Cyber security experts on Tuesday questioned the preparedness of the Indian banks in case of a massive security breach involving funds, stressing that state-of-the-art security systems are the need of the hour.
Hackers siphoned off a whopping Rs 94.42 crore from the Pune-headquartered Cosmos Cooperative Bank Ltd — the second oldest and second biggest cooperative bank in India — to foreign and domestic bank accounts.
According to Nikhil Bedi, Partner, Deloitte India, robust security systems and incidence response capabilities are imperative for all companies and financial institutions that are custodians of customer data and customer assets, including funds.
"While there is growing awareness to regularly update an organisation's cyber preparedness and defence mechanisms, a large number of institutions wake up to this reality only post an incident which often leads to a loss of reputation and/or financial misappropriation," Bedi said in a statement.
In 2016, a malware-related security breach was reportedly detected in the non-SBI ATM network, following which the public sector lender blocked around six lakh debit cards.
An estimated 30 lakh-plus debit cards issued by various public or private banks were exposed to a potential risk of data breach.
Cyber attacks today are multi-pronged and can start with a malware being downloaded into a system or via a web application being hacked.
"This is a big challenge specially for banks, where it is no longer sufficient to protect just your data centres and your headquarters, you have to protect ATMs and branch offices in addition to securing incoming data even from affiliated organisations," cautioned Anshuman Singh, Senior Director, Product Management at Barracuda Networks Inc.
US-based Barracuda Networks is a leading provider of cloud-enabled security and data protection solutions.
In the case of Cosmos Bank, a proxy switch was created and all the fraudulent payment approvals were passed through the proxy switching system. Normally, the Core Banking System (CBS) receives debit card payment requests via its "Switching System".
According to bank officials, the malware attack was on the Switch System which is operative for the payment gateway of Visa/Rupay debit cards and not on the Cosmos Bank's CBS so the customers' accounts and their balances were not affected.
The banking, financial services and insurance (BFSI) domain remains most vulnerable to cyber threats.
"Regulators need to develop a risk management framework, including adequate threat response strategies and define the chain of command in case of a security breach," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer at Pune-based Quick Heal Technologies Limited.
"Hiring chief information security officers must be made mandatory for players in the BFSI domain. The sector should also run regular security protocols and simulations to test their incident response capabilities," Katkar told IANS.