Digitization in banking sectors empowers customers, enhances customer experiences and facilitates them with many more one touch facilities, but cybercriminals continuously try to exploit any weaknesses they can find to make a advantage using different attack methods like Trojan, Malware, ATM Malware, ransomware, Mobile banking malware, data-breaches. Cybercriminals continue to advance their tactics and becoming more sophisticated; McAfee labs report 2019 research shows companies face 504 new cyberthreats per minute. Banks and financial institutions are prime targeted of cybercriminals, malware and DDoS attacks has been increased in recent times. Today, Rakesh Kharwal, Managing Director, Cyberbit India explains cybersecurity threats in banking sectors and how advances technologies can help to tackle any security threats.
Question: What are the major cybersecurity threats for banking sector in India?
Rakesh Kharwal : Banks in India have rapidly adopted newer technologies with the underlying objective of increasing revenues and hence, the banking system needs to prepare itself to address the risks and challenges arising due to the embryonic nature of such technologies. Some of the key threats for Indian Banks are as follows:
1. Security Awareness Remains Low and Lack of Skilled Professionals: At present, the global cybersecurity market is facing an acute shortage of cybersecurity professionals. According to IBM, India itself needs at least 3 million skilled industry professionals as of now, while the supply is short of 100,000. Another study by Cybersecurity Ventures points out that the global economy is estimated to lose $6 trillion annually by 2021 due to cybersecurity exploits and other cybercrimes. Awareness amongst internal employees remains the first line of defense. However, not many firms invest in training and improving cybersecurity awareness levels within the enterprise.
2. Sophisticated Threat Actors and enhanced targeting of banks: There are many instances of recent episodes of malware attacks, brought home the rising menace of ransomware. Traditional signature-based solutions are no longer enough on their own and are prone to zero-day attacks. Banks and other financial institutions must invest in technology that can recognize and prevent the practices and actions used in exploits.
3. Social Media: The growing adoption of social media leads to more potential for hackers to exploit. Many a user puts her data out for anyone to see, which can be potentially exploited to attack the user’s organization. Proper training and instructions should be laid for employees regarding social media policies.
4. Social Engineering: Social engineering attacks are designed to trick your employees into granting access to systems or divulging information that helps attackers gain that access through low-, or often no-tech means. Social engineering attacks can come in many forms — by phone, email, snail mail, in person or through social media. So, it’s important that you train your employees to be wary.
Question: Trojan, malware, ATM malware, ransomware, mobile banking malware, data-breaches, and the advancements of cybercriminals, how cybersecurity leaders will tackle these threats?
Rakesh Kharwal : Cybersecurity threats, specially to banking sector has been increased in recent times, cybercriminals are constantly evolving their attack strategies and methods. Cyber attacks will always try to exploit any weaknesses they can find to make a profit from your business’ hard work using different attack methods like Trojan, Malware, ATM Malware, ransomware, Mobile banking malware, data-breaches. Banking institutions or in fact all enterprises always focus on preventing cyberattacks, however uncomfortable reality is that attackers are gaining entry with relative ease and are undetected for an average of 200 days, according to report by MELANI.
Our advice for Indian BFSI CIOs is to invest in detection tools and data lakes platforms because BFSI organizations that are running solely with prevention tools at the end-point layer will not understand that there might be a zero-day attack and threats residing at end-point. Sophisticated solutions such as EDR which incorporates capabilities like continuous monitoring, behavioural analytics, machine learning, allow for more precise identification, while keeping the occurrence of false positives to a minimum. This approach enables these novel solutions to detect even the smallest of an anomaly within the network or a user’s behavior.
Question: To enhance customer experiences Banks integrate their system with 3rd party vendors, does this also create new risks?
Rakesh Kharwal : Banks are increasingly turning to third-party vendors to acquire the best of the technologies to provide seamless customer experience. However, most of the banks do not know how their IT partners work and do they have the right security policies in place for oversight and monitoring or not. Banks also lack resources to police every vendor they work with or to monitor external vulnerabilities and networks. Therefore, there should be a proper third-party vendor assessment before onboarding them and score them based on questionnaire answers. By setting certain expectations for third-party vendors in terms of security and privacy, banks can make sure their security efforts are kept intact and they do not pay the heavy price. This should be incorporated as a part of cybersecurity awareness inside the organization to beat any cybersecurity threats.
