Cybersecurity is a hot topic for organizations across every industry, Although the financial sector invests greatly in safety and it ranks among the most advanced ones when it comes to IT security, with evolving cyber risks there is more to be done. Banks are among the most heavily targeted institutions worldwide and face a big variety of web security risks and data protection challenges thus they must be proactive in their handling of sensitive information and managing cybersecurity risks.
Evolving Cyber Threats
Due to the large amount of customer data they handle and their financial assets, banks are natural targets for both cybercriminals and malicious internal actors. In today’s constantly changing cyber environment, when exploitation activities are getting more sophisticated, more targeted and more serious, in the absence of an in-depth defense strategy, being breached is no longer a question of “if” but “when”.
Meeting Consumer Expectations
Consumers want the best of both — ease of use and increased protection of their data. As banks are trusted institutions for ensuring customers’ data protection and security, they have a responsibility to uphold and maintain their clients’ trust. To achieve this, banks have to invest not only in the right technology like machine learning, artificial intelligence or big data and solutions like firewalls or Data Loss Prevention (DLP), but should take a broad view and combine these with know-how and training their staff.
Complying with Privacy Regulations
For banks, with an increasing number of global, regional and local data protection regulations, failing to comply or having been breached can result not only in serious financial losses and fines, but it can damage the institution’s reputation and erode its customers’ confidence. As a result, banks should regard the protection of their sensitive data not as a compliance mandate, but as a responsibility vital for their success.
Data Privacy: Major Challenge in India
One of the major challenges that India is currently facing is related to data security and tackling privacy issues. Data breaches impacting banks continue to make headlines while the pace of digitization keeps picking up speed. Data protection is the major concern for banks, as the banks handle huge volumes of personally Identifiable Information (PII) and Personal Credit Card Information (PCI), as well as intellectual property (IP), there is a need for increased security awareness and proactive security.
In the wake of a rising number in cyber-attacks, the Reserve Bank of India (RBI) has published not only a set of guidelines, but they have also started to conduct cyber-audits. The Cyber Security Framework in Banks circular published by the regulator in 2016, underlines the need to put in place a robust cybersecurity framework. This includes among others a board approved cybersecurity policy, a cyber crisis management plan, the protection of customer information and performing compliance assessments on a continuous basis. A data leak prevention strategy is also prescribed, which should include data in motion and data at rest, as well as data processed in endpoint devices.
The first draft of the Personal Data Protection Bill, submitted in July 2018 by Justice Srikrishna Committee, intends to change the way privacy is perceived and practiced within Indian businesses. In case of a data breach, institutions would face penalties similar to those under the EU’s GDPR.
Data protection and Loss Prevention solutions can help banks in several ways; not only in preventing internal and external threats but in complying with international regulations, like PCI DSS, GDPR and national ones like the RBI Circular. A comprehensive DLP solution is an essential tool in protecting sensitive company and customer information regardless of where the data resides, as well as in monitoring and preventing confidential data from leaving the internal environment of a bank.
Disclaimer: The author of the article is Filip Cotfas, the Channel Manager – SAARC, Japan, Northern Europe at CoSoSys. Opinion expressed by the author are his own.