DSCI (Data Security Council of India) conducted a round table conference for Banking, Financial Services and Insurance (BFSI) sector on 27-Nov-2015. The event was attended by 35 senior BFSI professionals including Business Heads, Chief Information Security Officers, Risk Officers, Vigilance and fraud specialists from banking, financial services and insurance sectors.
The Conference started with welcome remarks by Mr. Nandkumar Saravade, CEO, DSCI. He introduced the event as an exclusive platform for DSCI members in the BFSI sectors, to discuss both the current issues and possible initiatives in Cyber Security space. He stressed upon taking a blended approach and how aggregate, industry-level efforts can benefit the organizations in the sector.
His remarks were followed by a Special address by Mr. Tajinder Singh, Deputy Secretary General, International Organization of Securities Commissions (IOSCO). Mr. Singh while introducing IOSCO, mentioned that cyber risk has emerged as a major risk for market financial institutions, with its unprecedented scale and systemic and global nature. Highlighting the importance of cyber security as one of the important tenets for systemic risks, he apprised the audience on the collaboration and engagements of IOSCO with CPMI (Committee on Payments and Market Infrastructures), Basel Committee, and Committee on Global Financial System for financial stability and better coordination He encouraged participants to look into the FMI’s (Financial Market Infrastructures) Cyber Resilience Framework as guidance framework.
Mr. Ahmed Javed, IPS, Commissioner of Police, Mumbai graced the occasion with his keynote address. He touched upon the salient issues for tackling the Cyber Security challenges. In his address, he underscored the lack of awareness as one of the critical reasons for financial crimes and frauds. He emphasized on how evolving technologies, increased adoption of social media has increased the usage of newer channels and with the increased the volume of transactions it is imperative to upscale the efforts for awareness and know-how and awareness. He made the session lively citing some recent cases and learning; in which even educated individuals were lured and trapped to become victims.
This rousing opening session was followed by a panel discussion on “Cyber Security in Banks – Past, Present and Future”. This panel was moderated by Mr. Ganesh Sankaran, Executive Director, Federal Bank with Ms. Ashalatha Govind, GM & CISO, State Bank of India and Mr. Ashutosh Jain, CISO, Axis Bank, as the panel members. Mr. Sankaran opened the discussion talking about the various technology evolutions that has led the development of virtual branches in parallel to physical branches. He sought views on the current and evolving role of CISOs. Ms. Ashalatha while responding, highlighted the practical challenges of business demands and CISO plays a critical role in balancing time to market and security reviews. She quoted that despite being educated and aware, customers divulge their passwords to social engineering calls. Future may entail with better prospects through customized security based on customer behavior.
Another intriguing aspect touched upon by Mr. Sankaran was, the concept similar to credit charge back in the area of credit risk and whether a similar concept of technology capital charge back for cyber security risks. This was responded to in candid manner by Mr. Jain. SOCs (Security Operations Centers) track what is happening in the enterprise, but capital charge may not work as cyber risk is not attributable to one factor. Fraudsters enjoy an asymmetric advantage; so only deterrent will be if they have the fear of getting caught. The session threw up many such interesting aspects and emphasized the need for development of robust internal capabilities and collaboration with internal and external stakeholders, as the key solution to combat the cyber security risks.
Another interesting feature of the roundtable was a session by Mr. Triveni Singh, Additional SP, Special Task Force, UP Police. He presented on how law enforcement investigates and solve some of call center frauds impacting the customers from the BFSI sector. He gave insights into a lot of live cases and how these were solved with combined efforts from industry and law enforcement agencies. Practical approaches and open discussion on engagement with local police for cybercrimes were the key highlights of this session.
DSCI team shared some initiatives which are being worked at both at the national and industry level. DSCI has been engaging the industry and government for the following:
- Developing comprehension of complexities involved in managing the affairs of cyber security in a systematic and structured manner.
- Promoting collective learning, exchange of ideas within and outside the sectors, for improving overall security posture and preparedness
- Channelizing industry expertise in critical industry and national initiatives
- Developing a conducive policy environment which fosters security culture and balances interests for the benefit of possible stakeholders
- Further economic advancement by building trust in the cyberspace, undertaking efforts for removing hindrances and ensuring predictable environment
A small survey of sectoral maturity of cyber security risks and data privacy was presented and responses were collected from the participants.
The concluding session of the event was an open discussion on how DSCI can further its initiatives for development and benefit of industry especially the BFSI sector. Some of the areas discussed were:
- Dissemination of cross-sectoral learnings
- Task Force on Cyber Crime Investigation
- Regular interaction through a permanent forum, to further the objective
Finally, Mr. Saravade thanked all the participants for sharing their time and knowledge and assured that the BFSI Roundtable will become a regular meeting point for security and risk professionals to promote mutual learning and taking up industry level initiatives