Cosmos Cooperative Bank Ltd, one of the oldest cooperative banks in India, might have never apprehended that it could be the target of hackers worldwide. The Pune-based cooperative bank witnessed a massive security breach, when hackers siphoned off around Rs 94 crore through a malware attack on its server.

Cosmos’ incident is the second such incident of malware attack on a smaller bank this year. Earlier this year, City Union Bank came under attack after cyber criminals transferred nearly $2 million through three unauthorised remittances to lenders overseas via the SWIFT financial platform.

Experts are of the view that smaller banks in the country are more likely to fall target to hackers in the coming months as the bigger banks tighten the loose ends, thus forcing hackers to go after smaller players.

“Hackers do not follow the concept of large banks or small banks. They will go after institutions that are vulnerable and do not have a strong cyber security process in place. Since most of the bigger banks have streamlined their processes in the last two years, smaller banks tend to be softer targets now,” said Munjal Kamdar, Partner at Deloitte.

He said while bigger and sophisticated banks spend about 4 per cent of their total IT budget on cybersecurity and information, smaller banks, cooperatives and other smaller financial institutions are not spending much. However, compared to the bigger Indian banks, the banks in North America and Europe are spending about 6-10 per cent of their IT budget to thwart rising incidents of financial crime involving hackers.

“The rate of cybercrime is increasing by 10-12 per cent every year and this year it is likely to rise further,” Kamdar said, adding that while we have data on the reported cases, the unreported and undetected cases are likely to be more than double.

He further added that with the banking system going digital, the “attack surface” has also increased. “The attacks can happen at the ATM, mobile, payment system, SWIFT, everywhere, and the banks need to automate their processes,” Kamdar said, adding that the banks should be ready with multiple lines of defence.

According to information gathered from banking industry sources, many banks still depend on manual processes to detect vulnerabilities and also depend on third-party vendors to outsource several processes, including cybersecurity, eKYC, and software management, in a bid to cut costs.

Besides, experts are of the view that with banking technology changing fast, the ways in which hackers attack any system is also likely to change and, hence, banks need to adequately hire ethical hackers and cybersecurity professionals who can detect and fix the loopholes at regular intervals.

According to a recent survey by colour delivery network provider, Akamai, India ranked fourth in the list of top 10 target countries for Web Application Attacks.

Another report shared by the Indian government said about 53,000 data and security breaches were reported last year across financial and government institutions.

comment COMMENT NOW