Cyber Security Abstract

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

Page Nos.

167-172

CYBER SECURITY CHALLENGES IN INDIAN BANKS


Mrs Kalpana Nayar*
Priyanka Rathod**

The issue of cyber-security is as vital to our way of life as technology itself. In fact, they can‗t
be separated: our economic health, our national security, and indeed the fabric of our society is now
defined by the technology we depend on every day. Cyber security relates to our national security,
our national interest, and our economic prosperity. Cyber is a prefix used to describe a person ,
thing or idea as part of computer and information age. Taken from Kybernetes, Greek word for "
steersman" and " governor", it was first used in cybernetics, a word coined by Norbert Wiener. The
virtual world of Internet is known as cyberspace and the laws governing this area are known as
cyber laws and all the netizens ( internet citizens) of this space come under the ambit of cyber laws
as it carries a kind of universal jurisdiction cyber crime is defined as a crime in which a compute is
the object of the crime ( hacking, phishing, spamming) or is used as a tool to commit an offence
(child pornography and hate crimes). Cyber crime may also be referred to as computer crime.cyber
criminal may use computer technology to access personal information, business trade secrets, or use
the internet for exploitive or malicious purpose. This research paper focuses on the cyber security
issues faced by Indian banks. It also helps to analyse about the awareness of Cyber crimes to the
common people.
Keywords : cyber security, banks, technology, challenges and cyber crimes.

