Bankers warned of data security being a war without borders
The Reserve Bank of India (RBI) is to come up with guidelines to address the ever-increasing threat of cyber-security.
“The RBI is to come up with guidelines,” said S. Ganesh Kumar, RBI Executive Director at the FIBAC 2017 in Mumbai on 6 Nov 2017.
He described security as a “marriage between convenience and confidence”.
Customer perceptions also keep changing, with the younger lot having a different view of privacy. This makes it difficult for the regulator. But RBI has taken up the challenge and is trying to keep ahead of the curve.
They have got a repository of data.
Kumar pointed out that the money loss in cyber theft is not very different from traditional money losses.
The conference heard various views on cyber-security but all agreed that it was a bigger threat for banks.
But a strong warning came from Neetu Chitkara, Principal, Boston Consulting Group.
“There are two types of companies: those who are hacked, and those who will be hacked,” she said at the opening of a panel discussion on ‘Cyber Security: Beyond Just Compliance’ at the two-day FIBAC 2017 conference.
Chitkara pointed out that “gone are the days when you could leave cyber security to the CSO or IT team.”
She explained that the problem now is so intense that it is the domain of the CEO or the board at the highest level in any organisation. “The number of records breached in 2016 was 1.8 billion.” And these are just the ones that are reported.
The hackers could be sitting anywhere on the planet, learning from the Internet and hacking in India. “It is a constant war without borders.”
Dinesh Kumar Khara, MD (Risk, IT and Subsidiaries), State Bank of India, also agreed that bankers were facing great difficulty in maintaining cyber security.
“Threats are of concern to any financial company. Our employees in core banking should be informed and must perceive this threat. Otherwise they are not vigilant enough.”
He also suggested that bankers should remain vigilant with their vendors. All applications must be insulated from risk.
Ms N S Nappinai, Advocate, Constitution, Criminal, Corporate, Cyber Laws, IPR / Author, ‘Technology Laws Decoded’, felt that cyber security is beyond compliance.
The banking industry comprises high trust verticals and looks for convenience. It aims to offer convenience and confidence. There is a fine balance between these two.
“Social engineering brings malware to your table,” she said, highlighting the greed not only of the criminals, but also that of the users.
“The human is the weak link.” In her opinion, prevention and protection are more important than punishment.
Peter Gartenberg, General Manager, Enterprise Commercial, Microsoft India was of the view that India is unique in that “the whole move to a perimeter-less environment from a security standpoint is here and now; that’s different from some of the other western countries. That has presented Indian enterprises with a unique challenge.”
Among other issues, Gartenberg identified the slow upgrade cycles. That facilitates exploitation of vulnerabilities in the software.
He advocated the use of Cloud which is a far more secure environment because it incorporates the latest features in terms of cyber security.
Debopama Sen, Managing Director, Head of Treasury and Trade Solutions, Citi South Asia felt it will be hard for institutions to be ahead of cyber criminals.
“They just have to get it right once, and we have to get it right every single time,” said Sen.
The working generation is still one of digital immigrants, not with the same mobility as digital natives. “It is work in progress,” she said, pointing out that the situation in India is not different from that in other parts of the world.
The emphasis is on training and simulation, so that everybody knows how to react in case of an incident.
Balsingh Rajput, SP Maharashtra Cyber, Govt. of Maharashtra wished to dispel two myths: one, that IT and cyber security are the same. “IT development and cyber security are two different fields.” The second myth is that cyber security is a technology problem.
“No. It is your business continuity problem.” If technology, processes and people work together, the system works well. If one of them misbehaves, there is a threat to business. He explained that technology won’t bring deterrence. “Deterrence is to the human, not to technology.”
Hence we must try to understand the enemy, and bring the law to bear. He felt that people should not be shy about coming to the police to report a cyber-crime.
Sriraman Jagannathan, Vice President, Payments, Amazon India observed that the concept of cyber security evokes fear. “If all of us deal with this topic as a fearful thing, majority will not engage with it deeply.” If cyber security is synonymous with fear, it will be difficult to contain in a rapidly changing world. It needs to be understood, and the desire should be to do better each time.
“An organisation that is going to get better at it will move faster.” And people will get better not from fear, but from learning. It is a continuous process of creating, classifying, and understanding patterns.
All the panellists agreed that implementation of cyber hygiene is important. fii-news.com