| |August 20189CIOReviewThe public sector and BFSI organizations are popu-lar targets, given the extent and accuracy of their data-bases. During a discussion on cybersecurity at the State IT Secretaries Conclave held on 12th February 2018 by the Ministry of Electronics & Information Tech-nology, it was revealed that 40% of all cyber attacks and data breaches in India affect financial institutions, including banks.Regularizing social media paymentsAnother critical element here is the issue of third-party payments. WhatsApp for Business recently had an open release and WhatsApp Payments (currently in Beta) is also in the works. The catch is, NPCI (the National Payments Corporation of India) is restricting the roll-out, setting a low transaction limit. This raises several red flags, as payments leaders point out that WhatsApp is violating several security norms, such as mandatory login and password for every transaction.What this means for the BFSI segment is another layer of risks and vulnerabilities that need to be factored in. Any tie-up with third-party payment gateways needs to be carefully evaluated. A dual authentication system ­ biometric identification coupled with OTP, for example ­ would ensure safe transactions for the customer.Fighting digital risks, with digital solutionsHow could BFSI companies address all of these touch points? As regulatory bodies call for immediate steps, identifying and mitigating risks in their existing ICT (Information & Communications Technology) frame-works, how do we safeguard PII and financial data?Firstly, a well-articulated Information and Cyber Security Policy and a Cyber Crisis Management Plan (CCMP) needs to be firmly in place. This along with Information and Cyber Security Assurance Program would enable accurate and timely threat detection, mak-ing sure oversight is not repeated.Secondly, a Security Operations Center (SOC) should be assembled. This allows real-time monitoring of security conditions, via collaboration between differ-ent departments, from locating known threats and au-tomating response, to using advanced security analytics, this function plays a major role.Finally, at an on-ground level, BFSI ­ and insurance, to be specific ­ should set up Web Access Firewalls (WAF) to protect online resource libraries, databases, and real-time processes. Given our dependency on the Internet, web applications are often the first line of attack for hackers.Take a Distributed Denial of Service (DDOS), where your servers are flooded with bogus data streams, while the hacker takes remote control over the system. The WAF is configured to address DDOS attacks and much more, keeping your online channels secure.A BFSI provider's web portal is a big differentiator for sales, customer experience, and market reputation. Adopting a firewall preempts attacks and their inevita-ble ripple effect across the organization.Outlining an organizational stanceThe bottom line is this: is your organization infor-mation & cyber security-focused? With the BFSI segment facing multiple risks across digital chan-nels, are networks, web portals, and applications sufficiently fortified?As India's economy grows, the role of banking and finance players becomes more far-reaching than ever be-fore. That may be the very reason why the Insurance Regulatory and Development Authority of India (IR-DAI) has called for a strengthened cyber security frame-work and has issued guidelines on Information and Cy-ber Security for insurers. This should be part of the core organizational culture, where information & cyber se-curity isn't relegated to a siloed department or team but leverages company-wide awareness and collaboration.This could be as simple as regular debates and dis-cussion, which go a long way in preventing employees from falling prey to fraudulent messages. Regular audits, additional tech layers, and a robust response strategy is the next step, enabling a holistic risk and contingency plan at your organization. By mak-ing your business safer for your customers, you build stronger, long-lasting relationships with them, ones that are based on trust.Clearly, cyber security today is no longer an option ­ it is the need of the hour. As India's economy grows, the role of banking and finance players becomes more far-reaching than ever before
< Page 8 | Page 10 >