Introduction security posture of the Urban Co-operative


banking sector against evolving IT and cyber
During the ongoing Covid 19 pandemic
threat environment.
world is going through a change leading all the
countries to take a step towards the digital area The year 2020 has been quite
which is needed. But as a society that runs challenging for Indian banks when it comes to
largely on technology, we are also as a result cyber security. After the onset of the COVID-19
dependent on it. And just as technology brings crisis, banking operations disrupted severely as
ever greater benefits, it also brings ever greater banks struggled to provide uninterrupted
threats. It becomes a focal point for cybercrime. services to their clients during various stages of
RBI published ―‗Technology Vision for Cyber lockdowns. In the following months, they
Security‗ for Urban Cooperative Banks – 2020- accelerated their digital transition efforts (such
2023 The Reserve Bank of India has today as digital banking and remote access to
placed on its website the ―‗Technology Vision employees) to ensure contactless business
for Cyber Security‗ for Urban Co-operative operations. With a surge in digitisation, banks
Banks (UCBs) - 2020-2023. The Technology also witnessed a spike in cyber attacks as
Vision Document aims at enhancing the cyber cybercriminals found new opportunities and
*Assistant Prof Economics Dept, VPM‘s Joshi Bedekar College, Thane
**Mcom Part 2 Student, VPM‘s Joshi Bedekar College, Chendani Bunder Road, Thane.
167
vulnerabilities. Indian banks are likely to and retailers. The paper briefs about the cyber
continue to experience rising financial frauds threat and frauds, it also briefs about the internet
due to the increasing digital attack surface. user in India, its scope and future. Author also
Rising cyber threats after COVID-19 pose puts light on the governmental measures to stop
serious concerns for Indian banks and the cyber crime and talks about the challenges that
Reserve Bank of India (RBI). Areas under cyber India needs to face to beat cyber threat.
security: Cyber security or information Bawa D. and Marwah D. (2011) Authors
technology security are the techniques of explain in this Cyber ethics refers to the code of
protecting computers, networks, programs and responsible behaviour on the internet, this paper
data from unauthorized access or attacks that are explores the codes of online conduct that are
aimed for exploitation. emerging as new media gains more influence in
Scope of the study political and business affairs.
The banking sector is a major contributor Brar et al. (2012) In their study on
to the growth of the Indian economy. Since late vulnerabilities in the security aspects of e-
eighties, the Indian banks have been aggressive banking, observed that use of internet
in implementing technological solutions. This technologies have transformed banking industry
has caused major concerns in terms of from the customer and bank perspectives. The
protecting and preserving the privacy of study further pointed out that it has greatly
information assets throwing numerous risks to increased the number of criminal activities like
banks and customers. Numerous studies across customer identity theft, phishing, DoS attacks,
the world have emphasized the need and malware attacks; ATM related cyber threats and
requirements for detailed analysis on Cyber credit card based cyber frauds.
security issues in banking. The Indian banks Cezar V. (2012) This paper explores the
unlike foreign banks are huge in size and have a notion of cyber attack as a concept for
large number of human assets and branches. understanding modern conflicts. Author
Hence, managing Cyber security in these larger elaborates a conceptual theoretical framework,
organizations is challenging and mandates for observing that when it comes to cyber attacks,
effective risk management. Therefore, the cyber war and cyber defence there are no
present study on Cyber security threats in the internationally accepted definitions on the
Indian banks has high relevance in the modern subject.
day business environment.
National Cyber Security Policy Govt. Of
Literature Review India (2011) In this paper gives a detailed study
Arief R. et al. (2011) Group of Faculty about the cyber security, cyber space and its
of computer science from university of strategic perspective authors also explain that
Indonesia specifically discusses about three legal framework, law enforcement and
types of applied ethics i.e. Cyber ethics, information sharing. Paper also talks about the
information ethics and computer ethics. There awareness created at different level of users
are two aspects of these three applied ethics that (corporate, home users, students etc) through
is there definitions and the issues associated training. The paper is concluded by discussing
with them. Authors also say that these three the technologies used for ensuring security.
applied ethics acts as a base for e-government Sanjay P. (2010) Author discuss in detail
ethics and can enrich the e-governance of the the provisions of IT Act, 2000 and its recent
country. amendments towards combating cyber crime.
Ashwini B. (2012) Author discusses Author has also made an attempt to analyse the
broadly about the ratio of increasing cyber crime current trends in cyber crime then the analyses is
and their effect on the society and e business made on the needs of legislation and current
168
provisions of IT Act, lastly paper talks about establishing priorities, developing recovery
similar provisions in the world and drawing strategies in case of a disaster. Any business
parallel laws in the country. Finally author sums should have a concrete plan for disaster
up the discussion with suggested recovery to resume normal business operations
recommendations for possible and safe cyber as quickly as possible after a disaster.
world. Samridh S. et al. (2012) The paper
4. Network security
proposes a curriculum for cyber safety education
in schools. The proposed curriculum covers four It includes activities to protect the
sections: Cyber Threats, Protecting Ourselves, usability, reliability, integrity and safety of the
Cyber Ethics and Cyber Laws. network. Effective network security targets a
variety of threats and stops them from entering
Objectives of the research:- or spreading on the network. Network security
1. To find out the attitude of people towards components include:
adoption of cyber security in India.
India has seen a series of unprecedented
2. To understand the Cyber security events during the last one year, which have
threats(challenges) faced by the Indian brought the issue of cyber security for the Indian
banks. banking sector to the fore like never before. The
most significant factor in this regard has been
3. To offer suitable suggestions in handling
the ongoing initiative of the Government of
cyber issues in banking sector.
India, through its flagship Digital India
Research Methodology programme with a vision to transform India into
The research study has been done from a digitally empowered society and knowledge
secondary data through various websites, economy. The sharp rise in value and volume of
journals, reference books. Primary data is also digital transactions which touched record levels
collected from a sample size of 50 respondents in March 2017 manifests the accelerated shift
to evaluate the awareness of common people towards electronic payments. The continued
with respect to the cyber security challenges. increase in penetration of inclusive banking
through the Pradhan Mantri Jan Dhan Yojana
Major areas covered in cyber security are: (PMJDY) with the total number of accounts
1. Application security:- crossing 29.18 crore brought the uninitiated and
new users into the fold of banking services. Two
It encompasses measures or counter- of the major events included the compromise of
measures that are taken during the the SWIFT payment application in a major bank
development life-cycle to protect applications and subsequent large value fraudulent fund
