Cyber Security in the Word of Finance

Amit Ghodekar, VP - Information Security, Motilal Oswal Financial Services Motilal Oswal is India’s leading online share trading company providing services such as Private Wealth Management, Retail Broking & Distribution, Institutional Broking, Asset Management, Investment Banking, Private Equity and many more for their clients.

After the Cyber-attack on Cosmos Bank, serious questions are raised on cyber security in the country in many Banking, Non-Banking Finance (NBFCs)and other financial services providers. In fact, these kinds of cyber-attacks are not new in the western world, and most of the major government and private institutions in the developed country are always in the list of cyber criminals, and these institutions have faced a modern major attack. Those institutes, which provide any kind of financial services are at the forefront of these cyber-attack. That’s why companies that provide banking or non-banking finance(NBFC)are the main targets for these hackers. Whether a malware attack in Iran’s Atomic Dispute Department or loot in Bangladeshi Bank or Cosmos Bank, it looks like it happened in some Hollywood movies, and then someone will question whether it is really possible? And are cyber criminals so intelligent today they can do such things? The answer is yes.

Expert cyber thief(hackers) has been mobilizing large-scale crimes in big financial institutions and other large organizations. Someone does these crimes in a much-planned manner and in such attacks, all hackers from different countries come together and an attack on one organization at the same time from various places in the world and share the benefits of the spoils. Bank of Bangladesh or Cosmos Bank has been attacked in the similar way. In such cases, where Loot & attacks are made from many countries, it is very difficult to reach the perpetrator and the original culprits besides there is no guarantee that the amount will be recovered. So, nowadays expert hackers are using same way for attacking.

We feel that such attacks have increased in our country, but the real reason is that in developed countries, such attacks are already taking place since many years in the world, due to which there are many such types of attack refund technology and
solutions available within them. That’s why the cyber criminals focuses on countries like Bangladesh or India, where cyber security is still in its childhood state and that is why their work become easy. Then it is natural for anyone to ask, what measures are needed to deal with such modern cyber-attacks? In fact, we also have many government courts and many regulatory agencies who work hard on cyber security. Like other western countries, we also have an independent body called CERTin (Computer Emergency Team of India) to provide information about these types of attacks and what measures should be taken. At the same time, the Reserve Bank of India has also introduced a separate cyber security framework for financial institutions like Bank and Non-Banking Finance (NBFC), two years back, with the same purpose, and that is, there should be no attack like Bank of Bangladesh in our country and even if it happens, it must be successfully withdrawn by such financial institutions. The Reserve Bank of India has introduced a separate division named RBEIT for research & development in cyber security and information technology. The cyber security framework of the Reserve Bank has asked for several provisions for cyber security. It includes modern equipments and technologies, as well as small cubes for cyber security. Cyber Security is the subject not only for the Department of Information and Technology, but this topic has now become known to the Board of Directors and the participants. This fact has been highlighted in the cyber security framework from time-to-time. Most of our organization, financial institutions like Big Bank and Nonbanking Finance(NBFC) are now strictly adhering to these rules and suggestions, so the organizations that provide financial services to us are safe, but their scope should be increased in a big way then only we can reach the next stage in cyber security.
Nowadays, there are many innovative technologies available in cyber security that can get rid of such sophisticated attacks. Earlier, computers were considered being safe if antivirus has been installed on it. But to tackle modern attacks, we have to use modern technologies. Malware like viruses has been present in our computer system for many years. But general anti-virus cannot detect such attacks; in such cases advanced persistent threat(APT)are helpful. In this technique, if a malware attacks a system in your organization, new ANTIAPT has developed a special technology to detect that. Likewise, different technologies are available for server security. All the controllers have asked to pay a lot of attention to the cyber security operations centres. All financial services organization should monitor and keep watch on their computer system by using modern technologies. If we find something objectionable in systems, then immediate action needs to be taken against it.

Honeypot or Deception technology has also been widely used in western countries for many years. This technology is considered to be the most advanced and most useful technology in the world. In this technology replica of a very important computer system has been created. Then replica is replaced with real main system. When hackers try to penetrate the replica system, assuming them as a real computer system, they are trapped by the Department of Information Technology. Many such types of modern technologies are available that can prevent cyber-attacking like the recent attacks on an Indian Bank. The unlimited use of the internet, a large number of increased Smartphone users, the new name of the new digital facility coming daily, will allow the computer system and its providers to be in the eyes of cyber bursts and small ignorance in cyber security can cause big financial losses. Now the incident of the cyber-attack on an Indian Bank, Cyber Security is looking for a new approach to look at it and this is a very big lesson for us.