1. technology and computing

APRIL 10, 2015 SWI Security Report Vol 4 Issue - 12
3
Special Issue on the occasion of
rd
SECURE BFSI
CONCLAVE
April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
1
•
•
•
•
•
•
CONTENTS
Introduction:
Key Speakers:
Pg 5
Pg 6-18
Bank Security:
Securing Banks in the 21st Century
Pg 21-25
10 Best Practices for Cyber Security in 2015
Pg 29-30
Tackling the Cyber Threat- Way Forward
Pg 51-52
Technology News Segment :
G20 Summit in Queensland Secured by Teleste’s Video Surveillance Solutions
Videonetics bags ‘Best R&D effort of the year’ award by SECONA in association with
Secutech India
News Briefs:
Pg 31
Pg 32-33
Pg 36-48
Cyber Security
Frauds
City Security and Police Modernisation
Smart Cities
Lead Writer: Pathikrit Payne
Contributors: Shelly Bhasin, Shivani Lal
Copyright © Security Watch India 2015
Security Watch India (SWI) is a non-partisan, not-for-profit organization that addresses issues in the space
of the relatively new homeland security sector. SWI works towards a secure tomorrow by enhancing security
awareness and consciousness in Indian industry and civil society. SWI also guides and facilitates potential
investors interested in the Indian homeland security business. Security Watch India is not responsible for
the facts, views or opinion expressed by the author(s) in this report. Republication or re-dissemination of the
contents of this document are expressly prohibited without the written consent of Security Watch India.
You can avail these reports for a year by joining Security Watch Indian Membership program or independent
annual subscription for just Rs. 2500 (50USD).
The subscription will afford you latest and most relevant information on Indian Homeland Security situation
that will help you make right decisions for your business.
For advertisement related queries please contact:
Write for more information please contact
Amit Siddhartha E: [email protected] Mob: +91 9953685326
Aniket Gupta
E: [email protected] Mob: +919811319236
www.securitywatchindia.org.in
3
rd
SECURE BFSI
CONCLAVE
April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai
Organised By:
Lead Sponsor:
Lanyard Sponsor:
Cyber Security Partner
Associate Sponsors:
Exhibitors
4
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
Knowledge Partner
INTRODUCTION
Following the overwhelming success of previous events, Security Watch India is proud to present 3rd
Secure BFSI Conclave on 10 April 2015 at Hotel Sofitel, BKC, Mumbai. PwC is the knowledge partner for
the event. The key themes of the event are Cyber/Information security and Fraud Risk Management.
Secure BFSI Conclave will traverse yet another milestone in presenting quality content, ensuring high
level of deliberations matching the expectations and aspiration of security and privacy professionals.
While doing so it will also host a comprehensive exhibition, showcasing cutting edge technologies
and service innovations.
The one day conclave will bring together cyber/information security and fraud prevention experts
from across the financial sector to discuss security vulnerabilities as well as bring forward
effective strategies and solutions to effectively mitigate them. For more details please visit www.
banksecurityindia.com
The event offers a unique one day, interactive thought leader forum full of relevant topics gleaned
from extensive research, market intelligence and feedback from industry leaders, influencers and
senior executives. In addition to expert panels, case studies and keynote addresses, the conference will
integrate new session formats that encourage audience participation, including: Unconference
Some of the discussions points include:
• Critical Security Solutions for regulations and effective cyber defense
• Next-Gen solutions on regulation for an effective and dynamic information technology framework
• Using Analytics for Advance Security
• Utilising software and technology for increased cyber security defence • Rethinking fundamentals of existing cyber security approach
• Leveraging Actionable Security Intelligence to Defend Against Targeted Attacks
• Insight, Investigation & Analysis - Securing the Perimeters
• Authentication Technology To Drive Innovation in Identity Management Some of the key speakers at the event include:
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
5
KEY SPEAKERS
Mr. Agnelo Dsouza
Chief Information Security Officer, Kotak Mahindra Bank
Agnelo D’souza is a Post Graduate in Business Administration. He has twenty
years of industry experience having worked with Indian Express Newspapers,
Global Tele Systems and 3i Infotech prior to joining Kotak Mahindra Bank.
At Kotak, he has worked in ITsecurity Operations before taking on the role
of Chief Information Security Officer. He is responsible for formulating the
Information Security strategy and driving its implementation at the Bank. Agnelo has built a robust
Information Security framework and received several industry accolades.
Mr. Ambarish Deshpande
Managing Director – INDIA & SAARC, Blue Coat Systems India
Ambarish is the Managing Director – India Sales at Blue Coat System Inc, and
has been with the company for the past three years. He brings with him 19
years of experience in building teams, driving market expansion and putting
successful channel strategies in place.
Prior to Blue Coat, Ambarish was the director of alliance, channels and mid-market South Asia
at McAfee. Prior to McAfee, he spent seven years in Symantec. He also had working stints with
IronPort, Samsonite and JVC among others.
Ambarish is a graduate of the University of Mumbai. He obtained his post graduate in management
from NMIMS in Mumbai.
Mrs. Ashalatha Govind
General Manager & Group CISO, State Bank of India
Ms Ashalatha Govind is currently General Manager & Group CISO in State
Bank Group. She joined SBI as a probationary officer. She is an MBA graduate
with additional qualifications of CISA, CIA(Certified Internal Auditor), Oracle
certified DBA, CFP, CAIIB etc.
She has handled various assignments in the Bank like Branch Management, Credit management,
NPA management etc. She has also been a faculty member in the Bank’s staff learning centre. She
6
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
joined the IT department (handling the CBS System development) in the year 2003 from where she
was also deputed to the ‘Bank of China’ for giving a training on CBS.
Thereafter, she had a stint in I&MA deptt as a Credit Auditor on mobile duty covering large domestic
and international branches. She has also participated in various panel discussions including one on
CTS system conducted by NPCI.
Some of her papers are published in the IBA journal.
Mr. Dilip Panjwani
AVP Information Security, DBS Bank
Dilip is a hard core IT professional with 12+ years of varied experience in
the IT & IS domains. A Certified Information Systems Security Professional
(CISSP), BS7799 - Lead ISMS Auditor and hands-on manager with expertise
and proven record of developing and implementing Information Technology
Systems and Information Security controls based on global best practices
that improve and contribute to the organization’s efficiency & data security. Dilip’s experience
encompasses various industry verticals, both in Indian corporate as well as multinationals.
Dilip Panjwani currently is the AVP – IT and CISO for DBS Bank Ltd (India region). He is accountable
and responsible for strategy, risk management, information security program management and
identity management implementation for DBS Bank. He additionally is also responsible for Self
Service Banking (SSB) and ATM Management from IT implementation and compliance perspective.