from threats that can come through flaws in the transfer and the large scale compromise of debit
application design, development, deployment, cards of multiple banks, via an advanced and
upgrade or maintenance. persistent attack on a payment processor . As
2. Information security:- famously stated by Nicholas Carr , ―When a
resource becomes essential to competition but
Information security protects
inconsequential to strategy, the risks it creates
information from unauthorized access to avoid
become more important than the advantages it
identity theft and to protect privacy. Major
provides. Cyber risk now ranks among the
techniques used to cover this are: a)
existential risks for Indian banks.
Identification, authentication & authorization of
user Technology landscape
3. Disaster recovery:- The pace of digitization of financial
transactions in India continues to gather pace. It
Disaster recovery planning is a process
is estimated that noncash payment transactions,
that includes performing risk assessment, which today constitute 22 percent of all
169
consumer payments, will overtake cash Ransomware on the Rise: The recent
transactions by 2023.The technology episodes of malware attacks, viz. sWannaCry
infrastructure continues to build up, with 100 and Petya, brought home the rising menace of
crore mobile connections in the country, of ransomware. As more users recognize the risks
which 24 crore are of smartphone users. The of ransomware attack via email, criminals are
number of smartphones has increased to 52 exploring other vectors. Some are experimenting
crore by 2020. Around 90 percent of all devices with malware that reinfects later, long after a
are internet enabled and the number of internet ransom is paid, and some are starting to use
users has doubled to nearly 650 million by 2020 built-in tools and no executable malware at all to
from 300 million in 2015. avoid detection by endpoint protection code that
focuses on executable files. Ransomware
Meanwhile, the Aadhaar enrolments
authors are also starting to use techniques other
continue to reach saturation levels, with two
than encryption, for example deleting or
states already reporting 100% coverage. The
corrupting file headers.
PMJDY accounts extended the financial
inclusion agenda, with almost 18 crore accounts Mobile devices and Apps: As
being in semi-urban/rural areas. It needs to be organizations move towards adopting mobile
kept in mind that most of these account holders devices as its preferred channel for doing
will be new to the banking processes and the business, it also becomes the ideal choice for
technology infrastructure underlying it, making hackers to exploit as the base increases. Since
them vulnerable to social engineering and other financial transactions can be done on mobile
cyber attacks. apps, the mobile phone is becoming an attractive
target leading to an increase in mobile malware.
Cyber Security challenges: Some of the
The risk of jail-broken and rooted devices used
factors which continue to have their impact
for financial purposes increases the scope of
on the state of cyber security are low
attack.
awareness
Awareness remains low: Awareness Distributed denial of service (DDos)
attack: With the advent of IoT-powered
amongst internal employees remains the first
botnets, destructive DDoS attacks are inevitable
line of defense. However, not many firms invest
and have intensified in volume and frequency.
in training and improving the cyber security
Organizations in India need to improve their
awareness levels within the enterprise.
response capability to mitigate DDoS risks.
Inadequate Budgets and Lack of Top
Social Media: Growing adoption of
Management support: Budgets are usually
social media leads to more potential for hackers
driven by business demands and low priority is
to exploit. Many a user puts her data out for
accorded to Cyber security. Top management
anyone to see, which can be potentially
focus also remains a concern, support for cyber
exploited to attack the user‗s organization. Use
security projects are usually given low priority.
of social media to propagate fake news can
This is primarily due to the lack of awareness on
impact banks‗ reputations in an insidious
the impacts of these threats.
manner.
Poor Identity and Access
Management: Identity and access management Cyber security initiatives in India
is the fundamental element of cyber security. In ISO 27001 (ISO27001) is the
an era where hackers seem to have upper hand, international Cyber security Standard that
it requires only one hacked credential to gain provides a model for establishing,
entry into an enterprise network. Despite some implementing, operating, monitoring, reviewing,
improvement, there remains a lot of work to be maintaining, and improving an Information
done in this area Security Management System.
India’s legal framework for cyber security.
170
1. Indian IT Act, 2000 Section 65 - Tampering Internet banking is being used by 5
with computer source code, Section 66 - respondents.
Hacking & computer offences, Section 43 – Mobile banking is being used 11
Tampering of electronic records respondents.
2. Indian Copyright Act States any person who Cheque and e -wallets are used by3 and
knowingly makes use of an illegal copy of 2 respondents respectively.
computer program shall be punishable.
Computer programs have copy right We can see there is increase in use of
protection, but no patent protection. mobile banking in indian banking customers.
3. Indian Penal Code Section 406 - 5) Out of 50, 36 respondents are aware of cyber
Punishment for criminal breach of trust and crimes. Remaining are not aware or not sure.
Section 420 - Cheating and dishonestly 6) With respect to awareness about various
inducing delivery of property[6]. cyber crimes 19 respondents heard about
4. Indian Contract Act, 1872 Offers following hacking it is most known cyber crime people
remedies in case of breach of contract, aware of. 16 respondents heard about
Damages and Specific performance of the banking / credit card related crimes in indian
contract. banks which they are aware through
different mediums.
Data Analysis and Interpretation of fifty
respondents. The survey was done through 7) 16 respondents think that cyber security
google form. issues is main reason because of which there
banks account are not secured. 11
1) Maximum respondents 34 were male, only respondents think that fraud exposure in
15 were female 40 respondents belong to the banks is the reason. Virsus attacks and
age group of 18 to 30 years. 5 respondents internet related threats are distributed
were from 30 to 40 age group and 3 equally i.e 10 respondents respectively.
respondents are from under 18 age group
and 1 respondents is from 40 to 50 age 3 respondents think that management related
group.1 respondent was from 50 above age threats is also the reason.
group. Maximum respondents belonged to 8) 9 respondents believe that covid-19 is the
students group. factor due to which they started using online
2) There were mix responses about using banking.
online banking system in their day to day 9) 35 respondents have trust on public sector
life. 44 respondents use online banking banks. 11 respondents have faith in private
system in their daily life. 5 respondents do sector banks .
not use online banking system due lack of
security issues. 10) 12 respondents are not at all aware about
cyber security issues which shows lack
1 respondent is not sure about using online education and awareness.
banking system .
11) most dangerous cyber attacks for indian
3) Out of 50, 47 respondents had a bank banks.
account.
16 respondents feels that stolen of
4) With respect to mode of payment used the confidential data is the most dangerous cyber
analysis was as follows 14 respondents still attack for indian banks. 12 respondents feels that
trust on cash payment for there workings. Data corrupation which comes second most
Debit and Credit Cards are used by 13 dangerous cyber attack . Malware attacks and
and 2 respondents respectively. identity theft are 5-5 respondents respectively.

