Currency Ban Could Increase Risk of Cyber threats for Indian Banks

While Indians continue to deal with the demonetization of 500 and 1000 rupee notes (an unprecedented move by the Indian government in its attempt to fight “Black Money”), there is a danger lurking in the folds that may go unnoticed until it’s too late.

The demonetization will drive an increase in cashless electronic transactions. As the rupee notes are now defunct, people will turn to online payments and use of credit and debit cards, which could increase the potential for cybercrimes against financial institutions.

Banks have always been a favorite target when it came to cybercriminals, and Indian banks are particularly attractive. According to a report by Trend Micro, India ranks third after Japan and the United States in terms of the countries most affected by online banking malware. And the news of security breaches at some of the biggest banks in India is still fresh on the minds of security professionals and banking customers. According to the National Payments Council of India, these breaches involved fraudulent withdrawals of a reported Rs 1.3 crore from cards issued by 19 banks.

As Indian banks cope with the increased volumes of electronic transactions, they potentially become more vulnerable to cyberattacks. One way for banks to protect against an increased risk of cybercrime is to bring their entire IT infrastructure into view, enabling security teams to quickly spot the ways in which their organization’s network could be compromised.

Attack surface visualization solutions simplify this complex task by turning massive volumes of data into a simple picture. These tools enable security teams to view integrated data from dozens of security and networking products – regardless of vendor or location – and see indicators of exposure (IOEs) prioritized in the unique business context of their organization.

But how do you turn a picture into action?

To gain a comprehensive understanding of the risk exposure throughout their IT network, organizations need to consider everything from new or exposed vulnerabilities and vulnerability concentrations to risky access paths and unsecure device configurations. IOEs take these traditionally disparate categories of risk and unite them under a common language, enabling security professionals to quickly assess the security posture of the entire organization prioritized in the context of the business and its critical assets.

Using network modeling of IT infrastructure, attack simulation and analytics, IOEs power visual, interactive attack surface models that understand the interconnectedness of the network and how that impacts risk severity. For example, a vulnerability with a “medium” CVE score may actually be a critical risk to your organization if it sits on a crucial business application. Using the IOE approach, vulnerability management teams can better focus resources rather than chasing false positives.

Additionally, IOEs and attack surface visualization make remediation alternatives apparent. For example, changes to a firewall rule or IPS signature may more efficiently neutralize a risk than deploying a patch. This can vastly reduce incident response times when tackling a zero-day vulnerability or containing an attack.