Onus of security is on banks, always
Security of data is important in all fields and more so for banks. As digital banking is picking up steam, so are the threats. The onus of the security of transactions lies on banks. How are the cooperative banks in India facing this challenge?:
The session on security of data was moderated by veteran banking technology expert Ravikiran Mankikar. The other panelists were B. Kannan, Joint GM-IT of Repco Bank, Rohit Singh, CISO Arihant Cooperative Bank and Milind Varekar GM & Head IT, Saraswat Bank. To give her legal opinion Puneet Bhasin, cyber law expert. joined the panelists.
Ravikiran Mankikar: RBI has graded the banks into 4 categories depending on payment modes. How do you perceive this gradation?
Milind Varekar: The grading approach by RBI is a good move. Customer expectations from banks are very high. Hence when it comes to implementing digital, the banks will have to acquire technology accordingly.
Mankikar: In the absence of a proper in-house legal team, how can banks safeguard themselves from cyberattacks and address customer needs?
Puneet Bhasin: Cyberattacks on bank servers are getting frequent. At the same time, unsecured devices and networks pose a big threat. Though the banks are held responsible, it is not always the bank’s fault. Educating with the dos and don’ts through SMS or short videos could be helpful. One of the solutions could be to have a cyber legal panel. Litigation is expensive and should be taken as the last step. Frauds of higher value can be defended. Banks should enter into digital space only when they are completely sure of the security and can bear the cost of litigation.
Mankikar: What should be the course of action if the lapse is at the service provider’s end?
Bhasin: A routine roundup of newer threats and updating of the systems will help, and adapting fast is also the key. Having a cyber-legal department is the key before venturing into the digital banking space.
Mankikar: It is important to make customers believe that the bank is fully secure and their money will not be stolen.
The staff and the top management should be educated on the importance of cybersecurity. The staff should also be taught how to handle customer grievances or queries on digital banking.
Mankikar: As one of the l ar gest cooperative banks of South India, what measures have Repco Bank adopted to give a sense of security to the customers?
B. Kannan: The top management of the bank is keen on providing digital payment methods to the customers. Also, we are observing our peers. We try to have the highest security level.
Mankikar: What are the measures to be taken internally by banks to be safe from hackers on the internet?
Kannan: Banks must definitely take smaller safety measures like manageable SIEM, to mitigate the threats. Some activities can be outsourced to vendors to safeguard the IT resources.
Mankikar: How implementing SOC services will help banks? And what should be done that more banks adopt SOC?
Milind Varekar: It will greatly help the banks in knowing the impending threats. As well as the customer can be aware of how banks are handling security threats. It is also important to train the staff to run these SOCKs. Smaller banks could outsource SOCK to service providers.
Mankikar: Incidence Containment and Incidence Response Management are two critical parts of the security of banks. How should the banks go about it? Also, should there be knowledge sharing regarding threats for better security of the ecosystem?
Milind Varekar: We at Saraswat Bank have set up an Incidence Response Team and Escalation Matrix has been defined. The team comprises experts from IT, Information Security and Risk Management. It is important to share the attack knowledge so that all are aware and can upgrade their security.
Mankikar: How to create awareness among the customers and staff?
Rohit Singh: An institution should be set up by RBI where banks can report the incidents. Without disclosing the names of the banks affected, such incidents should be brought to the notice of others so that they can learn about the threats. Customers may fear for their deposits with smaller, especially cooperative, banks.
Mankikar: What are the precautions to be taken while outsourcing technology and security?
Kannan: It will be good for banks if they write the Service Level Agreement with the vendors. These should be reviewed and the vendors’ activities must be monitored. The diligence of vendors should be of utmost priority.