Mitigating Evolving Cybersecurity Risks in the BFSI Sector: Best Practices

Govind Rammurthy, CEO and Managing Director, eScan

By Govind Rammurthy, CEO and Managing Director, eScan

With the Government of India’s steadfast push towards digitization across various sectors, especially in facilitating paperless financial transactions, cyber security has surged to the forefront of concerns for entities operating within the BFSI domain.

It’s evident that as virtually every individual participates in what can be aptly termed the financial ecosystem; cybercriminals are actively seeking vulnerabilities within this sector. Moreover, the complex landscape of technology not only provides opportunities for these criminals to perpetrate crimes but also enables them to obscure their activities, thereby complicating potential investigative processes.

As delineated above, the BFSI sector confronts a diverse array of emerging threats owing to its pivotal role in managing sensitive financial data and transactions. Presented below are some of these emerging threats, along with corresponding measures that can be adopted to effectively mitigate them:

Ransomware Attacks – Ransomware Attacks represent a constantly evolving threat landscape, casting a formidable shadow over organizations across all sectors. Particularly targeting financial institutions, cybercriminals employ increasingly sophisticated ransomware variants engineered to encrypt vital data and extort ransom payments for decryption keys. While encryption constitutes just one facet of the threat, institutions often maintain disciplined backup practices for critical data, facilitating restoration processes. However, the gravest concern arises from cybercriminals’ adeptness at exfiltrating sensitive information, subsequently leveraging it to coerce and blackmail institutions.

Measures to tackle such attacks: Implementing robust endpoint security solutions, such as eScan EDR on endpoints and gateways, is paramount. These solutions leverage advanced threat detection and prevention technologies to proactively mitigate ransomware attacks. Additionally, adopting a comprehensive solution for detecting vulnerabilities in assets is crucial, as it helps identify potential entry points for attacks against institutions.

Advanced Persistent Threats: APTs represent highly sophisticated and targeted cyber attacks orchestrated to infiltrate networks, aiming to pilfer sensitive information or engage in espionage over extended periods. APT actors employ advanced techniques, skirting traditional security defences to elude detection for prolonged durations.

Measures to tackle APT: Effectively thwarting APTs necessitates deploying advanced threat intelligence solutions and conducting regular threat-hunting activities to intercept and neutralize APTs early in the attack lifecycle. Furthermore, eScan advocates for network segmentation,colloquially termed “silos,” and the implementation of stringent access controls to curtail lateral movement within the network, thereby mitigating the impact of APTs. Additionally, CISOs are urged to conduct routine assessments of firewall traffic flows to countries with less robust cyber security frameworks, ensuring heightened vigilance against potential threats.

Insider Threats: Within the realm of cyber security, insider threats—whether deliberate or inadvertent—constitute a formidable peril to financial institutions. Individuals including employees, trusted insiders, and system administrators with access to servers and credentials, and disgruntled staff members may exploit their privileged access to pilfer or erase sensitive data, or commandeer systems for personal gain or malevolent intent.

Measures to handle Insider Threats: Chief Information Security Officers (CISOs) must oversee measures such as regular audits, stringent access controls, credential reviews, and the prompt revocation of rights for departing employees. Also, stakeholders ought to adhere to the principle of least privilege, thereby restricting access to sensitive data and systems based on job roles and responsibilities. The implementation of User and Entity Behaviour Analytics (UEBA) within endpoint and perimeter security solutions, enables the monitoring of user activities and perform behaviour analytics. This facilitates the identification of anomalies indicative of insider threats, such as unauthorized access or abnormal data exfiltration.

Third-Party Risks: Organizations frequently depend on third-party vendors, suppliers, and service providers to fulfil diverse business functions and processes, thereby heightening the susceptibility to supply chain attacks and data breaches stemming from third-party vulnerabilities.

Measures to tackle TP risks: To mitigate such risks, organizations must conduct thorough vendor risk assessments and due diligence processes to evaluate the security posture of third-party vendors and assess their compliance with best practices. Furthermore, regular monitoring of information flow tothird-party vendors, coupled with routine audits of third-party activities, is essential for the timely detection and mitigation of potential risks.

Cloud Security Challenges: The integration of cloud computing, cloud storage, always-on smartphone applications, and Software-as-a-Service (SaaS) solutions presents novel security hurdles for BFSI organizations, encompassing concerns related to data privacy, compliance, and unauthorized access.

Measures to address Cloud Security: Financial institutions must prioritize the implementation of robust cloud security controls and encryption mechanisms to safeguard sensitive data stored in the cloud. Furthermore, the activation of audit trails across all cloud services, periodic review of security policies, and the establishment of methods for detecting anomalous activities within cloud environments are imperative steps toward bolstering cloud security defences.

Regulatory Compliance and Data Privacy: The introduction of the DPDP bill has compelled BFSI organizations to adhere to rigorous regulatory standards and data privacy laws, underscoring the importance of safeguarding customer data and upholding trust and confidence in financial systems’ integrity.

Measures to comply with DPDP: To fulfill these mandates, BFSI entities must deploy enterprise Data Loss Prevention (DLP) solutions to adhere to stringent cybersecurity protocols and procedures, thus ensuring alignment with regulatory mandates. Moreover, conducting regular compliance assessments, facilitated by external auditors, is essential to guarantee adherence to regulatory frameworks and guidelines.

By proactively addressing the above threats and implementing effective cybersecurity measures, financial organizations can strengthen their resilience to cyberattacks and safeguard their critical assets, data, and reputation in an increasingly digital and interconnected landscape in India.

Leave a Reply

Your email address will not be published. Required fields are marked *