Despite management taking a keen interest in information security, not just CIOs and CISOs, but COOs are getting interested in creating a robust security role for companies.
Cybersecurity has been gaining prominence in the financial sector for some time now. But with Covid-19 unleashing a new wave of cyberattacks, companies are making security a top priority.
Merritt Maxim, VP, Research Director, Forrester, said, “Although this lockdown is going globally, the push for more remote work from the novel coronavirus is already leading to coronavirus-specific phishing attacks and malware, meaning that the trend of data breaches will, unfortunately, continue in 2020.
With this unfortunate certainty, hackers tend to be prey on such unforeseen events or challenges. When normality is disrupted, they see an opportunity that can be exploited. Unsurprisingly, the Covid-19 crisis has led to a significant increase in financial fraud and data breaches. And this time, the BFSI industry is becoming a key target for fraudsters.
Indian companies have realized the cost of cyber fatality and have placed it at the forefront of management decisions.
Cybersecurity has been one of the key management priorities, “said Vikas Varma, Chief Operating Officer, South Asia, Mastercard. “Personally, I ‘m looking at our cybersecurity function and evaluating the required decisions. Collaboration with the IT teams, We have put together years of effort and commitment to create a robust safe platform that has resulted in more than 200 fraud attempts being covered in a minute. Our SOC and Operation Command Center employees are part of the critical front-line infrastructure working in split shifts around the world to maintain resilience. Our investment in detection tools has allowed us to ensure zero failure in preventing any attack.”
Mastercard depends on two main innovations, Artificial Intelligence and Data Analytics. To make payments safe and risk-free, the company is using AI-based decision analysis platform, which is a real-time decision-making tool. This helps to reduce the risk of cyberattacks.With the aid of data analytics software, this AI program applies thousands of data points and advanced modeling techniques to each transaction.
This process further simplifies data-driven insights into a single transaction decision score that helps issuers fine-tune their authorization decisions to allow more legitimate transactions without raising risk. Mastercard SafetyNet system has a large memory grid of different types of transaction limits that are monitored in real-time. Whenever some component of this grid is activated, AI tools analyze each form of decision-based on historical trends of spikes and their effect.
Deutsche Bank on the other hand acknowledges the challenges it faces in going digital with increased threat vectors.
“Going global has also exposed us to serious cyber threats, and IT security has become a key entry point to our boardroom discussions. We started to prioritize our expenditure on cybersecurity, and today we have a lot of investment in this area.Our cybersecurity team has confidence in the leadership of the company and we will, therefore, continue to prioritize IT security programs in the future, “said Dilipkumar Khandelwal, MD & Global Head of Innovation Centre, Deutsche Bank.
Deutsche Bank has taken a multi-layered, defense-in-depth approach to protecting its network and systems that add security control to every layer including devices, data , applications, etc. This provides end-to-end protection while offering multiple opportunities for detecting , preventing, responding and recovering from cyber threats.This approach is a core facet of the group-wide information security strategy for improving technology platform protection and stability.
Cyber Uncertainty by Covid-19
The ambiguity of such a black-swan occurrence was impacting from the hook on the BFSI industry. While businesses quickly adopted the WHF process, they couldn’t tackle cybersecurity issues like insider threats at the same time.
“In Covid-19’s initial process, the rapid and immediate arrangement to withdraw the employees in response to quarantine and home-stay orders resulting from coronavirus had illustrated the need for businesses to protect the endpoint of the employee, which involves solutions such as business, detection and response.
BFSI companies such as HDFC Life moved their 70 percent workforce to WFH phase but this remote work environment made the management apprehensive towards cyber security.
Parvez Mulla, COO, HDFC Life said, “From the initial lockdown to the current business scenario, we were faced with challenges, but my management team itself provided full support to the IT security team. We have taken multiple steps to ensure 24/7 application security, infrastructure and network protection. Our IT teams are constantly evaluating risks and implementing mitigation measures.IT security has been at the top of our IT budget for the past few years, and with this unforeseen economic impact in the future, we are still planning to continue funding cybersecurity projects.
Management and the core IT team have a reliable synergy, which is why we have developed a variable cost model that ensures the scalability of IT expenditure.
The company has an application access gateway that allows enterprise mobility and secure access to corporate applications. This solution provides the ability to secure an application tunnel that ensures security of the transport layer, access via only authorized devices, and the ability to restrict downloads,Isolated from asset vulnerabilities, multi-factor authentication inter alia features. Management also evaluates face recognition software as an additional mitigation measure.
Focus on security awareness
“Any effective safety program must be based upon a strong culture of security. Unfortunately, the protection role is frequently siloed and may speak a different language than other functional classes, exacerbating internal disputes and tensions in the organization, “Maxim stressed.
Developing a culture of protection up, down, and around the enterprise and involving multitudes of stakeholders is neither an easy task nor one that can be easily accomplished in the short run. This needs input from the boardroom, and CXOs are now pursuing it well.