Prior to joining DBS Bank, Dilip has worked at Kotak Mahindra Bank Ltd as Information Security
Compliance and Governance Officer where he was responsible for security operations, new projects
evaluation, security compliance and governance across the bank. Additionally, Dilip also managed
business process security risk assessment, controls implementation and Information Security
Awareness and Training across the entire Kotak group of companies.
Mr. G K Gupta
VP & Head - Fraud Management Distribution Assurance, Max Life Insurance
A Risk and Audit professional with 22 years of Banking and Insurance sector
experience in Max Life Insurance, American Express and Deutsche Bank.
Head of Fraud Risk Management and Distribution Assurance. Experienced
in Risk and Assurance Audits, Regulatory Compliance. Enterprise Risk
Management, Operations Risk Management, Continuous Controls Monitoring,
Data Forensics, Automation and System Development Projects, Financial Controls, Operations and
Controls, Business Excellence and Quality Management.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
7
SPEAKERS
Mr. K. S. Narayanan
Head – Operational Risk Management & Chief Information Security Officer,
ING Vysya Bank
K.S.Narayanan has 19 years of industry experience having worked in IT Services
and Banking industry. Prior to joining ING Vysya Bank in 2008, he has worked at
HCL and Tech Mahindra in a variety of roles in IT Service delivery, Network Security,
Information Security, Business Continuity Management and Risk Management.
At ING Vysya Bank, Narayanan is the Head of Operational Risk Management & CISO. He is responsible
for driving Operational Risk Governance & Management, Cyber Security, Data Governance, Fraud
Risk, Information Security strategy, Business Continuity and its implementation across the Bank.
Narayanan holds Bachelors of Science in Physics, Master in Financial Management (MFM) from K.
J. Somaiya Institute of Management, Mumbai. He holds the following professional qualifications:
CISA-Certified Information Systems Auditor, Certified Information Security Manager (CISM), CISSP,
and SANS Certified Incident Handler (GCIH).
Mr. Makesh Chandramohan
Head – Information Security & Business Continuity, Birla Sun Life Insurance
Company Limited
Makesh Chandramohan is an experienced and qualified information security
professional with more than 13 Yrs of professional experience across various industry
verticals like BFSI, ITES, Telecom &manufacturing. He is currently heading the
information Security and Business Continuity function at Birla Sun Life Insurance and he was instrumental
in setting up IS functions in various large financial services organization. By qualification he holds a Master
of Computer Application (MCA), CISA (Certified Information Systems Auditor) & CISM (Certified Information
Security Manager) from ISACA (USA). He is an eminent speaker and participate in various forums.
Mr. Mannan Godil
Chief Information Security Officer - Information Security Group
Heading Information Security Group, Mannan drives Information Security,
Business Continuity, Technology Risk Management and Access Management
for Edelweiss Financial Services Ltd. Edelweiss is identified as amongst India’s
leading diversified financial services organization with business straddling across
Credit, Capital Markets, Asset Management, Housing finance and Insurance.
8
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
With 15+ years of overall experience, Mannan has served the domestic as well as International
business in the field of Information Security. He is a Certified Chief Information Security Officer (EC
Council), Certified Information Systems Auditor, Certified in Risk and Information Systems Control
and a Certified Ethical Hacker.
Mannan’s accolades include recognition as amongst Top 100 CISOs for risk management practices
by CISO Platform, and being awarded with the title ‘InfoSec Maestros’ by Info Security group. He
has also been awarded with the Risk Titan award by Edelweiss.
Mr. Menny Barzilay
Chief Security Evangelist, Uniken
Menny Barzilay is a cybersecurity strategist and esteemed public speaker.
Prior to joining Uniken, Menny has served as a CISO in the Israeli Defence
Forces, Barzilay (Capt. (Res)) and head of the IT Audit department at Bank
Hapoalim Group (Based in Israel). An evangelist of innovation, he meets
and advises many startups and entrepreneurs from around the world. In
addition, he lectures and serves as the host and panelist at cyber security conventions, conferences
and professional work groups worldwide and his publications are featured in renowned computer
magazines.
Mr. Michael kehoe
IBM WW i2 EIA Sales Leader, IBM Analytics Group IBM
Michael kehoe is the IBM WW i2 EIA (Enterprise Insights Analyses) Sales
Leader for the Commercial sector. His responsibilities are to work with clients
and deliver solutions that solve their challenges caused by their overwhelming
data. Currently he is working with WW clients in developing the next generation
Security Operation Centers (SOC). Understanding your adversaries, their
threats and their methods to actively prepare to detect and defend against them.
Previously Mike was a senior global products manager for Smarter Cities, where he lead the delivery
of product based solutions for world cities. His areas of expertise include industrial control, business
intelligence, enterprise process design, business strategy, and technical opportunity realization.
Mike has a honours degree in Electronic / Electrical Engineering from Trinity University Dublin and
holds a Master of Business Administration (MBA) degree from the Open University. He has written
Papers, redguides and has spoken around the world on what “becoming smarter” can achieve and is
considered to be one of IBM’s foremost forward thinkers on this subject.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
9
SPEAKERS
Mr. Mohan V Tanksale
Chief Executive, Indian Banks’ Association
Mr. Mohan V Tanksale is the Chief Executive of Indian Banks’ Association.
Prior to this, Mr. Tanksale was the Chairman & Managing Director, Central
Bank of India and before that Executive Director of Punjab National Bank. Mr.
Tanksale started his career as an officer in Union Bank of India at Gwalior in 1974.
Mr. Tanksale, a seasoned Banker having rich experience in Banking is backed by professional
credentials like Associate Member of Institute of Cost & Work Accountants of India (ICWA), Company
Secretary (Inter)of the Institute of Company Secretaries of India, CAIIB, a Bachelor degree of Science
and a master degree in English literature.
Mr. Pinaq Dudhwala
Chief Manager - Financial Crime Prevention Group, ICICI Bank Ltd.
Mr. Pinaq Dudhwala is working as Chief Manager, Financial Crime Prevention
Group, in ICICI Bank Ltd. In this role, he is responsible for fraud prevention
and detection for Cards, Payment products and Digital Channels. He manages
strategy related to prevention and detection, vulnerability risk assessment of
product, process and related policy formation. Mr. Dudhwala stint with ICICI
bank is more than a decade.
In ICICI bank, Mr. Dudhwala headed various roles in Fraud risk management which encompasses
application and vendor screening, investigation in different segment of products like Cards, Payment
Product, Retail Asset, Mortgages, Small Medium Enterprise, Rural and Priority Sector lending. Prior
to taking Fraud risk management profile, Mr. Dudhwala has worked in business function and was
responsible to deliver top lines target and set up distribution channels. He has also worked with
General Electric Countrywide Consumer Financial Services for a stint of 3 years in sales and business
management role.