171
12) With respect to best security tools to protect People do not have trust in private sector
online banking; 23 respondents thinks that banks and foreign banks as compared to public
biometrics- retinal scan of fingerprints ,voice sector bank in india specially. Central
etc is the best tool to protect online banking. government must enhance cyber hygiene among
all end-users and to create a secure and safe
16 respondents feels that passwords
internet ecosystems and The Centre Emergency
enable to protect online banking. 7 respondents
Response Team (CERT-In) must coordinate
feels that Digital electronic signature is best
required tasks.
tool for protection of online banking. 4
respondents feels tht digital electronic Banks must practice a rigid cyber
certificates is best tool. hygiene regimen to prevent malware infections
on their systems and to ensure security through
13) 23 respondents are aware about cyber
suitable anti-malware.
security protection act.
The other area that requires immediate
14) 35 respondents have not experience any
attention is to increase insurance coverage for
cyber threat. 9 respondents have experienced
cyberattacks. With rise in malware attacks,
cyber threat in there life. 6 respondents
banks face increasing risks in cyber space. Such
prefer not to say about there experience.
attacks may lead to operational and other
Conclusion security interruptions. Banks has to make aware
Banks should look after cyber security their customers about cyber attacks and
issues in their online banking facilities. There measures to be taken to stay secure and not to
are customers who have bank accounts but not breach any sensitive data.
aware about cyber crime and attacks related to REFERENCES
it, and what harm it can cause to them.
1. Deborah Golden and Irfan Saif, ―The future
Most of the people believe that cyber of cyber survey 2019‖, Deloitte, 2019,
Protection Act is important for Indian banks. https://www2.deloitte.com/us/en/pages/advis
Most of the people are using online banking ory/articles/ future-of-cyber-survey.html
system which leading India to digitalization. https://www2.deloitte.com/content/
In the pandemic situation of covid19 dam/Deloitte/covid19
digital payments have helped a lot. 2. https://www.rbi.org.in/Scripts/BS_PressRele
aseDisplay.
Hacking and banking/ credit card related
cyber crimes are most common cyber crime that 3. http://www.compitjournal.org/paper/348/a-
people are aware of. Privacy and security is literature-review-on-cyber-securityin-indian-
reason which influences people towards online context
banking. There are people who still don't have 4. Simi. bajaj, 'cyber fraud: A digital crime,
bank accounts. 'www.academia.edu/cyber_fraud_a_digital_
crime
Banks cyberattacks increased 238%
5. www.researchgate.net
during february-April 2020. Reserve Bank of
India had set up Reserve bank information 6. www.rebit.org.in
technology Private limited(Rebit) to take care of 7. https://www.researchgate.net/publication
IT requirements and cyber security in indian 8. www.mananprakashan.com
banks. People are still in favour of cash 10.http://www.compitjournal.org/paper/348/a-
payments for there day to day life. Banks should literature-review-on-cyber-security-inindian-
do education and awareness program for their context
customers. 11.www.academia.edu/cyber_fraud_a_digital_cr
ime

172

You might also like