Question: Further demand to adopt AI, cloud, chatbot, IoT, are these bringing more opportunity or more risk?
Rakesh Kharwal : Cybersecurity is a cat and mouse game and I must say that technologies like AI, IoT can help malicious actors scale. Artificial Intelligence could be leveraged for nefarious activities such as the creation of an ever-evolving malware designed to infiltrate computer networks. The other potential cybersecurity threats include social engineering attacks, hacked and weaponized autonomous vehicles, theft of sensitive data from government and private organizations, banking sectors, political interferences such as misinformation campaigns, and much more. We have seen a plethora of botnet attacks and machine learning-based TTPs including TaskRabbit, Nokia, WordPress, Marriott scam, and many more, wherein AI botnets help attackers in gaining access to devices and performing attacks without getting caught.
A number of these embryonic technologies, including IoT (used in smart appliances), and the subsequent network perimeter created using them, directly increase the attack surface of an organization. Technically, any digital enterprise is vulnerable to wide-ranging threats. Artificial Intelligence can play a pivotal role in protecting organizations from cyber-attacks without fail.
AI algorithms are extremely proficient at examining data traffic, identifying the outliers in data patterns, accommodating an enormous volume of alerts, and automating the manual, repetitive, and fatigue-causing tasks. Another great use case of AI is the administered learning by which systems learn to detect threats by making judgments based on the data fed to them.
Organizations should, ideally, implement a combination of detection and response tools alongside AI and ML capabilities to have an upper hand against cyberattackers. Tools such as AI-based EDR (Endpoint Detection and Response) are proving themselves to be a game-changer since they are able to even detect the attacks which are bypassed by conventional cybersecurity tools. Therefore, AI will bring more opportunities considering enterprise adopts AI coupled tools.
Question: How technology can help combat cyberattacks?
Rakesh Kharwal : The answer lies in data. Irrespective of how sophisticated and undetectable any attack is, it always leaves a certain trail of data. Such data trails can be analysed to find out the root cause of the problem (vulnerable nodes), the TTPs (Tactics, Techniques, and Procedures) used, and the effective detection and remediation for future incidents.
So, you can easily detect and block exploit of cyberattackers before they drop the payload. The relevant parts of this detection and remediation processes can be driven via automated solutions, whereas, the others can be managed by the in-house SOC.
Technology is today even enabling SOCs to develop better collaboration amongst resources and upskill them with the leading threats and their individual remediation. For instance, Cyber Range simulates attacks in a controlled environment, wherein the SOC team gets to use its in-house tools to effectively circumvent incoming attacks, much like fighter pilots train use simulators to train themselves.
This enables us to go a step ahead of ‘Baptism by Fire’ approach, wherein a cybersecurity profession gets to know dynamics only during real-life attacks.
Question: Tell us more about Cyberbit and how it is playing an important role for cybersecurity segment?
Rakesh Kharwal : At present, the global cybersecurity market is facing an acute shortage of cybersecurity professionals. According to IBM, India itself needs at least 3 million skilled industry professionals as of now, while the supply is short of 100,000. Another study by Cybersecurity Ventures points out that the global economy is estimated to lose $6 trillion annually by 2021 due to cybersecurity exploits and other cybercrimes. This indicates the urgency as well as the scale with which we must take countermeasures within the industry.
On the contrary, the dynamism within the IT sector is making it more difficult to address such challenges. All attack vectors and TTPs (Tactics, Techniques, and Procedures) need to be understood with in-depth expertise to counter and remediate an ongoing attack. However, our current cybersecurity workforce is not well-versed with a majority of TTPs, making it more difficult for them to effectively remediate an ongoing attack.
This is where our cyber Range product makes a massive difference. It trains cybersecurity professionals in a hyper-realistic simulation environment with SOC-like (Security Operations Center) setting. This effectively amplifies the cybersecurity team’s skills and brings visible improvement in terms of teamwork. Our Cyber Range solution also helps organizations to reduce onboarding time for fresh talent and can further be leveraged by educational institutes to train their students in a real-life atmosphere.
Another challenge that we resolve is the volume of alerts and technological tools that a cybersecurity professional typically must face. SOAR, also known as SOC 3D, streamlines the security operations by integrating multiple tools in a single screen and automating incident response playbooks. This effectively decreases the time-to-respond by up to 90% while tripling the capacity of a SOC.