He is also an active core committee member of India Payment Risk Council (IPRC) and represent
on behalf of IPRC in various industry forums that work to combat card and payment fraud. He is a
regular speaker at academic university, industry forum and contributes actively to the industry. He
holds post-graduation Business Management and is an Associate Certified Fraud Examiner. He is
also a Certified Anti Money Laundering Expert.
10
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
Mr. Ravikiran S. Mankikar
Chief General Manager - Information Technology Department, The Shamrao
Vithal Co- operative Bank Limited
Ravikiran Mankikar is presently working as Chief General Manager – Information
Technology at the Shamrao Vithal Co-operative Bank, Mumbai.
He has a rich experience in the field of banking and implementation of
technological projects. He is driving the IT initiatives at the SVC Bank. Implementation of in-house
developed ‘Genius’ Banking applications.
Earlier to this he has had stints with the technology departments of the IndusInd Bank and the
Janakalyan Sahakari Bank. WHe has had experience in setting up Tier 3 Standard compliant data
centre for the Bank and the Bank getting certified for ISO 27001 (Information Security) and ISO
22301 (Business Continuity) practices.
A graduate in commerce, he has a Diploma in Systems Analysis. Recently he has acquired
international certifications of BS7799 & Quality Management Systems. He is also a Certified
Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) and
Certified Information System Banker (CeISB). He is the only awardee from the Co-operative Banking
sector of the C.H.Bhabha Scholarship & Research Award for his dissertation “Impact & Implications
of Computerisation in Banks” conferred by the Indian Banks Association in 1997.
He has bagged various IT awards including the CTO of the Year & CIO Gold Award, CIO 100, Best CIO of
the Year and the Outstanding Achiever of the Year Award, etc. He is actively involved with ISACA – Mumbai
Chapter, has worked on the Managing Committee of the Chapter and has been the President of the Chapter.
He is on the Executive Managing Committee of the Computer Society of India, and having also served on the
Managing Committee of the Computer Society Of India – Mumbai Chapter in capacity of Treasurer and Secretary.
He is also a regular speaker at various forums on Core Banking, Information Security and Information
Systems Governance.
Mr. Richard J.D. Collard
WW Business Development - i2 Advanced Visual Analysis & SME Fraud, AML &
Risk, IBM
Richard Collard draws on a business-based career, with 2 of the major global
fraud analytics organisations - specialising in the provision of detection
solutions and consulting for credit and debit card issuers and for AML. Prior
to joining IBM through its acquisition of ILOG, Richard worked to develop
a radical, new approach to rules-based fraud detection through the automated generation of rules
using genetic algorithms and evolutionary computing techniques.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
11
SPEAKERS
His approach to financial crime management is, therefore, holistic and non-prescriptive - he espouses
the belief that there is no such thing as a ‘one-size-fits-all solution’. This fits extremely well with the
componentised nature of IBM’s approach to the challenges that the FSS industry faces in 2015 and
beyond - especially with the fast-evolving threats in cyber-space. IBM’s ability to draw on ‘best-of-breed’
component sensures that an institution is not tied to a specific specialisation or paradigm - a key benefit
when considering the specific nature of fraud and financial crimes within any single geography.
He has worked on major operational reviews for card issuers in South Africa and Switzerland generating
significant $ savings and operational efficiencies and has been instrumental in the recent adoption
of Business Rules Management Systems (BRMS) technology as a major component of a hosted fraud
detection capability at MasterCard. Current projects include driving a major transformational project
with one of the major UK banks’ AML group to ensure effective resolution of entities across business
units and geos using a combination of paradigms and technologies.
Richard’s ability to draw on global experience allows significant knowledge transfer of global best practice.
His approach is consultative and respectfulof geography and culture which ensures that the thoughtleadership that he provides is positively received - traits which have earned him significant respect
through his engagements.
He has a Bachelors degree in French and Economics and has published work by IBM.
Mr. Saleem Javed
Technical Director, Skybox Security
Responsible for the technical leadership in Asia-Pacific markets, Saleem Javed
has more than 15 years of Information Security experience. Prior to joining
Skybox Security, Saleem Javed was a Security Architect at Hewlett-Packard
Singapore Pte. Ltd. Previously, he held management & consulting positions
at Citibank, Verisign, Wipro Technologies, General Motors, Datacraft. He is a
CISSP, CISM, CRISC and holds a Bachelor’s degree in Engineering for Electronics & Communication.
Mr. Sameer Ratolikar
SVP & Chief Information Security Officer, HDFC Bank
Sameer Ratolikar, presently working as SVP & Chief Information Security
Officer, HDFC Bank. Before this he was CISO with AXIS Bank. Previously
he was working with Bank Of India as CISO and CTO, and Ministry of IT on
deputation to government of Gujarat as Principal Systems Analyst( Security
& networks). He has 20 years of experience in IT and Information Security
domain. He holds certificates such as CISA, ISO 27001LA, CEH, BS25999 LA, COBIT. ITIL v3,
MCSE, CCNA, Cyber law.
12
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
Sameer is Pioneer in Indian banking industry for achieving ISO 27001, PCI-DSS and BS25999 certification
for the Bank; to establish ZACHMAN framework and SABSA based Information security architecture. He
has implemented huge security projects like 2FA, Data leakage prevention, Identity & Access management,
GRC, SOC, PCI-DSS , ISO 27001 , Business Continuity across major BUs of the Bank. Sameer is also on
the panel of Regulators and IBA on developing “Security Standard for Indian banks”.
He is also authoreda book “Information Security-Demystified” for bank’s users and employees. He is also
an active Information Security, Privacy and Cyber Crime speaker in various national and international.
Mr. Shailesh Verma
SVP & Head Debt Management and FCU Retail Lending & Payments, Axis
Bank Ltd.
Shailesh Verma joined Axis Bank in 2008 and currently heads the Consumer
Lending and Agriculture Debt Management and Fraud Control Unit. He
has been instrumental in setting up and enhancing the Debt Management
Framework for the bank.
Today the Axis Bank Debt Management team is renowned for its Debt Management practices.Its strength
is underscored by one of the lowest debt numbers on a portfolio growing at a scorching rate since the last
3 years. The Axis Fraud Control Team has also been recognized at various industry forums for scoring many
Firsts in India. They have won the Best Acquiring Bank Award in South Asia at the Visa International Forum.
Shailesh is spearheading a path-breaking project for using IT & IT Enabled Services for developing
a complete automated ecosystem for Fraud Management & Debt Control.
Shailesh is also the current Chairperson of India Payments Risk Council an interbank initiative
to fight Fraud across the payments industry in India. Before joining Axis, Shailesh worked with
Standard Chartered Bank in India handling various functions, the last ones being the Country Head
– India for Fraud Control Practices Unit.
