Cyber Security: All stakeholders should work hand in hand

Prashant Dhanodkar, Chief Information Security Officer, SBI General Insurance
Prashant Dhanodkar, Chief Information Security Officer, SBI General Insurance

Prime importance is being attached to Information Security by the Government at the centre and state level, regulators and business organizations. These efforts will, however, only be prolific when an individual is practising safety at their personal level

Internet access in today’s world has become as routine as it gets. Service providers in present times are making data plans available at a minimal cost, leading to higher digital penetration. India is one of the very few economies to boost of over 100 Crores mobile phone users. The Government is also committed to increasing the digital footprint in our country through their Digital India programme. All this has led to the emergence of electronic transactions for business, like online banking, online insurance, funds transfer, bill payments, e-wallet payments as well as recreation like online shopping, movie/train/air ticket bookings, with utmost simplicity.

While these transactions have made the entire globe a unified, connected marketplace, a digitised economy runs the risk of being confronted by an inevitable security threat. The responsibility of combating this challenge lies with retail and institutional audience alike. The Banking, Financial Services and Insurance sector, popularly known as BFSI, is particularly exposed to cyber threats, given the nature of transactions involved. Since all the personal information of an individual is aligned on these digital platforms, it is of paramount importance to ensure that the same is not leaked as the ramifications of these could be critical to the trust placed on the organisation.

The BFSI organizations are aggressively dealing with Information & Cyber Security, which is treated as a business issue and deliberated at Board level. The management is fully aware of reputational and opportunity losses which may incur due to Data Security breaches. Hence the Security Governance measures interwoven with Corporate Governance are being put into place. Business balanced scorecards (BSC) are being tweaked to accommodate security compliance. The work force is being constantly trained on their security responsibilities. Organizations are keenly driving customer awareness campaigns around data security using multiple aids like mailers, advertisements & customer portals etc.

With respect to usage of Security Technology, BFSI organizations are protecting their ‘Crown Jewel – Customer Data’ with multi-layered security tools. Apart from conventional technologies like Firewalls, Intrusion Prevention, organizations are rapidly embracing latest tools like Data Leakage Prevention, Data Encryption, Web Application Firewalls, Zero Day attack protection, Mobile Device Management (MDM), Information Rights Management (IRM) Security Incident & Event Manager (SIEM) and Threat Hunting etc. Majority of BFSI have implemented 24×7 alert monitoring by commissioning Security Operations Center (SOC).

The criticality of Information & Cyber Security is recognised at a Government level as well. They are committed to spreading security awareness through the establishment of Cyber Swachhata Kendra (www.cyberswachhatakendra.gov.in) and CERT-In advisories. This portal provides useful alerts on cyber threats and user friendly tools for removing BOT malwares and protection of mobiles, USB devices and browser security. Most of these tools can be downloaded free of cost.  The role of the Government is not limited to the advisories but they are also working on Data Protection Act, which will soon be an integral part of our Constitution. Given the various data repositories that exist in today’s times, this Act is being drafted keeping personal information protection in focus. Needless to say, such a law is need of the hour in today’s internet driven economy.

The industry regulators like IRDAI, SEBI and RBI are equally committed to ensure security measures and have commensurate guidelines for the same. Many Insurance companies including SBI General, Banks and NBFC have adopted best security practices in their efforts to secure customer information.

The onus of protecting individuals from cyber security does not rest with the Government and business organisations alone. All individuals using any digital platform needs to be mindful of sensitivity of personal information. Taking simple precautions like not sharing Passwords, Transaction OTP and Card CVV numbers, can go a long way in securing data misuse. Since the transactions are not limited to computers/ laptops, as user is required to follow similar protocols for mobile and app based transactions as well. While corporates have trustworthy Firewalls in place, users should ensure authentic Antivirus on their desktops, laptops and smartphones.

Thus, prime importance is being attached to Information Security by the Government at a Centre and State level, Regulators and business organizations. These efforts will, however, only be prolific when an individual is practising safety at their personal level.

Authored by Prashant Dhanodkar, Chief Information Security Officer, SBI General Insurance