Noida: Due to the future demand for business agility, the BFSI sector has been exposed to the pressure of developing and transforming itself into a fast-paced organization. Currently, almost every sector is undergoing and embracing the digital transformation process, hence, there is a need to focus on the importance of business agility. Private companies, public sector companies, new-age start-ups, fintech and so on are looking to become more agile during this process and prioritise sustainable operations. The massive shift towards digital technologies and customer engagement in the transaction and using services online has expanded threats and vulnerabilities in the business. Banks and Financial services need to make sure of their cyber security strategy along with the digital-first services that they provide.
On the second day of the two-day virtual BFSI – Finnovation Conclave by APAC News Network, the panel titled, ‘Transforming Security for Business Agility in BFSI’ had covered various aspects of security and business agility in BFSI. The panel discussion was moderated by Kanishk Gaur, Founder, India Future Foundation. Avinash Shukla, DGM & CISO, UCO Bank, Babitha B P, CISO, Catholic Syrian Bank, Rishikant Dubey, Chief Risk Officer, Muthoot Microfin Ltd, Balram Choudhary, CISO, ASK Group, Naseem Halder, CISO, Acko, Ashwin Prabhu, Head – IT & Engineering, KreditBee were the speakers on the panel.
Key highlights of the discussion:
The panel discussed in detail how can cybersecurity solutions help banking and financial service organizations detect, monitor, report as well as counter cyber threats while preserving the functionality of the information system. One of the panellists said that cyber security is the need of the hour, we are now going with AI and ML-based technologies that track the user behaviour. We are adapting to passwordless authentication as well. The cyber security environment is evolving but the aim remains the same at the core — the confidentiality, integrity and availability of the data.
Adding on to the point another panellist said that enhancing cyber security is not a one time job rather it is a continuous process. It has three aspects at an organisational level; one – we need to have an appropriate tool, second – we need to have appropriate people/trained people on board so that it can be managed well. Because if we don’t have these two in place the data and appropriateness of security systems can be jeopardized at any point in time. Third – how we are creating awareness about these cyber security tools.
In the digitization process as there is huge data available on the cloud. There is a need to keep the cyber security system intact within an organisation. Another speaker mentioned that there is a constant need to innovate the cyber security system. We can say it is a race between a hacker and the security expert in the organisation.
With multiple options and tools available in the market, first, the BFSI organisations have to identify the right tool and solution for their system. The panel shared common views on cyber threats and tools to protect the system. There are different types of threats and attacks so it becomes very difficult for organisations especially in the BFSI sector to select the right tool. The solution to this problem is to take the risk-based approach wherein we need to analyse the broader and in-depth to find the actual problems and identify which tool can be efficiently used within the organisation.
The panel discussed the identity and access management system in the BFSI sector. According to them, they have to think in a comprehensive way and design a solution including all security tools and technologies. During the pandemic and the era of digitization followed by work from the home scenario, speakers mentioned the implementation of such solutions by which they were able to give access from outside, robust identity and access management, multi-factor authentication, secure connection and so on.
During the discussion, panellists said that today, artificial intelligence is being used especially to control phishing attacks, malware and data threats. We can’t completely rely on technologies. If you talk about AI and Machine Learning, it takes time to learn them. The challenge is most of the cyber attacks had happened as zero-day attacks where they don’t know what kind of encryption systems the attackers are using. In such cases, they have to identify the system, if it is behaving in an abnormal way, so for that, they have to go for a user behaviour analytics tool. The maturity curve of AI is still not up to the mark, we have to work towards enhancing it.
In the concluding part of the session, speakers pointed out the need for awareness among the (users) masses and businesses. They said that we need to create more awareness about cyber security. We were never secured 100% before, we will not be secured 100% tomorrow. It is a continuous process. You may have many tools and technologies to save your customer-centric data but apart from that, we should be doing audits in an intrusive and non-intrusive manner.
Vishakha Goswami
Discussion about this post