Cybersecurity is an essential component of any organization's business strategy. An efficient security strategy can help to reduce the risk of cyber-attacks by managing tasks such as vulnerability scanning, threat detection, and incident response. As far as the Banking & Finance sector is concerned, there are a number of cybersecurity threats that banks and financial institutions face on a daily basis. To enhance its cybersecurity posture and better protect customer data, financial transactions, and critical systems from cyber threats, A CISO (Chief Information Security Officer) of the bank or a financial institution has to provide strategic guidance and leadership to safeguard the information assets and maintain stakeholder trust.
In a conversation with CORE Media Group, Ninad Varadkar, Group CISO at Edelweiss Financial Services Limited, spoke about the importance of securing data assets in the BFS sector and establishing an incident response plan that outlines the steps to take in case of a data breach or security incident.
1. With cyber threats becoming more frequent and sophisticated, a CISO is expected to navigate the threat landscape with a full-proof security strategy. As businesses move workloads to the cloud, CISOs have to expand their cloud-native strategy to be able to deliver seamless experiences. In this case, what steps they should take to strengthen the cloud security posture?
While cloud adoption offers some benefits in terms of cost savings, flexibility, scalability, rapid deployment, and so on, it also comes with certain risks, which need to be carefully evaluated and addressed. When talking about cloud security posture management (CSPM), we are referring to three major capabilities: visibility, monitoring, and compliance assurance.
A CSPM program should be able to cover all these pillars and provide capabilities to discover new and existing workloads, identify misconfigurations, and provide recommendations to enhance the security posture of cloud workloads, as well as assess cloud workloads to compare against regulatory standards and benchmarks. If we have to take an example of compliance assessment, one needs to ensure that the CSPM is covering the regulatory standards used by the company.
2. Speaking about the banking and finance industry, what are the challenges the CISOs face when it comes to dealing with security threats and what are the best security practices for the BFSI sector in 2023 from a CISO's perspective?
As enterprises around the globe continue to drive new innovation and expand digitally, attack surfaces continue to grow exponentially, around cloud, mobile, and virtualization. Therefore, the attack surfaces that must be monitored and protected constantly grow and evolve. Here are some best practices:
- Shortage of skilled cyber security professionals with real-world experience to combat the ever-evolving threat landscape. This drives costs higher and increases demand for automation to reduce the headcount.
- As regulations increase and evolve, it is important to keep up with the constantly changing compliance landscape, organizations need to increase their focus on cybersecurity to meet regulatory requirements.
- Keeping up with sophisticated tactics like ransomware with data exfiltration, tackling the rise in hacktivism and attacks like DDoS (Distributed Denial-of-Service) also monetizing attacks via cryptocurrency, renting attack infrastructure, phishing attacks, and AI require new defenses.
- The cost of cybercrime is rising fast: Cybercrime will remain a large-scale concern for years to come. As per some estimates, global cybercrime will cause USD 12 trillion in damages by 2025.
Here are the best practices to be followed: While this is not a comprehensive list, the below practices will help elevate the cyber security posture and ensure preparedness for cyber incidents.
- Cyber security is a joint responsibility, so partner with businesses to promote security culture and to ensure ISMS policies are adhered to
- Conduct regular hardening & patching of infrastructure
- Follow rigorous AppSec practices
- Ensure external attack surface management
- Conduct regular DR drills & BCP
- Develop a sound cyber incident response plan
- Engage with a sophisticated vendor to ensure support during a major cyber incident
3. Banks and financial institutions deal with a huge number of customer assets and data. How does a CISO safeguard these consumer assets, which are of high significance?
Securing data assets is one of the primary responsibilities of a CISO. To implement an effective data security strategy, it’s very important to identify the crown jewels and the critical capabilities and conduct a risk assessment and understand which areas you are vulnerable to attacks.
To further secure the identified critical data from unauthorized access, its key to implementing encryption mechanisms to protect data at rest, in transit, and in use. Encryption techniques such as transport layer security (TLS) for data in transit, full disk encryption (FDE) for storage devices, and database encryption can be implemented to safeguard sensitive data from unauthorized access.
DLP (data leak prevention) solutions can be implemented to prevent data leakage or unauthorized data transfers.
Another key consideration is establishing an incident response plan that outlines the steps to take in case of a data breach or security incident. Dark web monitoring can be leveraged to understand if any of the sensitive customer data is available on the dark web, and if the answer is yes, then appropriate steps can be taken to remove the listings from the dark web.
A red teaming exercise, which will simulate an attacker trying to compromise sensitive data can be conducted to further understand how the vulnerabilities identified can actually be exploited and the associated business risk.
4. Since banks and financial institutions are exposed to a variety of risks, they have well-constructed risk management infrastructures and are required to follow government regulations. How does a CISO ensure that compliance is taken care of?
By implementing the steps outlined below, a CISO can help ensure that the organization adheres to the necessary regulations and maintains a robust compliance posture.
- Staying updated with various applicable regulations and industry standards including the understanding of the requirements and implications of regulations.
- Performing regular assessments to identify gaps between the organization's existing security practices and the requirements outlined in the applicable regulations.
- Creating comprehensive policies and procedures that clearly outline the organization's approach to compliance.
- Implementing a robust monitoring and auditing program to assess and validate compliance.
- Establishing a clear incident response plan that includes specific steps to be taken in the event of a compliance breach or security incident.
- Regularly reviewing and updating compliance programs based on lessons learned, changes in regulations, and emerging security threats.
In summary, a CISO is responsible for driving the organization's cybersecurity program, ensuring that appropriate security measures are in place to protect against threats, and proactively addressing security risks and incidents. Click here to read more about such key insights on cybersecurity.