Shailesh holds a Masters Degree in Business Administration.
Ms. Shraddha Tickoo
Technology Specialist, Trend Micro
Shraddha Tickoo works as a Technology Specialist for Strategic Security
products offered by Trend Micro. She works closely with the Sales, Marketing,
and Presales Teams to provide Consultancy and best practices for implementing
these products. She also works with Enterprise customers and helps them in
deploying security solutions in the best possible manner.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
13
SPEAKERS
Prior to her current assignment, Shraddha has worked for Reliance Communications and been a part
of various security implementation projects. She holds Bachelor’s in Computer Science degree and
carries with her extensive knowledge of IT Security challenges and solutions.
Mr. Siddharth Vishwanath
Partner, Cyber Security Services, PwC
Siddharth is a Chartered Accountant and an MBA from Indian School of Business.
He is a Partner with PwC’s Cyber Security Pactise. He has more than fifteen years
of experience spanning across business and technology risk. Siddharth has led
several projects across strategy, IT Risk, Vulnerability Management, ISMS, BCP
and Information Secuirty awareness programs for Banks and Telcos.
Siddharth is a keen speaker at academic institutes and other forums. He has authored reports on
topics such as Insider Threat, Risks in Social Media, Managing risks i an interconnected world.
Mr. Sivarama Krishnan
Partner and Cyber Security Leader, PwC
Sivarama Krishnan is a Partner and Cyber Security Leader, India at
PricewaterhouseCoopers Pvt. Ltd. with more than 18 years of experience and
has special focus on Financial Services, Telecommunications, Technology, and
E-Governance areas. He advises organizations in the areas including Cyber
Security, Information Security, Business Strategy, Regulatory Compliance,
Risk Management, Process Improvement, e-Governance, IT Strategy, ERP and Application Selection,
Project and Program Management, Vendor Evaluation and Bid Process Management.
Siva has advised a number of Indian, MNC and Government clients on Cyber security, Information
security, business strategy, business continuity, IT strategy, regulatory compliance, risk management,
process improvement, program management. Siva is a known authority in the cyber security domain
in India, speaking and publishing frequently on a number of security issues at various prestigious
national and international forums.
Siva has advised the Govt of India on the Information Technology Act 2000, he is on the Strategy
Council of DSCI,NASSCOM, and on the board of several prestigious educational institutions
pioneering security education in India. Siva has an MBA from the Indian School of Business (ISB),
Hyderabad and is a qualified Chartered Accountant.
14
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
.
Mr. Sourabh Chatterjee
Vice President Technology & Head -Applications, ICICI Lombard General
Insurance Company
Sourabh Chatterjee, in his current portfolio at ICICI Lombard, is managing
the end to end application portfolio for core policy administration systems,
centralised rules management, claims, reinsurance, accounting, money
management and reporting. In addition, I have the accountability for systems
and processes related to partner tie-ups, L1 support for all applications across the company,
document management and workflow management systems across the company, reporting
to the COO and Head of Ops and Technology with a dotted line to business heads for Retail
Sales, Corporate Sales, Underwriting and Finance. Total team size managed including vendors
is 220+ FTE’s.
He has worked in diverse environments in Unisys and has managed the overall relationship and delivery for a
USD 50M+ Fortune 100 Life Insurance carrier in US Midwest. Accountable for both revenue growth and
profitability and single point ownership for all deliveries across Business and Process Consulting, Application
development and maintenance and Infrastructure in a managed services model. Managed the account of
450+ FTE’s spread across India and US in various locations and having varied skillsets across various horizontal
and vertical business units within Infosys.
He has a 15+ years of Information Technology expertise, executing large/ complex multi million dollar IT
programs with Fortune 500 clients across the globe. Currently accountable for a large portfolio of core
Insurance applications, Partner Tie-ups and Allied ecosystem of apps including document management,
workflow management, centralised rules management etc for India’s largest General Insurance company.
Mr. Subhash Subramaniam
Chief Information Security Officer, ICICI Bank
Subhash has a total of 20 years of experience in diverse areas. He started his career
with National Stock Exchange (NSE) and worked there for 3 years (part of core
team which built & rolled out India’s first electronic exchange trading platform). In
1997, quit NSE and setup a technology startup specializing in web applications,
e-commerce portals and eLearning solutions. He expanded the operations with
development centers in Mumbai & Pune and clients spread across the world.
After achieving scale, sold off the business to strategic investors and divested stake and joined
ICICI Bank in 2004 and have been with the Bank for over 10 years with rich banking experience in
diverse roles – Treasury Operations, Technology, Risk Management and Information Security. He is
currently designated as the Chief Information Security Officer (CISO) for ICICI Group – responsible
for ICICI Bank and all its Group companies in India and internationally. Subhash holds Bachelor
in Computer Science from Fergusson College, University of Pune and MBA (Finance) from NMIMS
(Bombay University).
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
15
SPEAKERS
Mr. Sundareshwar Krishnamurthy
Associate Director, Cyber Security Services, PwC
Sundar is an Associate Director with PwC’s Cyber practice. He has more
than 12 years of experience in advising clients to build and sustain robust
Security programs. He focuses on Banking and Telecom sector. He is currently
working with one of the new banks that’s being setup to define and implement
their Security program. Over the last decade, he has advised several public
and private sector banks adhere to security conditions of regulatory requirements, Technology risk
management, business continuity and disaster recovery, Information security policies and processes,
Online banking security, IT strategy, application selection and bid management.
Mr. S.V. Sunder Krishnan
Executive Vice President and Chief Risk Officer, Reliance Life Insurance
•
•
•
•
•
•
• Enterprise Risk Management (ERM) and oversight of Internal Audit, BCP, Information Security, Legal, Secretarial, Claims and Compliance functions.
• Implemented risk based strategy in all the above functions with the use of technology.
•
First Insurance Company in India to rate the Enterprise Wide Risk
Management and Solvency – through Brick Works Rating Agency – got a rating of AAA
Investment Risk Management - Mid-Office Operations, Market Risk Management, Credit Risk
Management, Asset Liability Management and Operations Risk Management
A part of the Standing Committee on Accounting and Investments – IRDAI
Review of dealing room operations and institute controls to check insider trading
Coordinate Asset Liability Management and ERM (Control Committee) executive level meetings
Coordination and reporting to the Board Risk Management Committee, Board Asset Liability
Management Committee and Board Audit & Compliance Committee
Won the Best Innovation Group Quality award for Post Issuance Risk Verification
Experience of Three decades in various Organizations listed below
Background as a senior and middle level manager with iexposure to Bank businesses and operations
in more than 12 countries
• Part of all the core groups – Managing Committee, Control Committee, Board Meetings, Product
Committee, Investment Committee and the like. IT consulting & strategy, IT security and IT
Audits for banks in India and abroad
• Marketing of Assurance, IT security and consulting services during the managerial tenure in
Ernst & Young for the years 1993–97 and during consultancy assignments 2002-03.
