'Cyber security preparedness calls for a perfect symphony

: Cyber security preparedness calls for a perfect symphony among the government, various regulators and other agencies as ensuring a safe and robust financial sector cannot be an effort from an individual or a single organisation, said G Padmanabhan, non-executive chairman of Bank of India, here on Wednesday.

"Cyber security preparedness can often make orbreak an institution. To me ensuring, a safe and robust financial sector cannot be an effort from an individual or a single organisation. It is a big stage, like a huge opera. Perfect coordination is called for to achieve a successful outcome. This is because the concept of the financial sector has undergone a complete makeover," he said.

 

Padmanabhan, a former Executive Director of RBI, was speaking on the topic--Cybersecurity challenges in a "wall less and roof less" financial sector after inaugurating the 15th International Conference on Information Systems Security at the Institute For Development And Research In Banking Technology (IDRBT) here.

He said cyber attacks on India had increased by more than 100 per cent in 2018 over the previous year as against the corresponding global increase of 35 per cent.

India was the second most targeted country for cyber attacks in the world, after the US, whereas India's global ranking in cybersecurity readiness stood at 47, he said.

Padmanabhan said hackers' community is more united than others and they were continuously upgrading and building weapons posing challenges to IT systems and organisations as a whole.

Countering this threat calls for dedicated and continuous research to monitor evolving threats and counter measures, he said.

He suggested the financial sector should come together to fund such research on an ongoing basis.

This, he said would enablethe institutions to be proactive rather than reactive in dealing with cyber attacks.

"In a country like ours it takes an enormous amount of time to resolve a cyber issue. When the world average is 220 days, probably India lags even behind that," he said stressing the need for importance of timely action, detection and effectiveresponse.

Padmanabhan further asked why banks should be held responsible for the financial loss which arises out of negligent actions on the part of the customers.

"We all know that while handling cheques and physical instruments, if the customer is found to be negligent in handling them, thereby compromising the security and validity of the transaction, the onus is put on the customer and not the bank.

"Similarly, if a customer is negligent, uses an insecure device, not updating, not downloading the app from the bank's own website, keys in all sensitive data in social media and unknown sites, why banks should be held responsible for the financial loss arising out of such losses?," he asked.

"I strongly feel regulator need to come up with something on this front. Having said that let me also argue in favour of the customer. It is becoming all the more difficult for the customers to differentiate the original from the fraud channels, the duplicate mimic the original so well," he said.

However, important downloads like the appmust be made only from the bank's website and not from a public portal, he said.

He opined IDRBT should dissect such apps and give a public certification of safety provided the basic conditions are met with by the users.

Speaking on the recent decision to merge some of the public sector banks, he said security solutions and controls in place are divergent and banks should focus on security as much as on functionalities or user interfaces.