I have seen multiple trends: even the start-ups, being focused on cyber security right from day one because they have understood that robust cyber security posture is of paramount value and a key business driver when they think of scalability. On the other side, I have also seen Cyber Security still not being taken as the top priority by many large enterprises.
The bigger players, MNCs and banks, which have enough budgets, resources, and bandwidth, are focusing on cyber security looking at the current threat landscape and risk of reputation loss but there is still a long way to go.
This is an exclusive article/story conducted by Santosh Vaswani, Content Writer & Editor at CIO News with Prashant Koranne (PK), CEO of Second Quadrant Consulting Solutions on “Cyber Security in the BFSI and E-commerce Industry”.
When asked about the value of cyber security in the BFSI and E-commerce industry, Prashant Koranne, CEO of Second Quadrant Consulting Solutions, in an exclusive interview with CIO News said, BFSI is closely regulated industry. For example: for banks the Reserve Bank of India (RBI) has laid down stringent guidelines on cyber security and information security. So, in the banking industry, the entity has to comply with the regulatory guidelines from RBI. RBI is taking a very firm stand against any violations or cyber incidents. Due to the day by day increasing threat landscape, cyber incidents are growing globally and banks irrespective of their size are being targeted. This in turn has made the banks take significant measures and actions to build robust cyber security posture. The hackers and attackers are becoming cleverer day by day. This is one of the reasons that even the smallest of the banks, even in the cooperative sector, are making conscious efforts for building cyber security posture.
The trends are definitely changing. Cyber Security is now within the top 3 priorities for the leadership. If it is not then there is something amiss at the strategy level. The banking industry is highly competitive these days and retaining customers is the key. No one wants to lose a client. One smallest of errors / technological glitch can lead to a cyber security incident causing a huge reputation loss.
He further added, even the insurance sector is regulated by the Insurance Regulatory and Development Authority of India (IRDAI). Cyber Security guidelines of IRDAI are stringent. Insurance companies need to undergo cyber security audits annually and the compliance needs to be submitted to the regulator. So, even the insurance companies are becoming very serious about their cyber security.
E-commerce has picked everywhere and is the trend today. Earlier, for Indians, going for shopping was exciting. It was a typical pattern for Indians to go to a shop, see the product, and then buy it. The touch and feel were required. Today, shopping takes place online.
Having said that, e-commerce requires internet access and thus we get exposed to the cyber frauds. While the bigger e-commerce players have taken utmost measures to mitigate the risk of online frauds, the smaller once are still trying to find a balance between the expenses on security and ROI. The small merchants, who may not have the budget for cyber security, are very much vulnerable to cyber-attacks.
When asked how the retail e-commerce industry should protect themselves from cyber-attacks, he said, the customer information entered on the e-commerce platform flows through multiple channels like the e-commerce website, payment gateway, banks etc. One weak link can make you vulnerable. Hence, the entire ecosystem through which information / data flows needs to be protected.
The other aspect is the service providers partnering with banks are required to follow the guidelines given by banks which also makes them spend on security. The entire ecosystem needs protection and one loophole at the service provider’s end can make a bank vulnerable.
When asked about the challenges the BFSI and E-commerce industries are facing in implementing cyber-security practices he said, “Challenges are multi-fold”. The bigger challenge is the awareness and seriousness at the top / leadership level. Over a period of time that understanding has definitely increased. To make the leadership understand the importance of cyber security was a delicate factor as there are no instant tangible benefits / returns for spending huge money on security. It is a process. Today, if we take a look at the priorities of the leadership, or investors of a company, they have recognized that cyber security is a very critical component in a business.
I have seen multiple trends: even the start-ups, being focused on cyber-security right from day one because they have understood that robust cyber-security posture is of paramount value and a key business drier when they think of scalability. On the other side, I have also seen Cyber Security still not being taken as the top priority by many large enterprises. The CIOs/CISOs are struggling for budgets and bandwidth. So, allotment of adequate budgets by the CFO to prioritize and implement cyber security is the other challenge for a CIO / CISO.
Top brass needs to understand that skill sets required for managing Technology and Cyber Security are distinct. One man does all cannot be a right strategy when it comes to security. The skill sets and the mind-sets required for managing Technology and Cyber Security are different. For example, a resource may be a very coder but he /she may not be good at understanding the security practices and implementing those.
I may sound clichéd, but the fact remains the same that it’s a top-down approach in cyber security. Implementing Cyber Security is a cultural phenomenon. If the leadership is committed to security, it will percolate to the down lines. If the down line wants security and they are not able to communicate it convincingly to the leadership then that becomes a challenge.
When asked about the security threats affecting the various industries since the pandemic occurred, he said, when the pandemic occurred, no one across globe imagined that all the employees working for a company will be working from home for a year and a half. If we look at the conventional Indian mindset and work pattern, employers preferred employees working on premise. Work from Home was never an option for most of the companies. Due to pandemic, WFH or Work from Anywhere has become a mandate or the need for all the companies. So, employers allowed employees to Work from Home. The utmost priority for the business is to survive, and the other is to minimize the impact on the customer. In order to survive there are situations that companies may have diluted their security posture. The WFH arrangement has exposed many companies to variety of threats. While many companies enforced adequate controls, many companies which did not have resources and the budget, were vulnerable and may still be vulnerable.
When asked about the benefits of investing in threat intelligence, he said, threat intelligence has already become a part of the cyber security initiatives. The threat database needs to keep current and updated to encounter the emerging threat landscape. I hear people saying that they have implemented the best of the tools and technologies. So, you may have the data taken from various sources. However, what needs to be done with that data needs to be understood. The tool will only help if it’s implemented / configured properly to meet the requirements of your business. Resources need to be formally trained on incident management. Competency of the resources managing the incident response needs to be built. The monitoring mechanism needs to be robust. So, when an incident occurs instead of getting into a panic mode the company should be in a position to do the immediate correction and investigate further. Segregation of duties is essential. One person handling multiple activities should be avoided, he added.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
CIO News also covers the professional journeys of CIOs across all industries through print articles.