Worked for various organizations such as:
DSP Merrill Lynch for the Year 2005-06 as Senior Vice President - Corporate Audit Services for the
16
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
SPEAKERS
entire DSP Merrill Lynch Group of Companies, Member of Risk and Audit Committees. This entailed
review of business and operations of the investment banking company, Broking Company and the
Asset Management Company
ING Vysya for the years 2003-05 as Senior Vice President and Senior Audit Manager - Corporate Audit
Services and a permanent invitee to various IT committees, Member of IT steering Committees, Risk
and Audit Committees. This entailed review of business and operations of the Banking Company,
Insurance Company and the Asset Management Company
Credit Lyonnais as Vice President – Audit, Compliance and Integrated Risk Management and a
member of the weekly Managing Committee for the years 2000-02. A Member of Weekly Management
Committee responsible for running of the bank. Coordinate Concurrent Audit of Investments – which
entails review all the investment transactions.
Standard Chartered as Senior IT auditor responsible for IT audits, payments audit for 12 countries in
Middle East and South Asia regions for the years 1998-2000, Handled two projects: Credit cards at
Dubai and Car Loans in Mumbai.
Bank Internasional Indonesia as Head of Audit and Compliance and a part of the weekly Management
committee of the Bank, Member of weekly management committee responsible for running of the
bank. ALCO committee and Coordinate concurrent audit of investments
Ernst & Young – Audit Manager – Managing a number of Financial Services assignments
Delloitte - Statutory audit of NOCIL, PIL, Tandon Group of companies in SEEPZ
Professional Experience and Qualifications:
Was a President of ISACA Mumbai Chapter for the year 2007-08 and was a member of Board of
Advisors to Bombay Chartered Accountants Society for Internal Audit Studies for the year 2005-06.
Was a Member of Board of Studies – NMIS for MBA – Actuary during the year FY-11.
Am the Chairman of ISACA India Growth Task Force–ISACA International for the last two financial years.
Qualifications:
Bachelor in Commerce and Economics, Chartered Accountant, Certified Information Systems
Auditor (CISA), Inter Company Secretary and Check Point Certified Security Administrator (CCSA);
Enterprise Wide Risk Management Program from AIM – Asian Institute of Management – Manila
Mr. Vaibhav Khandelwal
Business Head - India / South Asia, IBM Trusteer
Vaibhav Khandelwal has been working at intersection of Banking & Technology
for over 10 years. He has worked in Microfinance in SriLanka, been a Trade
Finance Banker with ABN AMRO Bank in Singapore and with IBM consulted
large global banks in Europe and Africa on the channel transformation
and customer engagement initiatives. Vaibhav is currently India and South
Asia Head for IBM Trusteer - a cloud service that is enhancing consumer banking experience by
protecting banks and their customers from cyberfraud. He is passionate about new technologies that
are making banking more credible, accessible and efficient. Vaibhav has a Post Graduate Diploma
in Management for Executives from IIM Ahmedabad.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
17
SPEAKERS
Mr. Vishal Salvi
Partner, Cyber Security Services, PwC
Vishal Salvi is Partner for Cyber security in Price waterhouse Coopers Pvt.
Ltd. Vishal has 21 years if industry experience IT Service Delivery and Cyber
Security and has worked in Crompton Greaves, Development Credit Bank,
Global Trust Bank, Standard Chartered Bank and HDFC Bank. He has been
performing leadership roles in Cyber Security across these organisations for
past 14 years. His last role was of being the Chief Information Security Officer of HDFC Bank for
eight years.
Vishal has extensive management and domain experience in driving the Information Security program
in all key aspects i.e. Policy, Standards, Procedures, Awareness, Identity & Access Management,
IT-GRC, Network Security, Incident Response, Security Monitoring, Malware protection, Security
configuration, Compliance, On-line Banking and ecommerce, Cryptography, Data Protection, Third
Party Management, Business Continuity Planning. Vishal has extensively travelled and well know
leader in information security industry within India as well as globally.
Vishal has rich experience in delivering simultaneous large scale, mission critical projects on time
and under budget.
Mr. Deepak Bhatia
Head Enterprise Sales Indian Subcontinent, Nuance
Deepak Bhatia heads Sales for Nuance in the Indian Subcontinent, responsible
for its Enterprise business. In this role, Deepak leads Sales Performance,
Partner Management and Solution Marketing. Deepak’s key focus is on
continuing Nuance’s strong momentum in the Enterprise Accounts, assisting
them to improve their customer’s experience, and at the same time, increase safety, security and
reduce operational cost.
Prior to joining Nuance, Deepak has been in various strategic and customer facing roles, with
experiences at Nokia, Siemens, Aspect Communications where he managed high-profile BFSI, telecommunications accounts, and channel partners across India and Middle East.
Deepak holds a Bachelor of Technology Degree (Electronics and Communications) from UPTU and
has studied General Management from IIM Lucknow.
18
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
My voice is my password.
Voice Biometrics authenticates your customers through natural voice patterns, not robotic PINs,
passwords, and questions. It’s a level up in security. It’s a brand new user experience. By giving
them the freedom to speak, you let the customers be themselves.
voice is my password.
Simpler authentication.
Wipe out fraud.
Almost-instant ROI.
With much less pain and effort for
Knowledge-based security is
Whether it’s shorter call times,
the customer, they feel more in
nearing obsolescence. Voice
increased functionality, or the ability
control. And a happier customer is
Biometrics is the chance to start
to do amazing new things with your
ometrics
authenticates
your
customers
through
natural
voice
patterns,
not
robotic
PINs,
a more valuable customer.
again from scratch. It’s not a patch. mobile
apps,
Voice Biometrics can
ds, and questions. It’s a level up in security.
It’s
a brand new user experience.
giving
It’s not
a reboot.
deliverBy
from
day one.
freedom to speak, you let the customers be themselves.
Voice Biometrics
Wipe out fraud.by the numbers.
Almost-instant ROI.
authentication.
h less pain and effort for
Knowledge-based security is
mer, they feel more in
nearing obsolescence. Voice
Knowledge-Based
Authentication
nd a happier
customer is
Biometrics
is the chance to start
aluable customer.
again from scratch. It’s not a patch.
It’s not a reboot.
