Priyanka Pani

The number of cyber attacks on banks, especially the smaller ones, is likely to double in the coming months, according to experts tracking the space.

“The rate of cyber crime is increasing by 10-12 per cent every year, and this year it is likely to rise further,” said Munjal Kamdar, Partner at Deloitte.

There are about 2,000 small banks in the country, including urban co-operative, district central co-operative banks, regional rural banks and small finance banks, and a majority of them do not have a dedicated risk management and cyber security team, thus making them more vulnerable than the large commercial banks.

Smaller banks at risk

He said that while bigger and sophisticated banks spend about 4 per cent of their total IT budget on cyber security and information, smaller banks do not spend much.

However, compared to the bigger Indian banks, lenders in North America and Europe spend about 6-10 per cent of their IT budget to thwart the rising incidents of financial crimes involving hackers.

He further added that with the banking system going digital, the “attack surface” has also increased. “The attacks can happen at the ATM, mobile, payment system, (or) SWIFT and banks need to automate their process,” said Kamdar, adding that banks should be ready with multiple lines of defence.

Mandar Agashe, Founder and Vice-Chairman, Sarvatra Technologies Pvt Ltd, said smaller banks should move to companies that provide payment systems infrastructure on a Platform-As-A-Service (PAAS) model.

The issue of cyber security assumes significance after Pune-based Cosmos Cooperative Bank witnessed a massive security breach when hackers siphoned off ₹94 crore through a malware attack. While the bank, one of the oldest co-operative banks in India, has not revealed the exact nature of attack, sources said a malware attacked the bank’s server.

The Cosmos incident is the second such incident of malware attack on a small bank this year.

Earlier this year, City Union Bank came under attack when cyber criminals transferred nearly $2 million through three unauthorised remittances to lenders overseas via the SWIFT financial platform.

“Criminals follow the money, so banks face significant threats, and it’s not realistic to prevent every single attack from succeeding. We encourage banks to ensure they don’t just cover the basics but that they thoroughly understand the threats they face and stop these threat actors. This requires actionable threat intelligence,” said Shrikant Shitole – Senior Director and Country Head for India, FireEye, a cyber security solution provider.

According to a recent survey by content delivery network services provider Akamai, India ranked fourth in the list of the top 10 target countries for Web Application Attacks.

Another report shared by the Indian government mentioned that about 53,000 data and security breaches were reported last year across financial and government institutions.

comment COMMENT NOW