Cybersecurity is a cause of concern to every financial company and bankers are facing great difficulty in ensuring it, State Bank of India MD (Risk, IT and Subsidiaries) Dinesh Kumar Khara said on Tuesday.
“Threats are of concern to any financial company. Our employees in the core banking should be informed about and must perceive this threat. Otherwise, they are not vigilant enough,” Khara said at a two-day Federation of Indian Chambers of Commerce and Industry (FICCI)-Indian Banks’ Association (IBA) Annual Banking Conference (FIBAC) 2017 here.
He said bankers should remain vigilant with their vendors and all applications must be insulated from risks. S. Ganesh Kumar, Executive Director, Reserve Bank of India, said that cybersecurity is an important concern and the RBI will come up with guidelines in this regard. Explaining that India has matured and does not need to be micro-managed, he described security as a “marriage between convenience and confidence”.
“Customer perceptions also keep changing, with the younger lot having a different view of privacy. This makes it difficult for the regulator. But the RBI has taken up the challenge and is trying to keep ahead of the curve. They have got a repository of data,” he said. Neetu Chitkara, Principal, Boston Consulting Group, said there were two types of companies: those who are hacked, and those who will be hacked.
“The problem now is so intense that it is the domain of the CEO or the board at the highest level in any organisation. The number of records breached in 2016 was 1.8 billion,” she said. “And these are just the ones that are reported. The hackers could be sitting anywhere on the planet, learning from the Internet and hacking in India. It is a constant war without borders,” she added.
Peter Gartenberg, General Manager, Enterprise Commercial, Microsoft India, said slow upgrade cycles facilitated exploitation of vulnerabilities in the software. He advocated use of cloud as a far more secure environment because it incorporates the latest in terms of cybersecurity. Debopama Sen, Managing Director, Head of Treasury and Trade Solutions, Citi South Asia, felt it will be hard for institutions to be ahead of cyber criminals. “They just have to get it right once, and we have to get it right every single time.”
“The working generation is still one of digital immigrants, not with the same mobility as digital natives. It is a work in progress,” she said, pointing out that the situation in India is no different from that in other parts of the world. The emphasis is on training and simulation, so that everybody knows how to react in case of an incident, she said. Balsingh Rajput, Superintendent of Police of Maharashtra Cyber, said “IT development and cybersecurity are two different fields”.
“Cybersecurity is not a technology problem. It is your business continuity problem. If technology, processes and people work together, the system works well. If one of them misbehaves, there is a threat to business,” he said.
“Deterrence is to the human, not to technology. Hence, we must try to understand the enemy. People should not be shy about reporting to police about a cybercrime,” he added.
Sriraman Jagannathan, Vice President, Payments, Amazon India, said that the concept of cybersecurity evokes fear.
“If all of us deal with this topic as a fearful thing, majority will not engage with it deeply. If cybersecurity is synonymous with fear, it will be difficult to contain it in a rapidly changing world. It needs to be understood, and the desire should be to do better each time,” he said.