Experts Say Banking & Finance Are Most Vulnerable Sectors Against Cyber Attacks In 2023

As India is moving towards greater digitisation, businesses across the board are increasingly using the cloud to store their files. This enables them to process data more wisely, forecast more accurately, and bring efficiency to their meta-operations. However, experts say threat risk increases proportionally as cyberspace expands, especially for financial institutions.

Raj Sivaraju, APAC President of cyber risk platform Arete, said, “The world today is moving towards digitization at an accelerated rate. Almost every company across the spectrum has its files stored on a cloud network. As cyberspace increases, the risk of threats also rises proportionately.”

By leveraging technology and bridging old silos, established financial institutions are also rethinking their business models and providing customers with more value that is in line with their evolving requirements and preferences. This evolving environment applies to the banking space as well. Banking significantly relies on technology to give customers a quicker, more engaging banking experience.

According to Sivaraju, the banking industry in India is undergoing significant transformations. It is opening itself to the digitization and automation of processes and technological advancements like AI and ML.

However, Sivaraju added, “This increases the scope of cyber threats, and to counter that, cybersecurity as a service is more crucial than ever to ensure safety and seamlessness to the banking sector, allowing it to scale further by making the most of digital innovations in the country.”

In 2023, safety against cyber threats is to become more crucial for individuals as well as organizations irrespective of their size or industry. Banking & Finance is to witness the spike in the attacks as it is among the top targeted industries. A recent Barracuda research showed that ransomware attacks on financial verticals tripled between August 2021 and July 2022.

Parag Khurana, Country Manager of Barracuda Networks India, said, “The geopolitical conflicts in 2022 reminded us that cyber threats have no borders and just how vulnerable the world is to cyberattacks. against this backdrop, ransomware, zero-day vulnerability, supply chain attacks, and credential theft are some of the top cyber threat trends that organisations need to be ready.”

What Businesses Can Do To Protect Themselves

To protect against cyberattacks, businesses need to implement comprehensive security procedures to achieve this goal. While email-borne attacks continue to be the threat vector, businesses can prevent credential loss with anti-phishing capabilities in email and train users for email security awareness to mitigate human errors. 

Firms can also secure their web applications from malicious hackers and bad bots by enabling web applications and API protection services to defend against DDoS attacks or supply chain attacks. 

Besides using multi-factor authentication (MFA), it’s best to implement Zero Trust Access based on endpoint security postures. 

It’s also crucial to back up data and stay current with a secure data protection solution that can identify critical data assets and implement disaster and recovery capabilities.

New Trends Expected To Emerge This Year

According to Subbu Iyer, Regional Director for India and SAARC at Forescout Technologies, in 2023, several trends are expected to emerge in the cybersecurity space. Iyer said, “2022 saw dozens of notable attacks on utilities and critical infrastructure organizations. On the other hand, the finance industry poses a lucrative target for cybercriminals seeking credit card information or ransom payments.”

In 2023, we will see these types of attacks continue, with ransomware being the most popular type. Some of these attacks could be disruptive and with objectives beyond financial gain, Iyer added. 

“Financial institutions need to understand and assess the range of risks they face, starting with understanding their attack surface. Moreover, the sector should include a risk assessment or gap analysis to help the team identify device posture and resolve them to increase resilience to attacks,” Iyer said. 

Errors and mistakes that compromise security happen frequently, and steps need to be taken to better safeguard against them. Whether they take place in the office or remotely, malicious acts by employees and contractors are also a significant risk. 

Iyar also said that organizations should improve their processes, people skills, and technology to protect against these risks. Training end users and educating the team on cyber vulnerabilities is another great way to build better cyber practices.