Due to Covid-19 and the resultant consequences, the way businesses operated has changed. Cybersecurity is now the top priority for most organizations. Businesses are ensuring that the cybersecurity risks are taken care of and CISOs are involved in taking business decisions.
As the Indian BFSI sector goes through this paradigm change, CISOs are looking at redesigning cybersecurity to suit the situation, balancing digitization with security and educating employees and vendors alike.
“Considering the worldwide situation, where BCP strategy has changed and the new trend is working from home, we need to have a proper plan and prep for such lock down. We need to assess people, process and technology. You need to provide relevant facilities and organizations like the stock exchanges which are heavily regulated have to balance security too,” says Shivkumar Pandey, Group CISO, BSE.
Balancing digitization with security
With the advent of social distancing financial institutions are minimizing physical touch points. This means increased availability of digital touch points. To improve the ease of interaction customers would have to use more applications, chatbots and kiosks.
The pressure therefore on businesses to launch new applications and upgrades is on. But the important factor is building trust with the customer and ensuring the new initiatives are secure.
“The applications have to be user friendly. The design of any tool or app has to encompass the security functions into it so that it becomes an endpoint computing device. Each and every mobile app should act like a local security operation center and should have a minimal security function of detecting an anomaly in the transactions happening through that app or kisk,” says Milind Mungale, EVP and CISO, NSDL e-Governance Infrastructure.
Highlighting the importance of emerging technology he says, “Each and every chat should have minimal AI to ensure that the query for the bot is a standard practice and not an anomaly. That is how we will be able to match the requirement of the market, ensure digital touch points and protect the organization from cyber security threats.”
Tackling phishing attacks with awareness
A pandemic and its resultant chaos are breeding ground for various kinds of attacks. “Even in these cases user awareness is an important factor and so is the implementation of perimeter security,” says Vinay Tiwari, CISO, RBL Bank.
He believes basic hygiene should be maintained that entails tracking the perimeter, monitoring domain names, etc. “We have spear phishing reviews and internal assessment carried out. From a solution perspective, there will be some zero day which won't be detected by a single point solution, hence user awareness is key,” he adds.
The need of the hour is to move toward zero trust security architecture and it should be integrated with all kinds of security technologies, says Pandey. He highlights that remote work is easier to deploy in this culture.
“To mitigate any kind of phishing attack you need to have an awareness strategy in the organization. People need to be educated on the action and not panic and report the attack,” says Pawan Chawla, CISO, Future Generali Life Insurance.
The new normal requires us to mold our approach in a much deeper and stronger way and push people from a discipline perspective to report incidents, believes Shailendra Kothavale, CRO, Birla Sun Life Insurance. Ensure monitoring of activities without being intrusive, run predictive analysis and build red flag reports, he says.
“We also have to train our employees and vendors and do it smartly. In terms of activity, there has to be a tone at the top, a buzz in the middle and noise in the bottom,” he says.