Cyberbit’s ICS/SCADA Security, on the other hand, addresses the gradual convergence of IT, OT, and IoT networks. It eliminates end-to-end security risks associated with the networks of Industrial Control Systems (ICS) – such as electric grids, transportation systems, manufacturing lines, power plants, etc. – where a cyberattack can put lives on potential danger and cause environmental damages.
Lastly, several recent cyberattacks have indicated how easy it can be for evasive attacks to bypass firewalls and anti-malware systems. We have developed our EDR solution with Artificial Intelligence or to be more specific, its subset Machine Learning to detect attacks that can evade conventional systems. This approach is further refined using behavioural Analytics to detect anomalies and hence, any potential threat.
Question: What are your key products and offerings for the sector.
Rakesh Kharwal : Cyberbit provides military-grade cybersecurity solutions including behavioural-analysis-driven ‘Endpoint Detection and Response (EDR)’, ‘Security Automation, Orchestration, and Response (SOAR)’, ‘ICS/SCADA Security (OT Security)’, and world’s leading ‘Cyber Range’ platform for simulated cybersecurity training. Since India is aggressively digitizing, our vision is to eliminate all emerging cybersecurity challenges so that they do not become a roadblock in this development. We have also envisioned to create India a pivotal hub for global cybersecurity training.
Question: How Cyberbit leaders considering Indian market, what are your further action plan?
Rakesh Kharwal : Our top management considers India as an important market and has very aggressive plans for it. We plan to grow over 10x in the next 12 to 18 months. Our emphasis is on value creation and helping critical businesses to be more secure. At present, we are eyeing major business verticals such as Top Banking and Financial sector, cyber cells, Government entities, Major IT/ITeS, and so on.
Our vision is to make India a global hub for cybersecurity training. This can only happen if we bring positive reforms across all aspects that affect the industry. Both education and cybersecurity awareness are integral in this context. In terms of cybersecurity awareness, we believe that the entire industry is working collectively to apprise organizations and individuals about the consequences that such a cybersecurity exploit can have on an organization.
Organizations are also becoming more attentive to cybersecurity challenges as large-scale cyberattacks are surfacing across the horizontal market. In terms of education, state-of-the-art solutions like Cyber Range are bringing positive change on the ground. They are also being deployed by forward-looking educational institutes given the value it adds for their students and to their subsequent career.
Question: How adopting advance technology and security system can help banking sector to tackle cybersecurity threats?
Rakesh Kharwal : Today, organizations are facing several unconventional TTPs (Tactics, Techniques, and Procedures) such as fileless attacks, signature less attacks, and APTs (Advanced Persistent Threats). We see a recurring trend where malware compromises an organization, however, the actual breach only gets detected after damage is done, because it is executed gradually while staying low and ‘under the radar’. However advanced solutions like EDR solution, can help enterprises detect most evasive attacks using behavioural analytics and Artificial Intelligence, thereby detecting attacks that are missed by conventional solutions. EDR lowers analyst entry level by automatically providing insightful visualization that affords first-tier analysts a deeper understanding of the threat. EDR incorporates forensics and investigation capabilities provide analysts with great visibility throughout their networks, supports investigation and analysis process. Therefore, automates the analyst’s work, allowing analyst teams to save time quickly identifying the entire threat lifecycle.
Therefore, An EDR solution has become a necessity for enterprises, especially financial institutes and government organizations, as threat groups utilize advanced tactics to infiltrate their infrastructure and, subsequently, their data.
Question: At last, do you have something to say to cybersecurity leaders from Banking sectors?
Rakesh Kharwal : To protect system and to tackle any cybersecurity threats, our advice for Indian banking and financial sectors is to invest in detection tools and data reservoirs because BFSI organizations which are running solely with prevention tools at the end-point layer will not understand that there might be a zero-day attack and threats residing at end-point.
The other important criteria while selecting solutions for sensitive organizations like financial institutes is to have air-gap compatible solutions which can keep their infrastructure isolated and protected from the open environment.
Secondly, train cybersecurity team using a simulation platform to get the best value out of implementation of security solutions. Thirdly, they need to have robust (and rapid) incident response plan deal with any possible attack scenario.