an immense opportunity for the country's banking and financial sectors. With all that growth, however, comes concerns over security.
As with many other countries, India is fighting off an array of disruptive attacks that include advanced malware, sophisticated distributed denial of service attacks and nation-state actors targeting DNS protocols as part of ongoing espionage campaigns.
These different types of cyberattacks are a challenge to India's financial industry, which is also dealing with disruptions from new technologies such as cryptocurrency and blockchain, as well as ongoing efforts to protect customers from schemes that target ATMs and point-of-sales terminals.
These are some of the challenges faced by Lt. Gen. (retired) Rajesh Pant., the national cybersecurity coordinator of India, who started in the position in earlier this year (see: Sources: Lt. Gen Rajesh Pant Is Next Cybersecurity Chief).
"We have seen a wide number of changes in cyber threat landscape over the last year," Pant said during is talk entitled: "The Challenges of Digital Skullduggery."
Pant talked about these developing security disruption to the country's banking and financial sector at the Information Security Media Group Fraud & Breach Prevention Summit in Bengaluru, India, this week. The one-day event for CISOs and other security professionals focused on a wealth of topics including insider threats, phishing and email fraud, digital payment fraud, cyberattacks on the government and enterprise websites and well as India's proposed data protection and privacy framework (see: Fraud & Breach Summit in Bengaluru: A Preview).
In Pant's assessment, the world is moving away from an older notion of a "Cold War" to one that he calls a "Code War," where information and data are the main targets and a cadre of bad actors, including cybercriminals to advanced persistent threat groups, are using increasingly sophisticated techniques to attacks the infrastructures of large enterprises, small and midsized businesses and government agencies as well.
The challenge with this type Code War are numerous, especially within the banking and financial sectors. Currently, 20 percent of all cyberattacks in India are focused on the banking and financial sector, with the government a close second at 19 percent.
To illustrate this further, Pant showed a chart that found nearly 45 percent of phishing attacks in India focus on banks and other financial institutions. Additionally, mobile banking malware attacks have steady increased from April of 2018 to April 2019, peaking in September and October of 2018.
The Asacub banking Trojan that has targeted Android devices has proved the most popular.
These types of banking attempts are happening more frequently. An example that Pant used happened in February 2018, when an attack that targeted the SWIFT messaging system of one Indian bank allowed money to move to China and Turkey where the cash was withdrawn and lost within only a few hours. The one success is that a transfer to Dubai was stopped, the account frozen and the money recovered.
What Can Be Done?
While he only started his position within the last few weeks, Pant has plans for the future to increase cyber awareness in India.
Currently, the Indian government is pursuing several different measures to improve cybersecurity both within the government as well as the private sector. These include:
- The creation of the National Cyber Security Policy-2013
- The creation of the National Cyber Security Coordinator position
- The creation of a crisis management plan
- The integration of Indian Computer Emergency Response Team (CERT-In) and National Critical Information Infrastructure Protection Centre (NCIIPC)
- The creation of the National Cyber Coordination Centre (NCCC)
- The creation of the BOT Cleaning Center
- And the creation of testing labs for security testing of product and software
Pant also told the audience that he hopes to start work on a new national cybersecurity strategy and policy plan that should be ready for review by the end of this year or the beginning of next year that takes into account many of the big changes in security that have occurred over the last five to six years.