Cyber crime is one of the most reported crimes globally as on date. It is said that the chain is as strong as the weakest link. As the automation and ease of access to online data increases, so does the vulnerability of such systems.
Being Asia’s third-largest economy, Indian bank systems strive to be robust and secured. Still, they are under threat with advancement in technology, cyber attacks continues to plague and hackers go for easy money.
As Indian banks are poised for growth they are more susceptible to data leaks and external/internal threats to the automated system. Recent spate of such frauds point towards both weak procedures as well as the human angle. The casual attitude of dealing towards cyber security poses a big threat to the banking system. In the tussle for digitiastion and being cashless, many business houses are doing digital transactions without any security measures. Thus, there are numerous questions to ponder:
Today’s technology leaders – Chief Technology Officer (CTO), Chief Information Officer (CIO), Chief Information Security Officer (CISO), or IT-Head of any technology company or any bank, face new set of challenges. Can they guarantee that system is 100 per cent secure? Can they indemnify its customers against such risk? It has to be a complete ownership.
Is such assurance possible? If not then why this digital Push? What assurance should we expect? Tomorrow 1000000 can become 000000010 i.e. Rs10.
So many hacks are happening on the system managed by best of the brains, isn’t this risk too high?
The bank chooses to go for a digital payment system. A digital transaction is almost 50 times cheaper than a physical bank transaction. But on the flip side millions of accounts can be compromised with a single hack. Mostly, the cyber attacks are successful because banks have limited knowledge of tactics of hackers and their modus operandi. This gets further compounded due to their inability to develop any counter measure.
Some experts opine that no CTO or CIO can guarantee zero violations. CISO job is critically at risk. In India, there are multiple cases where CISO of a bank got sacked without notice. The issue is critical and the industry is still silent on it thereby passing the risk to customers.
Another experts believe that nothing can be fool proof one can only reduce the risks to an extent. As, it is difficult to ensure the absence of Non Performing Assets (NPA). How does one put an upper ceiling to the cost of doing a business? What’s the acceptable amount of risk that one is willing to take? In real world even the top lock manufacturing companies cannot guarantee their lock to be 100 per cent pick proof. Practically it is not possible, and the same goes for antivirus protections. No firewall or shield is 100 per cent impenetrable.
A digital push is required; because technology is evolving and so are the people. But nothing can be 100 per cent accurate or sure. One thing that is possible is an indemnity that can be given to customer, and at the same time an indemnity and assurance from technology provider is a must.
Can a CTO be sure 100 per cent or his team can give such assurance? That’s impossible because approximately 60 per cent of technology product bank use is either rental/shared module. This leads to no access to codes. The remaining 40 per cent of product which are licensed with Core Banking Solution (CBS), Switching Technology, etc. even then the bankers don’t have capability to check the codes which runs to million of lines. Even with access to sources code, we need people who have developed the product to understand the code and close the gaps.
Maximum cases of cyber attack are due to staff collusion with hacker or customer hacker collaboration. Most of the time hacker gives some external device, which is linked to the banks infrastructure through staff, and they enter the banks system. Mostly, it is done at a small bank branches and then hackers try getting closer to banks core-main systems. They spend years in the system and slowly move to their target. No amount of training/controls put around the system can stop cyber attacks.
Though, it is understood no system is foolproof, however, there are plenty of software/hardware tools available to secure, monitor and track an unwarranted sneak into the system. It is incumbent on the banking institutions to ensure robustness and of the system and security of users assets. A security is always a journey-never a destination. You can never say that you are fully secured. The risks, threats and vulnerabilities are required to be analysed regularly.
Like in our house, can we say that there will never be any theft (external attacks) or can we say that the cupboard keys being handled by parents (administrators). It will never be stolen and misused by some other family member (internal attacks) or can we say that all the outsiders coming to our house will behave properly (guest logins)? Do we regularly change main gate locks so that if anyone creates a duplicate key he will not be able to use that? No, we don’t. There are risks all over and we take sufficient precautions in every situation.
Now, coming to the other side of the story, where customer’s interests are safeguarded. Yes, this is possible if there are checks and balances. Banking as well as cyber security checks and preventive mechanisms exist. There are solutions to control and monitor access on sensitive database columns and advanced malware floating in the network.
Regarding indemnity, although banks cannot issue blanket indemnity to customers (since many times in the past phishing scenarios were induced by bad customers with collusions) RBI has created that safety net for the customers. If one finds that his account has been debited in an unauthorised manner and complains, he is bound to be repaid by the bank.
Frauds can always happen – either by collusion among employees or by hackers. But if CISOs keep the basic controls tightly implemented and spread awareness properly to employees and customers, everyone will know how to remain secured.
According to Anuradha Panditrao, Founder of Forum of Industry Academic and Knowledge Sharing (FIAKS), says that cyber attacks can be minimised to a great extent by following the ancient trick of Chanakya called “Disguise”. She said that banks had started building many dummy servers in and around main servers to disguise them from hackers. To the hacker, it looks the same and he gets into the trap. Need of the hour is that the government should enforce strict cyber security guidelines to the banks.
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.