The banking industry, or the broader financial services sector, is akin to the central nervous system of a nation’s economy. Every organisation requires a secure and reliable banking experience to facilitate its business activities. Given the important position this critical infrastructure sector holds in our lives, it becomes paramount for banks to focus on all aspects affecting the security and integrity of financial transactions, contracts, and services.
In 2021, India’s Computer Emergency Response Team (CERT-In) reported more than 14.02 lakh cyber security related incidents in total. While the targeted organisations comprise many sectors, the financial services sector consistently ranks among the most targeted sectors. The CERT-In has also informed the Parliament regarding a total of 2.9 lakh cyber security incidents related to digital banking reported in 2020.
As India rides on the wave of digitisation, our banking sector can be seen incorporating wide-ranging digital technologies. With the sudden onset of the pandemic, several banks had accelerated their digitisation drives in a short period of time for various services, including customer onboarding through video KYC, outward remittances, payment collections, contactless payments through UPI, payment apps, digital wallets, and more. With the rapid digitisation of the banking industry, cyber threats and attacks have become more pervasive and sophisticated.
The worrying state of affairs
From phishing scams to advanced ransomware extortion threats, from credit card data theft to sophisticated impersonation fraud, from distributed denial of service (DDoS) attacks to ATM jackpotting, the threats facing the banking sector are immense and continuously evolving. The constant threat posed by cybercriminals has compelled banks to understand the importance of specific types of cyberattacks, and analyse patterns, complexity, and life cycle of the cyber threats they face on a daily basis to protect their business operations.
Banks not only need to consider the cyber risks to their technology infrastructure, but also their employees, business partners, vendors, and customers. The cyber threat landscape comprises many malicious actors, including organised cybercriminal gangs, nation-state hackers, hacktivists, and rogue insiders, with motives ranging from financial or data theft to extortion, espionage, and service disruption. Indian banks need to upgrade the maturity of their cybersecurity operations to tackle this growing number and scale of cyber threats.
The banking industry relies on many legacy tools and systems that were created in the early days of core banking. As banks move from legacy mainframe applications towards applications deployed on a dynamic cloud-native infrastructure, the security risks and priorities also change drastically. Banks require a much more holistic approach to cybersecurity that encompasses all these diverse assets spread across different types of infrastructures.
Security teams at Indian banks are faced with a huge number of threat alerts on a daily basis that requires their intervention for appropriate mitigation measures. If security teams take time to implement mitigation measures after an incident has been reported, it leaves room for the attackers to cause damage to the bank’s systems and networks. Thus, it is imperative for banks to proactively counter all relevant threats by efficiently using the human and technological resources at their disposal.
The way forward
A conventional Security Operations Centre (SOC) at large organisations like banks is formed of different teams responsible for incident response, vulnerability management, threat hunting, and other functions. These security functions often operate using different sets of tools and data that lack interoperability and collaboration. Due to the increasing complexity of this security stack, the overall efficiency of threat response and management has gone down for security teams.
Banks need to look toward building next-generation SOCs that integrate, streamline, and centralise their SecOps capabilities while maximising threat visibility and accelerating threat response processes. Considering the spread of modern technology infrastructure across cloud-based, on-premise, and hybrid environments, banks need to leverage technologies like Security Orchestration and Automated Response (SOAR) to drive security actions in a scalable and rapid manner. Additionally, to keep pace with highly resourceful and agile threat actors of today, banking organisations must operationalise threat intelligence to make smarter, forward-looking decisions when it comes to their cybersecurity strategy and to crystalise their daily SecOps workflows with a focus on the most relevant threats.
Embracing threat intelligence operationalisation
In order to take a proactive stance on cybersecurity, Indian banks need to start operationalizing threat intelligence to improve the readiness of their security operations against different threats. This means security teams need to leverage threat intelligence to prioritise and execute threat detection, response, and management processes to ensure a greater focus on the most critical threats.
The lifecycle of a cyberattack can be understood through different stages, including reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and data exfiltration. By leveraging strategic, tactical, technical, and operational threat intelligence in their security processes, banks can prevent cybercriminals from executing their attacks at an early stage, thereby minimising the impact on all stakeholders.
While collecting threat intelligence from different sources may be a straightforward task, it is much more difficult to operationalise the threat intelligence to improve detection mechanisms, response processes, and overall cybersecurity strategy. To achieve this, banks need to leverage automation and last-mile threat intelligence delivery to all stakeholders to drive security actions in a rapid and effective manner across their organisation.
In addition to this, threat intelligence sharing outside the organisation with industry peers, business partners, regulatory agencies, law enforcement, and information sharing communities (ISACs, ISAOs, and CERTs), helps collectively coordinate and execute security actions. This means no single institution is left to fend for itself against all kinds of cyber threats. Every incident affecting the sector provides learnings to improve the cyber defences for all organisations that are part of the sharing network.
Turning the tide with security orchestration and automation
Another key issue facing large security teams including those from financial services firms is that security teams often operate in silos separate from the IT teams, operations executives, senior leadership, and the rest of the organisation. Moreover, the lack of information exchange, communication, and collaboration among teams responsbile for different security functions like incident response, vulnerability management, threat hunting, and threat intelligence, leads to a fragmented and delayed response to cyber threats.
To counter this, financial services firms need to streamline and integrate their security operations through the use of cyber fusion centers (CFC) and advanced security orchestration and automation (SOAR). CFCs enable diverse security functions to operate under a single, connected umbrella that enhances cross-functional collaboration, provides unparalleled threat visibility, and simplifies governance for security managers and CISOs. Unlike legacy SOCs, CFCs are designed to enable scalability and interoperability in various security use cases.
Through the use of SOAR solutions, security teams can carry out automated threat response and management workflows across their cloud-based, on-premise, or hybrid IT and security infrastructure. This greatly reduces the burden on security teams who otherwise have to deal with a lot of manual, repetitive tasks in their daily operations. It also reduces the time taken to detect and respond to various threats by removing bottlenecks and automating time-critical actions across all security processes. Furthermore, the concept of a cyber fusion center enables the integration of diverse security functions under a single roof, thereby greatly boosting threat visibility, improving collaboration, and simplifying security governance, among other benefits.
Lastly, Indian banks should also focus on threat information-sharing practices among all their industry stakeholders to enhance their collective defence. In this way, banks can join hands to help each other fend off critical threats in real-time.
The Indian banking sector faces growing cyber risks to its digital platforms, customer data, and operational integrity. In light of this, CISOs and other senior leadership at banks must look to increase their investment in the people, processes, and technologies involved in their cybersecurity operations. By leveraging threat intelligence operationalisation, security orchestration and automation, and cyber fusion, banks can drastically strengthen the cyber resilience of their infrastructure, services, and operations going forward in 2022.
Akshat Jain is the chief technology officer and co-founder of Cyware.