49%
Whether it’s shorter call times,
increased functionality, or the ability
Voice
Biometrics
Authentication
to do amazing
new
things with your
mobile apps, Voice Biometrics can
deliver from day one.
of users say authentication
is time-consuming.
ce Biometrics by the numbers.
average savings over a
three-year period.
of mobile users reset
passwords at least
once a month.
of users say authentication
is time-consuming.
80%
49%
faster authentication
in 5 seconds.
of users are frustrated with
existing authentication.
of mobile users reset
passwords at least
once a month.
67%
faster authentication
in 5 seconds.
Voice Biometrics Authentication
$15M
edge-Based Authentication
67%
85%
80%
90%
of users prefer
Voice Biometrics
overa the status quo.
average savings over
three-year period.
$15M
What customers are saying about Nuance Voice Biometrics.
90%
85%
of you
users
prefer
“The ultimate
are.
Voice is actually the most secure form
of users are frustrated
with security measure is something
Voice
Biometrics
existing authentication.
Paul Heller, CIO, Vanguard.
over the status quo.
step.”
spoken passphrase login through this technology is a logical next
ne
xt step.”
ustomers are saying about
Nuance Voice Biometrics.
Nuance Communications
Deepak Bhatia
|
2015
- Special
3 SECURE BFSI CONCLAVE
[email protected]
|
+91 99111
81052Issue
rd
“The ultimate security measure is something you are. Voice is actually the most secure form
19
20
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
BANK SECURITY
Securing Banks in the 21st Century
Indian Banking Sector is at a cusp of fundamental and tectonic shifts. It is time to
make sure that this very key critical infrastructure remains protected from all kinds
of physical security threats and not just cyber threats
— Pathikrit Payne
T
he last one year had witnessed many positives as well as several new challenges have come
up for the world and for India in particular. World over, the security scenario is no better
than it was a year back. The constant threats of terror attacks have not subsided and on the
contrary the spate of terror attacks and their dimensions continue to expand. In the last one year
the scenario in Middle East, one of the most prominent regions for financial activities, witnessed a
massive deterioration of with the civil wars in Syria and Iraq reaching an even worse situation. The
meteoric rise of the dreaded terror group ISIS and its stealing of more than $400 million from the
Central Bank of Mosul in Iraq vindicated not just the vulnerability of financial institutions in war
prone regions but also how major heist in banking institutions have always been a major source of
funding the nefarious activities of terror groups. That particular heist perhaps played a key role in
making ISIS one of the richest terror organisations of the world. This apart, some shocking new
trends of terror attacks could also be witnessed with terrorists now attacking soft targets such as
schools, shopping malls and universities. Needless to say, banks across the world and especially in
India continue to be extremely vulnerable and prone to terror attacks.
Back in India, the last one year witnessed a certain amount of political stability in the country with
the installation of Narendra Modi led NDA Government. While India has not witnessed any major
terror attack over the last one year, the threat of something sinister remains clear and present. The
multidimensional threat that India faces today have serious ramifications so far as security of India’s
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
21
BANK SECURITY
critical economic infrastructures are concerned. This multidimensional threat comes essentially
from cross border non state actors like the Islamic terror groups that operate in India including the
likes of LeT and JeM. This also includes several home-grown terror groups which allegedly have
funding and training from outside especially from Pakistan and this list contains names like Indian
Mujahideen and SIMI. Then there is this enormous and ever increasing threat to India’s economic
infrastructure that emanates from the Maoists who have continued with their mayhem and have
time and again been responsible for several major attacks on economic infrastructures including
derailing of trains, destruction of telecom towers and power transmission systems as well as looting
of banks. This apart, threat to India’s overall economic and physical security is also from organised
crime syndicates involved in dealing with counterfeit currencies, extortion and kidnapping business
as well as cyber terror groups who operate in a virtual world and have time and again proved their
ability to create mayhem with the global financial system. Overall, as it stands today, the physical
infrastructures of India’s financial sector face all these threats much in the same way as other
critical infrastructures face.
The Indian Banking Sector- Poised for the Next Big Leap
The Indian economy is rightly poised today to reach greater heights over the next one decade. The
story of the rise of Asia has just started. India along with several other major Asian players like China
has both demand and demography on their side to continue with the economic growth story. India
is already a $2 trillion economy and is expected to emerge as one of the fastest growing economies
among emerging economies in the times to come.
Further, the shift in the global economic theatre towards Asia would mean massive rise in the
opportunities for the banking industry as well and needless to say Indian Banking sector is going to
reap major benefits out of it. Already the steps taken by the incumbent government towards financial
inclusion and also by initiating the process of opening MUDRA Bank for reaching out to a large
section of micro units in India are positive steps. Today the Indian banking system handles more than
$1. 5 trillion of assets and is perhaps the most prominent backbone of India’s economic growth.
The resilience of Indian Banking industry is known world over. Be it the economic meltdown of
the Southeast Asian economies in the late nineties or the subprime lending crisis in the American
and European banking sector in 2008, on both occasions, Indian banking sector have been able
to successfully meander through the crises without succumbing to them. The Indian stock markets
too have made giant strides and are considered to be some of the most sophisticated in the world.
Further, the Indian financial systems have made giant leaps in terms of technological adaption as
well. One would have to give credit to it for its successful transformation from archetypal ledger
book banking to net banking and mobile banking. There is also no doubt that the banking sector
itself played a critical role in financing the growth of the Indian economy. With asset size of over
$1.5 trillion and with more than 1 lakh ATMs, the Indian Banking Sector is poised to be the fifth
largest in the world in terms of asset size as per KPMG and third largest in the world by 2025 as
per Boston Consulting Group. Its asset size too is expected to grow to $28. 5 trillion Thus, there is
no doubt about one thing that today, the Indian Banking and Financial Services sector is one of the
most critical economic infrastructures of the country.
Threat to Critical Financial Infrastructures – A Global Phenomenon Now
World over, just as threat to critical infrastructures is a key area of concern for security establishments,
so is the case of security of financial institutions. A case in point would be the 9/11 terror attack
itself wherein the perpetrators targeted the twin towers of World Trade Centre whose destruction had
a massive financial impact on the local New York economy as well as the financial sector of US. A
22
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
BANK SECURITY
report prepared by the Fiscal Policy Institute for the New York City Central Labor Council and the
Consortium for Worker Education, immediately in the aftermath of the 9/11 disaster had stated that
the immediate impact of the 9/11 attack on the New York City economy was estimated to be $16.9
billion and it was also expected to have massive job impact in the securities, retail and restaurant
business. As per Institute for Analysis of Global Security, ‘Counting the value of lives lost as well
as property damage and lost production of goods and services, losses already exceed $100 billion.
