5 pre-requisites for banks while building cyber security infrastructure

Financial institutions in India have been the frontrunner in adopting modern technologies to provide customers with new-age products and services for optimum value. In today’s interconnected world, it is not surprising to say that if one is traceable, they are vulnerable and if they are vulnerable, they are hack-able. The propensity of smart devices and interconnectivity has further increased the complexity of cyber attacks.

In the journey to keep pace with the technological advancements and to provide optimum value to the consumer, financial institutions face the burgeoning challenge to tackle cyber security threats and vulnerabilities. Reserve Bank of India (RBI) has recently mandated the creation of a Cyber Security Framework to fortify the security postures at banks. This policy should be separate from the broader IT policy.

As banks relook at their security framework, Symantec, being the global leader in cyber security, recommends adopting an “Information Centric Model”. It will involve envisioning the information infrastructure, information intelligence, and information governance, which will provide banks a global view of the threat landscape inclusive of their own environment.

Here are five prerequisites for banks to consider while strengthening their cyber security infrastructure.

1. Adopt Solutions to Proactively Address Adversaries - It is no more a question of “if” or “when” you will be attacked- but how often. To stay ahead of emerging threats, it is imperative for banks to put in place an adaptive Incident Response, Management and Recovery framework to deal with adverse incidents or disruptions. Having solutions such as Advanced Threat Protection will provide visibility into suspicious activity across all control points and prioritizes the events that pose the most risk to any organization, thus addressing and remediating the risk in a time efficient manner.

2. Establish Real-Time Monitoring Systems – According to Symantec’s Internet Security Threat Report (Vol. 21), in 2015, the number of zero-day vulnerabilities discovered more than doubled, reaffirming the critical role they play in lucrative targeted attacks. This reaffirms the need to equip businesses with solutions and services which can monitor, analyze and escalate security incidents in real-time. Setting up a Cyber Security Operations Center (SOC) will enable constant monitoring of the environment using appropriate and cost effective technology tools. Banks can either work together to establish SOC installations or work with security vendors to provide the intelligence, capacity as well as a capability to detect, protect and prepare from cyber attacks.

3. Automate Processes to Address Technology Challenges - Automation of processes is a vital part of a future-proof security infrastructure as it helps guard against human error and offers the capability to manage large amounts of data. This is also address the “smart” needs of the smart and intuitive technology using consumer.

4. Create Awareness and Encourage Education - Education of employees and customers act as the best defense against many threats. This is most effective when organizations break away from traditional security awareness models to employ creative and immersive techniques and deploy technologies that can influence user behaviors.

5. Make Security a Boardroom agenda – Lastly, and most importantly, as mandated by RBI, cyber security policy should be separate from the broader IT policy. The change in business landscape combined with the infrastructure modernization, has resulted in the evolution of threat landscape making security is no more a point product and rather an architectural need. This has further changed the role of IT leadership from being an operational player to a strategic partner. Since security is no longer a one-size-fits-all solution, the role of a Chief Information Security Officer (CISO) is important. Information security is not a final destination, but a journey in which the CISO must align closely with the business to ensure operational competitiveness and growth.

Cyber criminals today are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks. With the current evolving threat landscape, eliminating cyber attacks and criminals is impossible but with the right infrastructure, strategy and intelligence, safe-guarding businesses and protecting them without disrupting innovation and growth is definitely achievable.

(This article is authored by Shrikant Shitole, Managing Director, Symantec, India Region)