 "(From left) Malcolm Gomes, COO, IDfy; Mahavir Jindal, COO, Amazon Pay India; and Deep Narayan Mukherjee, partner, BCG (Photo: Kamlesh Pednekar)")
Don't want to miss the best from Business Standard?
Even as the data privacy Bill is yet to be implemented, the Indian financial sector’s customers are relatively safer, thanks to the Reserve Bank of India (RBI) having stringent asks from the industry.
Speaking at a session on ‘Trust No One, Verify Everything: Cybersecurity for the Digital Age,’ moderated by Ajinkya Kawale of Business Standard, Deep Narayan Mukherjee, partner, Boston Consulting Group (BCG), said, “Data breach is one aspect of cyber attack, the other is ransomware, which is not related to your customer. There are more and more instances globally in the last two or three months, where non-customer-centric businesses have been hacked.”
While talking about customer awareness, Mahavir Jindal, chief operating officer (COO), Amazon Pay India, said it is not easy.
He said that educating customers is going to be a long journey. “It is a journey that we need to start now. We are still at the base layer, where we are still talking about phishing and how to safeguard against this.”
Malcolm Gomes, COO at IDfy, also said that there is still a highly vulnerable population which includes the elderly and some who don’t understand mainstream languages.
Also Read
 "Slussen transport hub, Stockholm")
 "Biren Yadav, a digital arrest victim still fighting to recover his funds, at home in Gurugram, India, in September.")
 "Insurance fraud")
 "Microsoft logo, Microsoft")
 "hack, Cyber Crime, Scam")
“The basics have been done, but there is a lot more that needs to be done through video and Whatsapp channels. Everyone is doing their fair share. The RBI does, banks do. I still feel it has not got to perhaps the most vulnerable sections of society. That is also where a lot of the source problems are,” Gomes said.
All the three experts also agreed on the urgent need for a zero-trust approach — a model now seen as essential for securing digital ecosystems as regulators demand greater operational transparency.
A zero-trust model treats every user and device as untrusted, requiring continuous verification before granting access to systems or data.
Gomes said that zero trust has existed for a while, “It started with the NIST in the US, and the thought process came from there. At this point, regulators have not mandated it, but it has crept into the thought process of organisations.”
He also said it doesn’t help that AI tools are getting much more sophisticated.
Jindal, too, said, “If someone is in a financial services business, he has to operate in a zero-trust environment,” adding that for him, zero trust is “all-pervasive.”
While talking about the threat vectors, which are evolving rapidly, he said zero-trust capabilities must advance in tandem.
He said that at Amazon Pay, “any data exchange, whether with an external partner or an internal one, happens in a zero-trust environment — implying an exchange of keys.”
While he believes the industry is doing a decent job implementing zero-trust systems, Jindal warned that the pace of cyber threats continues to accelerate.
“While we have a good foundation, there is a long way to go to address the emerging threat vectors,” he said.
While talking about cyber security becoming a priority for organisations, Mukherjee said, “For any organisation, there are multiple competing priorities. Needless to say that cyber for most organisations is among the top.”
 "rice")
 "concert, live event")
 "Larsen and Toubro")
 "coal mines")
 "tata motor, truck")
