Page 44 - Banking Finance February 2025
P. 44
ARTICLE
Supply chain attacks: An attack that breaches a victim phishing attempts, secure handling of sensitive data, and
through a compromised third-party vendor. adherence to cybersecurity protocols.
Account takeover: An attack that uses stolen or guessed Network Segmentation and Perimeter Defence:
credentials to log into corporate systems. Segmenting networks limits the movement of attackers if a
Vulnerability exploitation: An attack that exploits breach occurs. Firewalls, intrusion prevention systems (IPS),
and secure gateways serve as the first line of defence
weaknesses in an organization's applications.
against unauthorized access.
Bank drops: An attack where stolen funds are stored in
fake bank accounts to hide the location from authorities. Data Encryption: Encryption ensures that sensitive data
remains unreadable even if intercepted. Banks employ end-
Man-in-the-middle (MITM) attack: A cyber-attack where
to-end encryption for transactions and encrypt stored data
a criminal inserts themselves between two parties in a to protect customer information.
communication channel to steal data.
Vendor and Third-Party Risk Management: Banks rely on
Crypto-jacking: Unauthorized use of banking systems for
third-party vendors for various services, increasing the risk
mining crypto currencies, often slowing down operations and
of supply chain attacks. Conducting thorough due diligence
increasing infrastructure costs.
and requiring vendors to comply with stringent security
Injection attack: A cyber-attack that exploits vulnerabilities standards are essential steps in mitigating these risks.
in an application to inject malicious code or data into a
system. This can allow attackers to access data, execute Detection Mechanisms
unauthorized commands, or manipulate the system's
While prevention aims to block threats, detection focuses
operations.
on identifying and addressing breaches in real time.
In the first four months of 2024, Indians lost more than Rs. Advanced detection mechanisms include:
1,750 crore to cyber criminals, reported through over Real-Time Monitoring and Threat Intelligence: Banks
740,000 complaints on the National Cybercrime Reporting
deploy security information and event management (SIEM)
Portal. Given the increasing digitalization of banking
systems to monitor network activity in real time. These
services, including mobile and online banking, the attack systems utilize machine learning to identify anomalies that
surface has grown exponentially, necessitating robust
may indicate cyber-attacks.
mechanisms for prevention, detection, and response.
Behavioural Analytics: Behavioural analytics tools detect
Prevention Mechanisms:
Prevention remains the cornerstone of a comprehensive
cybersecurity strategy. Key preventive measures include:
Strong Authentication and Authorization Protocols: Banks
have increasingly adopted multi-factor authentication (MFA)
to ensure that access to systems and accounts is tightly
controlled. Biometrics, such as fingerprint or facial
recognition, and token-based systems provide additional
layers of security.
Secure Software Development Practices: Adopting secure
coding standards and practices helps minimize vulnerabilities
in banking applications. Regular code reviews, penetration
testing, and the use of automated vulnerability scanning
tools are crucial.
Employee Training and Awareness: Human error is often
the weakest link in cybersecurity. Banks invest in regular
training programs to educate employees about recognizing
BANKING FINANCE | FEBRUARY | 2025 | 39
