Sankarson Banerjee, CIO, RBL Bank, talks about how the banking sector can address the new risks arising from digital banking, contactless payments and online service initiatives.
The new normal has had a dramatic impact on the way we work and do business. The severe lockdown and social distancing norms necessitated the adoption of a Work-From-Home policy for industries across verticals. Traditionally, banks have not been known to have work from home policies for a large employee base. The incidents of WFH arrangement have been few and far between. This is largely because various kinds of banking operations do not lend themselves easily to a remote work environment. But now WFH is the new normal in the banking industry.
Given the current state of affairs, the banking industry is trying to extend its services efficiently. However, security is a key element that needs careful consideration in the new dynamics of remote workplace/ banking. As a vast employee base is working remotely and digital banking initiatives continue to surge, the surface area for security breaches is expanding considerably. Digital banking, contactless payments, and online service initiatives have led to an increase in the number of cyberattacks. New security challenges have come up. Fraudulent transactions, email-based phishing attacks, DDoS attacks, and system compromise attacks have increased steadily.
Firewall and remote access controls have become more critical than social engineering attacks in the short term because of the sudden expansion of the perimeter to people's homes. The banking industry is scrambling to achieve a comprehensive security posture. Banks are focusing on strengthening their existing policies from remote to core applications. In the current scenario, access management and control is a big area that needs constant assessment.
Banks deal with a whole lot of sensitive customer data and PII. Safeguarding this business-sensitive information is critical. Earlier, call centers operated in a tightly controlled environment. In a WFH setup, it is difficult to impose controls on the privacy and security of customer data. Today we are reconfiguring our systems so that call center operators do not receive customer’s private information anymore so that there is no information leakage. Banks are doing more straight-through processing by adopting automation. Now the industry has started to look at several external products. Banks are adopting AI to detect violations. They are using AI & ML in a big way to identify fraud and respond to it in a real-time manner.
For threat detection, banks are creating honeypots for fraudsters, using AI. Banks are also employing AI-driven behavioral analysis measures and access control. A lot of that learning and intelligence is going into creating security protocols to identify threats and respond to them in real-time. The Zero Trust model is another initiative that banks are looking at implementing at different levels.
Banks are using AI to mitigate zero-day attacks. There is also a growing impetus on protection against ransomware through new age storage technologies. Banks are moving the perimeter to the cloud. AI stacks will become cloud-centric and there will be an increasing adoption of SaaS services. Even core services are becoming SaaS driven where the data is yours but the protection of data, storage, infrastructure, security, endpoint security, and perimeter security is the responsibility of the service provider.
Banks are relooking the security posture and using technologies like cloud-enabled storage, access control, AI, and ML to safeguard the perimeter less enterprise.
To know more.