$1 Billion. That’s how much hackers tried to steal from Bangladesh Bank. How did they do it? It wasn’t a Fast & Furious style heist. All it took was a malware attack that allowed the hackers to send fraudulent transfer instructions via the SWIFT network. Only a typo in one of the instructions stopped the robbery, though the hackers still stole $80 million.
The BFSI sector is a popular target for cybercriminals. Why? Let’s look at a few reasons:
- Stealing money – This is easy to understand. That’s what happened to Bangladesh Bank
- Stealing customer data – Now that data is considered to be the new gold, hackers target financial institutions to steal their customer data. Equifax suffered a data breach that exposed the personal information of 147 million people
- Ransom demands – As financial services are a critical part of the economy, they are likely to pay ransom to be able to resume operations. A Canadian insurance company paid $950,000 after a thousand computers were hit by ransomware
IT infrastructure is an essential part of 21st century financing, and protecting IT assets from cyberattacks has become a priority for the BFSI sector. The RBI has even provided guidelines on cybersecurity to advise banks on securing their devices and networks.
What The BFSI Sector Should Know
- All financial institutions are vulnerable – The size or complexity of your operations doesn’t matter. This is because ransomware can be used to monetise attacks on a large number of small operations. Having said that, your facility is more attractive to a cyberattacker if you oversee a large number of transactions because the amount of data or money that can be stolen is greater
- Any device is vulnerable – If you use a computer or even a mobile phone for work, you are vulnerable. Phishing attacks target the user rather than the device, and even the most impenetrable device in the world will not protect you if you can be misled into transferring money to a cyber con man
- Attacks may come from within – Your employees, current or former, may use the information they have on your operations to steal money or data from you
- An attack may be inevitable – A study shows that 1 in 3 cyberattacks on banks is successful. This is because the attack surface keeps increasing as the world becomes more connected. You should be prepared for a worst-case scenario
Therefore, a comprehensive cyber defence should cover your entire operations, all devices, all users, and have a contingency plan if an attack is detected.
What The BFSI Sector Should Do
The first and most important step is creating a cybersecurity policy that should be followed by all stakeholders. The RBI Cybersecurity Framework, though authored specifically for banks, offers detailed guidelines on what a financial organisation should consider when trying to build cyber defences. Some essential measures may slip through the cracks when such policies are implemented, so we will highlight them here:
- Audit all Devices – You must know the number and nature of devices that can connect to your organisation’s network. This includes vendors’ devices, hired devices, employees’ personal devices (you may be surprised by how many mobile phones connect to your office Wi-Fi) and devices that often slip under the radar such as routers and printers. This is your attack surface. Now block all devices that do not need to access your network. Minimising your attack surface is critical to keeping your operations cybersafe
- Secure all Devices – Now that you know all the devices on your network, ensure that all are secured. There are several important elements to device cybersecurity
- Physical Security – This is particularly important for mobile devices, such as laptops, that can be stolen relatively easily. These devices should be tethered to a desk or otherwise physically secured when not being transported, and have security software installed that can either locate the device or erase data if the device is irretrievably stolen
- Password Protection – This may seem obvious but data breaches through unsecured servers belonging to some of the most famous companies in the world make headlines repeatedly. Every device should be locked by a password that isn’t the default password, isn’t recycled, and isn’t an easy-to-remember but weak password
- Patch Update – At the other end of the obvious scale, updating all devices with the latest patches supplied by the manufacturers is an easy but often overlooked way to secure digital devices
- Secure all Locations – Financial institutions often provide services across many regions and demographic segments. Branches in some far-flung locations may not have adequate cybersecurity because they use low-power devices that struggle to run advanced security software and low bandwidth makes it difficult to receive security updates. As such devices can still transmit malware throughout the organisation (all it takes is one email with an infected attachment) we recommend using cybersecurity products that are designed to have low system impact and consume minimal bandwidth when delivering updates
- Restrict Application Installation – Applications installed on the device can also open the doors to a cyberattack as they may have exploits that a hacker can use. A whitelist of approved applications that can be installed should be created and installation of these applications should be allowed only if the user’s role requires that tool. Installation of applications can be restricted through suitable cybersecurity software
- Restricting Individual Access – Access to devices, networks, and data should be restricted to those who require that access for their roles/responsibilities. Sharing of access credentials should be strictly prohibited and access should be revoked as soon as it is no longer required, such as when an employee leaves the organisation or accepts a new role within the organisation
- Implement Antivirus – The RBI Cybersecurity Framework stipulates updated antivirus protection for all servers and endpoints. This can be implemented with an appropriate cybersecurity application that includes comprehensive antivirus protection
- Containment Strategy –If a cyberattack or even inadvertent data breach does occur, having a containment strategy will help mitigate damage. This strategy should cover basic steps, such as disconnecting the network cable from the affected machine, as well as internal reporting matrix and regulatory disclosure requirements
K7’s enterprise Endpoint Security (EPS) has created secure IT environments for our BFSI clients through AI enhanced antivirus, low system impact and bandwidth consumption, application installation restriction, scanning and blocking of removable media, and many other cybersecurity features. Contact us to learn more about how we can help you comply with RBI guidelines and cybersecure your IT infrastructure.