The pandemic outbreak that brought adversities and challenges with it also helped in accelerating the digital transformation plan for industries across the globe by several years. However, this period also emerged as a safe haven for cyber criminals as fraudulent activities increased by multiple folds especially in the banking & financial sector. The financial sector has always been a prime target for cybercriminals. Rashi Aditi Ghosh of Elets News Network (ENN) recently interacted with Kartik Shahani, Country Manager, Tenable India to get clarity on BFSI sector’s cybersecurity maturity as compared to other sectors and why the financial sector has always been a prime target for cybercriminals.
1. How do UPI apps make the financial services sector vulnerable to cyberattacks?
To make an effort as huge as the Unified Payments Interface (UPI) function within a country requires the involvement of several parties including banks, merchants and service providers. Whilst this interconnected ecosystem is beneficial and makes financial transactions seamless, it expands the attack surface, creating new pathways for cybercriminals to perpetrate attacks. For instance, a cyberattack on any one of these parties can lead to malicious code being deployed into unrelated infrastructures in the connected system. If cybersecurity and risk compliance isn’t uniform across the board, its implications could significantly disrupt businesses.
Besides, most apps that parties within the connected ecosystem use may contain code from open source repositories that IT teams didn’t specifically write. The vulnerabilities and cloud misconfigurations in open-source dependencies, additionally pose significant security risks. Even if one of these open source dependencies has unpatched vulnerabilities, the chances are that the entire organization can become vulnerable to cyberattacks. Owing to this expanded attack surface it is critical that all entities involved maintaining the same level of cyber hygiene to establish a strong first line of defense.
2. Who is responsible for security — UPI apps or banks?
In an interconnected ecosystem that ensures UPI systems work, it is not about who is responsible for security. The more important tenet that organizations need to follow is ensuring that their cyber defense is strong so they do not land themselves in a situation where they have to justify who is responsible. All organizations in the UPI ecosystem need to focus on the best practices around cyber hygiene and core security principles as they help establish deterrence against attacks. This includes gaining visibility across the attack surface, focusing on preventing attacks and having clear communication of cyber exposure risk that helps make better decisions regarding security.
3. The RBI’s Payments Vision 2025 focuses on making fintech and UPI apps secure — Why is this necessary for India’s financial critical infrastructure?
The financial sector has always been a prime target for cybercriminals. It’s perhaps why cybersecurity maturity in the industry is higher compared to other sectors. But there is still a lot to be done as no organization is truly secure from cyberattacks, even the more mature organizations in the financial sector. Cybercriminals have always capitalized on personal data and this makes financial services a prime target given the type of information they use. For organizations in this industry, it is doubly critical to stay secure as cyberattacks could go beyond the exfiltration of data. If the attack compromises the digital infrastructure banks rely on, it could have adverse effects on the economy.
Also Read | Cyber attacks can paralyse business activities and halt businesses – Harish Madaan
Banks and other financial service organizations can begin by building cyber resilient infrastructure by gaining complete visibility into the attack surface. This gives insight into business and technical risks leaving organizations with a bigger picture on prioritizing defenses against the most likely attack vectors. The goal is to minimize the impact of an attack and also increase the incident response and recovery time. This ensures businesses stay cyber resilient and have the ability to bounce back quickly.
4. In what ways does cloud adoption give way to more cybersecurity risk?
Cloud environments are ephemeral and complex to secure. Although modern cloud apps are built with cyber resilience in mind, they do have vulnerabilities and misconfigurations that pose great risks. They allow threat actors to gain a foothold into the organization’s cloud network and breach critical business databases. Legacy security tools cannot evolve with the speed of the cloud. The only way to achieve resilience is if the cloud-native infrastructure has the ability to heal itself by codifying security throughout the software development lifecycle.
5. How is securing assets in the cloud different from securing traditional data centers and on-prem assets?
The transitory nature of the cloud makes gaining visibility into the attack surface challenging compared to on-prem data centers. The lack of visibility into how many cloud resources are running with misconfigurations and what is being changed directly in cloud runtime can compromise hosted apps and services. Another major risk in cloud environments is not implementing Access Governance, which creates an audit trail of who accessed what and when. Failure to implement Access Governance can result in attacks that can have a far-reaching impact on business.
Since there is no perimeter in the cloud, legacy processes are ineffective as it would be too late to implement security measures by the time the software reaches runtime. Mitigating cloud misconfigurations must be a proactive rather than reactive method so that security teams don’t have to wait for cloud infrastructure to be deployed to identify and eliminate vulnerabilities in code. With a proactive approach, security is embedded within the code itself during the development lifecycle.
6. How do outsourcing networks and remote operations make attacks easier for hackers?
Since 2020, we’ve seen a colossal increase in remote operations as the need for digital and flexible environments became the norm — for employees and also to provide customers with new mechanisms to continue to do business. Organizations stepped up cloud adoption and it continues to grow. But the quick shift to the cloud along with disparate remote users has resulted in a rapid increase in cloud breaches. Emerging technologies and the speed of cloud development, have opened up new attack pathways for cybercriminals. As organizations rapidly adopt cloud infrastructure, the attack surface expands and building cyber resilience becomes critical.
Also Read | Cyber-resilient network builds upon the inherent reliability of networking
7. What are some best practices businesses can establish to mitigate such risk and protect customers?
Cloud security solutions need to evolve at the same speed as software development. This is why cloud security posture management tools are becoming increasingly popular. Achieving resilience for the cloud requires the infrastructure to heal itself. Cloud infrastructure needs to be born secure. Developer-friendly cloud security posture management (CSPM) tools help detect misconfigurations early in the development cycle, ensuring that the security is embedded during development and runtime. Organizations need Infrastructure as Code tools that automatically generate the code to remediate risks so developers can mitigate them before the software is deployed. This helps security teams fix vulnerabilities without worrying about them at runtime. The right CSPM tools help organizations better understand security risks and drive advanced security threat modeling, breach path prediction and more.