The Indian financial sector has seen a paradigm shift in more than a decade – wide-ranging financial reforms, financial inclusion, advanced risk management systems, sophisticated information technology infrastructure, and emergence of new financial products. Technology has brought about a fundamental shift in the way banking is done in India with CBS (Core Banking Solution) and online banking has opened new avenues for convenience banking. This has also led to a significant change in the orientation of the Indian public sector banks as they compete with their private sector counterparts.
Although technology has been a boon for the banking sector, it has also given headaches to CIOs as cyber security threats grew manifold. Most of cyber security issues stem from the customer’s ignorance and weak cyber laws in India. Some of the recent attacks perpetrated by cyber criminals are:
- Hacking:Unauthorized access to a computer or network.
- Viruses and worms:Computer programs that infects PCs/laptops programs by modifying them.
- Spam mails:Unsolicited mails sent to receivers.
- Trojan:A program that destroys programs or data on the hard disk.
- Denial-of-Service (DoS):Attacks that denying authorized access to a website or server.
- Malware:A software that takes control of an individual’s PC/laptop to spread spams or viruses to other devices.
- Phishing:Attacks designed to steal an individual’s personal and sensitive information including login ID and password.
- Card skimming:Duplication of information from magnetic strips of credit/ATM cards which are then used to siphon money at ATMs/transacted at retail outlets.
The increasing use of technology by banks coupled with online banking services through multiple devices, have made security management very challenging. Some of the emerging complexities are:
- Access of sensitive data from remote location: Security breaches caused by banking access through the use of non-approved smart phones and tablets could make the banks more susceptible to sophisticated crimes.
- Download of third party business applications: Use of applications lying outside the organization as well other cloud-based services is also a huge concern for financial institutions.
Hence Indian banks and financial institutions have to think beyond just securing their assets and build resilient capabilities around the systems such that it addresses and resolves all kinds of cyber threats. Instead of focusing at point to point security solutions, they should take a holistic view of security by implementing integrated endpoint security solutions. This is particularly suitable for public sector banks that have a nationwide branch network and a large customer base.
Endpoint security solution offers the best line of defense as it delivers a sound endpoint protection strategy. While simple endpoint solutions include firewalls and antivirus software that is distributed to end-user devices, but managed centrally, the more complex programs uses network access controls to validate user credentials and ensure compliance with specified corporate security policies, before allowing access to the network. It includes solutions such as intrusion detection and prevention, anti-spyware, and firewall that blocks unauthorized access. Endpoint solutions are easy to use and a client program is installed at every endpoint device that connects with the business network. A server of gateway hosts the centralized security program. Endpoints include desktops, laptops, smart phones, and tablets.
Some of the features of endpoint security solution are:
- Intrusion prevention:Advance defense mechanism detects attacks from various sources such as IDS/IPS, DDoS, and Port scanning attack and protects the network.
- Intelligent firewall:Blocks unauthorized access to business network.
- Web security:Blocks malware infected, phishing, and malicious websites.
- Web filtering:Enhanced web security that blocks Internet access to inappropriate, suspicious and unsafe websites.
- Email scan:Effectively scans the end-user inbox for spams, phishing attacks, and unsolicited email messages.
- Deployment and maintenance:Easy and hassle free deployment.
- Monitoring and reporting:Improves visibility of IT environment.
Security infrastructure is still at a very nascent stage in India. Today’s sophisticated cyber attacks indicate that antivirus cannot be positioned as a single protection strategy. Hence, endpoint security solution is the best line of defence covering everything within its ambit – from basic anti-virus and firewalls to remote managing network endpoints. It is of utmost importance that Indian banks adopt concrete and coordinated strategies to secure the end points in their networks in order to protect confidential customer data. Ignoring data security can only make headlines.