• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

Financial Services Are Prime Targets For Attackers: Kartik Shahani

Kartik Shahani (Country Manager, Tenable India) shares insights on cyber-risks that affect companies in the financial sector and how they can manage them

Photo Credit :


Kartik Shahani (Country Manager, Tenable India)

In a recent interaction with BW Businessworld's Rohit Chintapali, Kartik Shahani (Country Manager, Tenable India) shared some insights on cyber-risks that affect companies in the financial sector and how they can manage them.


How can UPI apps make the financial services sector vulnerable to cyberattacks?

As with any unified payment model, there are several parties involved such as banks, merchants and service providers. This connected ecosystem expands the attack surface and creates potential pathways for attacks. This means that a single seemingly unconnected breach of one party can introduce malicious code directly into unrelated, separate infrastructures. If the same level of cybersecurity and risk compliance isn’t upheld across the board, the ramifications can be significant.

Additionally, most applications that banks, merchants and service providers use may contain code that the IT teams didn’t write especially if they’re using libraries from open source. Vulnerabilities and cloud misconfigurations in third-party or open-source dependencies, pose significant security risks. Because if one of these dependencies has a vulnerability, then chances are the organization using the code is vulnerable as well.

The RBI’s Payments Vision 2025 focuses on making fintechs and UPI apps secure. Why is this necessary for the critical infrastructure in the Indian financial sector?

While cybersecurity maturity levels within the financial sector are higher than in other sectors, they aren't completely out of the woods. No organisation is. Cybercriminals capitalise on data, and the more private and/or personal, the more interest cyber criminals will show. This makes financial services a prime target for attackers given the type of information utilised. Cyberattacks go beyond data, if the attack implicates the digital infrastructure the bank relies upon to function, it can cause system outages which has a direct impact on the entire economy.

To manage risk effectively, start with building a resilient infrastructure for technology services through visibility into the whole environment, a deep understanding of business and technical risk and the ability to prioritise defences against the most likely attack vectors. Stopping the inevitable isn’t the goal, but minimising the impact and loss from an attack, while increasing response and recovery time is key for building a truly resilient business and security program.

How does cloud adoption give way to more cybersecurity risk in the financial sector?

Cloud environments are far more complex to secure now than they were a few years ago. Cloud apps, for example, are fertile entry points for attackers. Although all modern cloud apps are being built with resiliency in mind, they can also suffer from different types of weaknesses, insecurities, vulnerabilities and misconfigurations. These risks can allow attackers to gain access to the cloud network and provide reach to critical business databases. The only way to achieve true cyber resilience is for cloud-native infrastructure to heal itself by codifying security throughout the development lifecycle.

How do outsourcing networks and remote operations make attacks easier for hackers?

Over the last two years, we’ve seen a tremendous increase in the need for digital, flexible, and remote work environments for employees while also providing customers new services and mechanisms to continue to do business with these companies. Organisations have stepped up cloud infrastructure adoption and cloud service providers, in turn, have answered the call. However, cloud breaches are increasing in scale and velocity as well. New technologies and the speed of cloud development, have opened up new attack pathways for bad actors. As organisations rapidly adopt cloud services and infrastructure, the margins for error will continue to increase, meaning there is an imperative for cyber resilience.

What are some of the best practices businesses can establish to mitigate such risk and protect customers?

Cloud security solutions need to be able to secure cloud infrastructure at the speed of the engineering team. Cloud security posture management (CSPM) tools should be able to detect misconfigurations early in the development cycle and support both the developer and the security workflows during development and runtime. The only way to achieve true cyber resilience is for cloud-native infrastructure to heal itself by codifying security throughout the development lifecycle. In cloud environments, cloud infrastructure needs to be born secure. Organisations need IaC tools that generate the code to remediate risks so developers can simply mitigate them before it is deployed. This developer-first approach allows organisations to fix vulnerabilities quickly without worrying about them at runtime. With the right CSPM tools, organizations can better understand security risks and drive next-generation capabilities towards advanced security threat modelling, breach path prediction and more.

Also Read: Global Ransomware Damages Estimated To Exceed $30 Billion By 2023: Report