Indian banks reported 248 successful data breaches by hackers and criminals between June 2018 and March 2022; the government alerted Parliament on August 2, 2022. According to statistics by the cybersecurity platform CloudSEK, the majority of cyber events in 2021 and 2022 were targeted differently. While targeting global financial organizations and North America with equal fervor in 2021, there was a noticeable change in focus towards Asia relative to North America in 2022.
When it comes to attacks directed at Asia, India has been in the forefront of events. In the year 2022, the Indian subcontinent was the target of 7.4 percent of targeted attacks. India has become the new Asian hotspot for cyberattacks, whether it is against nationalized banks, cryptocurrency exchanges or wallets, NBFCs, or credit card data thefts. It can be linked to the pandemic's acceleration of the developing digitalization and online banking industries.
Has Digitization Left Loopholes for Cyberattacks?
Threats to the banking industry have grown more quickly thanks to digitalization and widely available banking services. Threat actors now have unparalleled access to the sector thanks to the blockchain and cryptocurrency industries' unprecedented rapid expansion. This, together with more recent and improved phishing techniques, has made it possible to target the banking sector with fresh and enhanced TTPs. Another dangerous aspect of the banking and finance industry is the dispersed character of stakeholders.
How to Foster Customer Trust and Transparency
Threats to this industry can lead to major loss of customer data and financial resources, not to mention reputational impact to the compromised organization since the public's knowledge of their vulnerabilities discourages them from luring new customers. It may occasionally also lead to data corruption and a disruption of operations. As a result, it is said that it is essential to maintain customer trust and transparency to have a solid relationship between banks and their customers. Here are some suggestions to foster customer trust and openness in the banking industry.
Clear and Transparent Policies: Customers should be informed of the bank's policies, terms, and conditions in an understandable manner. Make sure customers are informed of their rights and data protection alternatives, as well as how their personal data is collected, stored, and used.
Secure Data Handling: Strong security measures should be put in place and communicated to customers to safeguard their data from unauthorized access, breaches, and misuse.
Access and Control: Give customers access to and control over their personal information. Give customers the choice to see, update, or remove their data, and swiftly comply with their requests.
Financial Education: Encourage customer financial literacy and education to improve their knowledge of banking services, dangers, and rights. Customers should be informed about the value of data privacy, safe online behavior, and how to spot and report fraudulent activity.
Protection of personal information is as important as maintaining financial security. Banks should be able to handle customer details properly, maintain confidentiality, and follow rules for data protection. With the upcoming Personal Data Protection Act, India's legal system will be much more robust when it comes to handling personal data.
It's crucial to remember that certain aspects and terms of these regulations may develop or alter throughout time. It is advised to consult legal experts who specialize in Indian banking and data privacy regulations in order to obtain the most accurate and recent information.
Six Recommendations from RBI’s Deputy Governor
During an international event at India's G-20 Presidency in Mumbai, RBI deputy governor MK Jain stated that reducing cyber risk needed a global effort. The deputy governor believes that as financial activities transition to digital platforms, the reliance on information technology infrastructure will rise dramatically.
Cyber-attacks on banks, according to Jain, not only put at risk the stability of individual institutions but also have the potential to weaken financial systems, making it critical for nations to work together to address this important challenge. As a result, he proposed six cybersecurity tactics to assist enhance the worldwide cybersecurity environment.
First, it is necessary to map the major operational and technological links, particularly those of vital infrastructure, to better understand the interdependencies of the global financial system. The ability to comprehend and reduce system-wide risk will improve with better integration of cyber risk into financial stability assessments.
The second step is to create a minimal common framework for cybersecurity that outlines recommended practices and requirements for financial institutions to meet. This can assist in ensuring that all institutions are taking the appropriate precautions to defend themselves against online threats.
Thirdly, countries can exchange information and intelligence regarding cyberthreats and crimes to the extent permitted by domestic legislation. As a result, financial institutions will be able to take preventative action against attacks by identifying new risks and vulnerabilities.
Fourth, nations can collaborate to create and carry out incident response strategies. This can make it more likely that, in the case of a cyberattack, a coordinated and efficient response will be put in place to lessen the effects on the financial sector.
Fifth, through effective efforts to seize proceeds of crime and bring criminals to justice, cyberattacks should become more expensive and dangerous for the perpetrators. The threat would be lessened at its source if international measures to stop, disrupt, and discourage terrorists were increased.
Finally, nations can come together on capacity-building and training initiatives to ensure that financial institutions have the knowledge and tools they need to properly handle cyber risks. This can involve instruction in cybersecurity best practices, planning for incident response, and utilizing cutting-edge technologies to identify and stop cyberattacks.
He emphasized that India is one of the few nations that requires two-factor authentication for all digital financial transactions, making it a unique country that protects its citizens.
Although India is today acknowledged as having creative regulations, when the RBI first implemented them roughly 10 years ago, there was pushback and criticism. In a similar vein, current initiatives to safeguard the customer include quicker Turn-Around-Times for failed transactions, improved customer control over card usage, tokenization, etc.