#WFH : Cybersecurity - the top priority in BFSI

Cybersecurity risks with the proliferation of digital transformation initiatives:

India with the second-largest internet population in the world and greater connectivity via the World Wide Web, our digital societies are open to new vulnerabilities of fraud and forgeries by hackers. One of the largest risks associated with the Digital Transformation of BFSI participants is Cybersecurity Risks. Cyber-attacks are on the increase and BFSI participants have prioritized protection against cyberattacks as a top strategic priority.” Cyber Security “is defined as means of protecting information, equipment, device computer, computer resource, communication device, and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.

Separate industry reports say the web applications of high tech industries (33%), banking and finance (33%), government (17%), and transportation (17%) were the most heavily targeted by attackers during July and August 2020. India saw over 3.5 lakh cybersecurity incidents in the month of July and August, triple the number of incidents that it saw in the first three months of 2020, the Union Minister of state for electronics and information technology Sanjay Dhotre said in the Lok Sabha on Monday.

The country’s cybersecurity agency CERT-In has recently issued an alert against an Android malware, dubbed ‘‘BlackRock’’ that has the potential to "steal" banking and other confidential data of a user. It can extract credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps, the CERT-In said in an advisory. The "attack campaign" of this ''Trojan'' category virus is active globally.

The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware crypto worm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

Check whether your data has already been compromised

Have I Been Pwned

is a website made by security researcher Troy Hunt that allows you to check your email address against a database of hundreds of Data Breaches to see if it was involved in them. Have I Been Pwned has been mentioned by many media outlets, and it is even used by some governments.

Mobiles and SMiShing

With mobiles becoming the lifeline of every human being, every malicious attack method used to attack PCs is now being rewritten to hack mobile devices.

How are the hackers getting to your mobile phone?

Malware

As on a PC, you can be duped into downloading the malware to your mobile device as it’s often disguised as the newest game or productivity app and even offered by people impersonating technical support agents.

Synchronization

From most PC’s points of view, mobile devices are viewed as just another storage device, like a flash drive. So when you synchronize your phone with your PC, some types of malware can jump to (or potentially from) your mobile device.

Buffer Overflows

When a program tries to store more data in a buffer (temporary storage area) than it was intended to hold, it overwrites adjacent memory. This is caused by a programming error, but a side effect of the error can lead to a common type of security attack. These buffer overflows affect data integrity and/or can lead to privilege escalation or remote code execution attacks on PCs. 

Denial of Service Attacks

These types of attacks, aimed at making computer resources unavailable to their intended users, once focused solely on PCs. They are now occurring in the mobility space.

Phishing

SMiShing uses cell phone text messages to bait you into divulging personal information. For example, you might receive a text message requesting that you call an unfamiliar phone number, or that you go to a URL to enter information or a message that prompts you to download software to your phone.If you access the URL in the SMiShing text message or download any software to your device (PC or mobile device), you may unintentionally install malware on the device. If you receive a text message that asks you to call a number you do not recognize or go to a web site to enter personal information, do NOT select the link embedded in the message. Just delete the text message.

The unpredictable nature of cyberattacks makes it critical to use analytics to preempt and tackle such attacks. 

The cybersecurity agency CERT-In suggested some counter-measures: 

? Do not download and install applications from untrusted sources 

? Use reputed application market only

? Always review the app details, number of downloads, user reviews and check the ''additional information'' section before downloading an app from the play store 

? Use device encryption or encrypt external SD card

? Avoid using unsecured, unknown Wi-Fi networks among others

? When it comes to downloading banking apps, one should use the official and verified version and users should make sure they have a strong AI-powered mobile antivirus installed to detect and block this kind of tricky malware, the advisory said. 

Analytics and AI can play a critical role in preempting Cyberattacks

BFSI participants are custodians of humongous amounts of sensitive end-user and customer data and can proactively use it to stop such malware and prevent breaches.

The prevention strategy is to identify anomalies within the data and correlating them to other events to unravel unexpected patterns in real-time.:

1. Customer data: Customer database, credit/debit card numbers, purchase histories, authentication. Address, personal data

2. Device: Type, software revision, security certificates, protocols

3. User data: Authentication and access location, access date, and time. User profiles, privileges, roles, travel and business itineraries, activity behaviors, normal working hours, typical data accessed, application usage

4. Content: Documents, files, email, application availability, intellectual property

5. Network data: Locations, destinations, date and time, new and non-standard ports, code installation, log data, activity and bandwidth

The anomalies, which can indicate a potential breach, are:

1. Traffic anomalies to, from, or between data warehouses

2. Suspicious activity in high value or sensitive resources of data network

3. Suspicious user behaviors such as varied access times, levels, location, information queries, and destinations

4. Newly installed software’s or different protocols used to access sensitive information

5. Identify ports used to aggregate traffic for external offload of data

6. Unauthorized or dated devices accessing a network

7. Suspicious customer transactions

8. The critical requirement is real-time analysis achieved through analytics and Big Data, which contains activities and events suggesting a potential threat. 

In financial services, the organizational awareness of the preemptive cybersecurity implementation is critical given that the risks are magnified with the WFH (Work from Home) ecosystem that is here to stay.

Summary of Cybersecurity actionable:

Cybersecurity Threats

Ransomware

is malware that enables extortion in cyberspace for financial gain and generally uses cryptocurrency like Bitcoin for transaction

Impact

Once activated, ransomware prevents users from interacting with their files, applications or systems until a ransom is paid, typically in bitcoin.

Preventive measure 

1. Comprehensive information security awareness programs for staff
2. Install of reputable and up-to-date antivirus program

Denial of Service Attack (DoS)

DoS involves flooding a computer with more requests than it can handle

Impact

DoS causes the computer to crash and authorized users being unable to access the service offered by the computer.

Preventive measure 

To prevent denial-of-service attacks in the future, routinely stage “emergencies” and practice responding to them. In doing so, the organization will develop a methodology that fosters speed and accuracy while minimizing the impact of unavailable resources and potential damage should an actual crisis occur

Email Spoofing

This an email activity in which the sender addresses and other parts of the email header are altered to appear as though the mail originated from a different source.

Impact

This does not mean your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address Hackers use email spoofing to trick users into proving personal and confidential information

Preventive measure 

1. An SPF ( Sender Policy Framework)record – a list of IP addresses which are authorized to send emails from a domain
2. DKIM check – an email authentication method. It enables you to sign and verify email messages using public DKIM is an email security protocol which checks if an email has been tampered with in transit

Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, password, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Impact

Loss of sensitive personal information such as password and credit card details

Preventive measure 

1. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update the programs regularly. Firewall protection prevents access to malicious files by blocking the attacks. Antivirus software scans every file which comes through the Internet to your computer. It helps to prevent damage to your system
2. Use Virtual Private Networks to help secure online activities by routing them through secure servers that hide identities and secure connections as well by encrypting all data sent between the user and the VPN servers. Using VPN services is best for preventing hacking attacks like DDoS, MITM attacks, Wi-Fi spoofing, etc.