Amid rising India-Pak tensions, key financial and market institutions tighten cybersecurity

As a result of escalating tensions between India and Pakistan following the Pahalgam attack, public institutions are maintaining heightened vigilance over the security of their digital infrastructure.

The Bombay Stock Exchange (BSE) and National Stock Exchange (NSE) have taken precautionary steps, including geo-blocking international access to their websites, as reported by Reuters.

BSE, a “market infrastructure institution”, said that it has placed this temporary restriction as a precautionary and protective measure. Additionally, a circular from the bourse on Wednesday, citing an advisory from nodal agency Cert-In, asked market participants to practice precaution. The circular highlighted cybersecurity threats targeting Indian organisations within the banking, financial services and insurance (BFSI) sector.

“Financial Market Infrastructures (FMIs) like BSE and NSE are foundational to the financial ecosystem, and a successful cyberattack on an FMI could paralyse financial markets, delay settlements, and trigger a domino effect across global economies,” said Chetan Jain, Managing Director of cybersecurity company Inspira Enterprise. 

FMIs are high-value targets as they process large volumes of sensitive financial data. They are also connected to multiple institutions, increasing the attack surface. The BSE has particularly advised participants to take caution against potential cyber risks like ransomware, supply chain intrusions, Distributed Denial-of-Service (DDoS) attacks, website defacement, and malware.

Beyond the stock exchanges, the finance ministry has reportedly also asked other major financial institutions such as the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), and banks to ramp up vigil and cybersecurity measures. Experts say that amidst heightened geopolitical tensions and war-like situations, the digital infrastructure of critical institutions is often at high risk of cyber attacks.

“Financial damage has a trickle-down effect as it impacts a running economy. Pre-emptive approach to cybersecurity offers a new form of “defence in depth”. This layered defence can combine obstacles, deceptions, intelligent simulation, and predictive capabilities to significantly elevate the security posture,” explained Apeksha Kaushik, Principal Analyst at Gartner.

Cybersecurity experts believe that solutions such as the implementation of zero-trust architecture; deployment of tools such as Artificial Intelligence/Machine Learning (AI/ML)-based intrusion detection systems (IDS) and endpoint detection and response (EDR); and robust business continuity and disaster recovery plans could help offer better security proposition to such critical infrastructure.

“The identify-prioritise-remediate cycle keeps risk low and uptime high. We advise every organisation to follow the same playbook: start with geo-fencing, then pair continuous discovery with automated remediation to stay secure,” suggested Ashish Tandon, Founder and CEO of cybersecurity firm Indusface.