Including the loss in stock market wealth -- the market’s own estimate arising from expectations of
lower corporate profits and higher discount rates for economic volatility -- the price tag approaches
$2 trillion.’ This itself is a vindication of the fact that radical extremist groups now seek to create not
just physical mayhem but also financial mayhem whose impact would be long term. There is thus the
need for caution and preventive measures as threat to banking sector can have cataclysmic impact.
The Indian Scenario- No Different and No Better
The issues of terror threats to economic infrastructures are no different for India as it is for the rest
of the world. From the time of the 1993 Mumbai serial blasts, terror organisations of various shades
have systematically targeted economic infrastructures in India. The Bombay Stock Exchange was
a prime target of the 1993 Mumbai blast and so were the Air India headquarters and prime hotels
of the city. In 2006 terrorists had targeted the Mumbai suburban rails. The Maoists have likewise
been responsible for more than a thousand attacks on India’s economic infrastructures including
railways and telecom towers as well as attacks on factories. India’s major oil refineries, power plants
and dams constantly remain under the threat of terror attacks. The 26/11 terror attack was a
wake-up call for India. It was a clear signal that terror groups targeting India would no more be
merely attacking military installations and government buildings but would also not spare economic
installations and infrastructures in the private sector. The Government woke up to the reality and
amended the CISF Act to also provide security to select vital installations in the private sector. This
was followed by providing CISF cover to the Jamnagar refinery of Reliance Industries and Infosys
facility in Bangalore. Security of Airports was rigorously improved. However India’s private sector
industry is huge and a mere CISF with force strength of 1, 45,000 is not enough to provide security
to all. Some of the states have too started making their own industrial security forces on the lines
of CISF to provide security to vital economic installations. But is this enough? Will merely a few
battalions in each state be good enough to secure hundreds of thousands of industrial units across
India? Has enough been done to secure India’s banking sector?
Physical Security in Indian Financial Institutions
Banking in this era is increasingly getting technology intensive. And thus, like many other sectors,
security of the banking sector essentially means in terms of both physical security as well as security
in the virtual world. While the Indian Banking Sector have made reasonable strides in terms of
making the Indian Banking System secure in the cyber world, the same perhaps cannot be stated in
terms of physical security of the banks. Sadly, in spite of the enormity of potential panic, physical
secrutiy in Bank branches remain rudimentary. There is perhaps no clear cut policy so far as physical
security of banks in India is concerned. Unlike in many of the western countries, one can only find
an odd or a couple of private security personnel who are either unarmed or at best armed with a
single or a double barrel shot gun, and needless to say this is not good enough to thwart any major
terror attack in banks.
Also, it is a reality that Banks are extremely reluctant to make customers go through even the basic
security check before allowing them to enter bank premises, for fear of making customers feel
uncomfortable and or subsequently losing the customers to rivals. Today, given the enormity of
threats to such critical hubs of commercial activities and public gathering, there is a strong need
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
23
BANK SECURITY
to create an institutional mechanism whereby it would be mandatory on the part of Banks to have
a basic first line of defence in each branch to thwart any terror attack or any attempt of heist and
hostage taking situation.
The unfortunate part of the whole saga is the fact that in India, security is still considered as a
governmental responsibility and physical security of banks in terms of having security personnel
is at best a tokenism here. Most banks unfortunately still consider expenditure on deployment of
professionally trained security manpower as an avoidable expenditure. Further, in the absence of
any clear cut mandate or directive from the financial regulatory authorities like the Reserve Bank
of India, banks still don’t take physical security as seriously as it ideally should have been. Ideally
there should be clear cut guidelines from Reserve Bank of India and the Union Ministry of Home
Affairs on this issue.
Time to be Cautious--Bank Heist May Fund Terror Acts too....
Bank heist is not an uncommon phenomenon in India. Every year it is for sure a considerable amount
of money is lost in theft and heist. In fact a few recent incidents have vindicated that there is often
a clear linkage between bank heists and terror attacks. In fact it was reported in 2012 how Indian
Mujahideen and other terror groups like Harkat Ul Jihad had been resorting to bank robberies for the
purpose of funding acts of terror. Thus the reason for making sure that physical security of banks
across the length and breadth of India is not just for making sure that financial assets of depositors
are kept safe but also to ensure that such thefts do not end up in funding horrendous terror attacks
in India. The Maoists too have often resorted to robbing banks for the purpose of funding their own
version of Maoist terror.
26/11- If it can happen in hotels, it can happen in Banks too....
If a terror attack could have happened in some of the most iconic hotels of India, if terror attacks
had happened in the past on critical financial institutions like the Bombay Stock Exchange, can
24
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
BANK SECURITY
it ever be ruled out that perpetrators may target any major financial institution to create massive
panic across India’s economy? A terror attack of a proportion of 26/11, if it had happened on any
head office of any major bank or a series of banks, would have created massive ripples across the
economy, the effect of which would have been too enormous for the nation to bear. And thus, it is
of paramount importance that physical security of banks is given importance on a priority basis and
on a war footing.
Need for a more concerted effort to Secure Indian Banks
It would perhaps need nothing less than strong directive from the government along with perhaps
promulgation of a new law through a statutory act for taking physical security of banking sector to
an altogether new and the much desired level. Much like Ministry of Railways have its own Railway
Protection Force or RPF to secure the railways infrastructure, much like CISF is there to secure
industrial infrastructure, there is a pertinent need for the Ministry of Finance or the Ministry of Home
Affairs to set up a Banking Sector Security Force to secure India’s banking infrastructure. No matter
how strong the vault in the bank branch is, if the banks keep lacking capable security manpower to
thwart attempts of robberies, bank related crimes can never be contained.
Reforming Physical Security of Indian Banks
Apart from investments in technical surveillance in bank perimeters, there should be nothing less than
a minimum of two or three armed security personnel or even more in every bank branch depending
upon the size of the branch or the kind of risk that it faces. But here the definition of armed security
personnel needs some drastic reengineering. The era of the hired unskilled, ubiquitous and often
rustic guy with a single barrel who is even scared to frisk the person entering the branch lest it
antagonises both the customer and the branch manager, needs to be replaced by a professionally
trained security personnel preferably with defence background and adept at close quarter combat.
He should be carrying nothing less than a .32 calibre or a .38 calibre revolver or an equivalent of a
pistol. For a country where several thousand Army personnel retire every year after their completion of
20 years of service, it would never be a problem to find adequate number of already trained personnel
who can be reemployed in the Financial Sector Security Force. Besides the armed personnel, there
should also be unarmed personnel in each branch who would be engaged in surveillance. There
should be a well laid Standard Operation Procedure for the personnel in case of any eventuality.
Further there should be Quick Reaction Teams on operational readiness for effective response during
emergency situations. Just as it is a norm in airports, frisking should be made mandatory for bank
branches as well and not complying with basic security measures should be penalised.
