India’s Banking Cybersecurity Woes
India, one of the fastest growing emerging markets today is in the cybersecurity news headlines once more, as the country has been named as the 3rd most vulnerable country to cybercrime. Based on records, in the nine-year period from 2008 to 2017, 150,000 incidents of bank fraud have been recorded and it keeps on growing year-on-year.
Farrhad Acidwalla, Founder of Cybernetiv, a cybersecurity firm said: “India is the third most targeted country in the world, and 58 percent of these attacks target the financial services sector. Internet banking fraud is on the rise in India with phishing attacks being the most common. Other methods of obtaining customer data are Voice Phishing, SMS Phishing and Social Engineering.”
Cloning of ATM card, which also serves as debit cards is also a big problem for Indian banks, with Cosmos Bank as the latest victim of such cybersecurity incident.“The first one is ‘How securely users interact with a banking infrastructure’. This includes how aware are they of cyber frauds and phishing attacks along with how they handle their critical assets like OTPs, passwords, Mobile devices and Laptops/PC. This includes how difficult is it for an attacker to actually breach the infra of the banks and harness data/carry out fraudulent transactions along with how well the alarm bells are placed to alert about such events,” explained Ankush Jonar, Infosec Venture’s Director.
The train of thought of most customers is that security and privacy is the sole responsibility of the service provider. Removing themselves from the equation of being a stakeholder in the standpoint of security and privacy is a good indication that sector is mature for the next cyber attack. Until such time that end-users of banking services take responsibility for their security and privacy, nothing significant will improve. “From the attacker’s point of view though, the attacks are still majorly focused on mobile wallets and other e-banking means that are much easy to fraud with as the new technology, a lot of consumers are less aware of,” concluded Jonar.
The bottom line, customers need to practice safe computing principles in order to lessen the chances of a cybersecurity issue affecting them in the future. Here are some of our tips:
- Don’t automatically open attachments and make sure your email program doesn’t do so either. This will ensure that you can examine and scan attachments before they run. Refer to your email program’s safety options or preferences menu for instructions
- Get immediate protection. Configure your anti-virus software to boot automatically on start-up and run at all times. In case you forget to boot up your anti-virus software, configuring it to start by itself will ensure you are always protected.
- Avoid downloading files you can’t be sure are safe. This includes freeware, screensavers, games, and any other executable program – any files with an “.exe” or “.com” extension such as “coolgame.exe.” Unreliable sources such as Internet newsgroups or Web sites that you haven’t heard of may be willing providers of viruses for your computer. If you do have to download from the Internet, be sure to scan each program before running it. Save all downloads to one folder, then run virus checks on everything in the folder before using it.
- Use common sense. It’s always better to err on the side of safety. If you’re unsure about an attachment, delete it. Especially if it’s from a source you don’t recognize. If there are tempting animations on a site that look highly unprofessional, don’t download them. Also beware of strange links or unexpected attachments that come through instant messaging programs. They could hide malicious code.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.