The Way Ahead- Make Customer Security Part of Overall Customer Service
Compromising on the physical security of India’s financial sector may become self defeating in the
long run. It has to be understood that the life of a customer when he enters the banking premise
has to be protected and that too has to be become a critical part of the overall customer service.
A terror attack or a bomb blast inside a bank premise would jeopardise the lives of customers
as much as it did in 26/11 attack. If the Shopping Malls, Multiplexes and even Hotels can have
frisking and scanning of bags, then there is no reason to believe that the same cannot be applied to
Indian Banks. It has to be understood that the world is going through some tough times and under
such situations it becomes imperative to take decisive preventive actions for making sure that no
untoward incident happens.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
25
Security Policy
Management
Automated.
Orchestrated.
Simplified.
Easily provision
application connectivity
26
Process firewall
changes 4x faster
Avoid risky
Demonstrate
misconfigurations
compliance in minutes
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
THE FUTURE
OF TECHNOLOGY
IS MORE SECURE
THAN EVER.
In today’s world, connected devices are advancing healthcare,
transforming business, and evolving social connections in unprecedented ways.
That’s why security must be ubiquitous—always on and on every device.
That’s why Intel Security was formed. We’re combining the experience and expertise of
McAfee with the performance, innovation, and trust of Intel to deliver secure computing
to consumers and businesses worldwide. We want everyone to have the confidence to
use technology to its full potential so they achieve their full potential.
The future ahead is ripe with possibilities. Join us on this exciting journey.
www.intelsecuritygroup.com
2014 © McAfee Inc. McAfee is a part of Intel Security. McAfee and the M-shield are trademarks or registered trademarks of McAfee, Inc.
The Intel logo is the trademark of Intel Corporation in the U.S. and/or other countries.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
27
SECURITY
EMPOWERS
FINANCIAL
INSTITUTIONS
Unlock the
Business Value of
Safe, Optimized Data
BANK SECURITY
10 Best Practices for Cyber Security
in 2015
Everyone wishes their organization could be more secure. With the number of hackers,
malware and other threats to cyber security out there, one can always find a new
security practice to enact.
10 Best Practices
for Cyber Security
in 2015
1. Monitor Applications with Access to Data
Applications are great. They give your business the tools it needs to function and be productive.
But they also put your sensitive data at risk. When IT security attempts to protect critical
information, it usually involves putting up firewalls and building your infrastructure around the
data you want to protect. Then you give applications access to this data. When hackers look
to steal your data, they won’t try to hammer their way through your firewall, they’ll look for the
least secure system with access to the data they need.
2. Create Specific Access Controls
Once your IT network is secure, you need to be very careful about who you give the keys to.
Ideally, it shouldn’t be anyone. By creating specific access controls for all of your users you can
limit their access to only the systems they need for their tasks and limit your sensitive data’s
exposure.
3. Collect Detailed Logs
For a complete record of what goes on in your systems – both for security and troubleshooting
purposes – you should collect detailed logs and report data. This is especially the case for
applications that don’t have internal logging. By adding tools that can log the activities of these
applications you will be able to plug any security holes those applications may create.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
29
BANK SECURITY
4. Maintain Security Patches
When cyber-criminals are constantly inventing new techniques and looking for new
vulnerabilities, an optimized security network is only optimized for so long. To keep your
network protected, make sure your software and hardware security is up to date with any new
antimalware signatures or patches.
5. Beware of Social Engineering
All of the technical IT security you implement can’t take the place of common sense and
human error. Social engineering tactics have been used successfully for decades to gain login
information and access to encrypted files. Attempts can come from phone, email or other
communication with your users.
6. Educate and Train Your Users
No matter how gifted, your users will always be your weakest link when it comes to information
security. That doesn’t mean you can’t limit this risk through regularly educating your users on
cyber security best practices. This training should include how to recognize a phishing email,
how to create strong passwords, avoiding dangerous applications, taking information out of the
company, and any other relevant user security risks.
7. Outline Clear Use Policies for New Employees and Vendors
To strengthen and clarify the education you give your users, you should clearly outline the
requirements and expectations your company has in regards to IT security when you first
hire them. Make sure employment contracts and SLAs have sections that clearly define these
security requirements.
8. User Activity Monitoring
Trust but verify. While well trained users can be your security front line, you still need technology
as your last line of defense. User activity monitoring allows you to monitor users to verify that
their actions meet good security practices. If a malicious outsider gains access to their log-in
information – or if an insider chooses to take advantage of their system access – you will be
immediately notified of the suspicious activity.
9. Create a Data Breach Response Plan
No matter how well you follow these best practices, you might get breached. In fact, nearly
half of organizations suffered a security incident in the past year. If you do, having a response
plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the
breach can do.
10. Maintain Compliance
Regulations like HIPAA, PCI DSS and ISO offer standards for how your business should conduct
its security. More than a hassle which you need to prepare audit logs for, compliance can help
guide your business.
30
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
Technology News Segment
G20 Summit in Queensland Secured by Teleste’s
Video Surveillance Solutions
Teleste, an international technology group specialised in broadband video and data communication
systems and services, today announced a deployment of its video surveillance solutions to Australian
Federal Police and Queensland State Police. The deployment includes hardware and software to
enforce security operations related to G20 leader’s summit in Australia, 15-16 November 2014. The
equipment will be delivered and integrated by Optical Solutions Australia.
The deployment of the solution is in progress, and based upon the Teleste VMX video management
platform being used as an umbrella system for CCTV resources during the summit. The VMX platform
will be used to interconnect in excess of 700 cameras, operating on a number of different video
management platforms, sourced from more than 10 separate sites within the State of Queensland.
The G20 summit will gather together the world’s top leaders and major governments, and providing
adequate and appropriate security for the circumstances at the time is a major task for security
authorities.
Teleste’s video surveillance solution are worldwide appreciated for fulfilling high technical
requirements and providing uncompromising reliability. Teleste’s solution also makes it possible to
efficiently integrate separate security systems and operate them under a single umbrella. Teleste
also has a global track record of successfully deploying video surveillance systems with similar
complexity to the G20 security system.
Teleste provides video surveillance applications, systems and services for security professionals in
e.g. public sector, traffic and transportation, military and border control, industry, as well as police,
fire and rescue service. Our segmented approach makes it possible to efficiently solve versatile
customer challenges in demanding security segments. Teleste’s intelligent video management system
fullfils the latest requirements and OCC standards for large scale systems integrations.
About Teleste
Teleste is an international technology company that develops and offers video and broadband
technologies and related services. Our supply of technology contributes to the convenience
and safety of daily living. Our core business is video - image and data processing, transfer and
management. Our customer base consists of cable and telecom operators, as well as public sector
organizations. Our business is divided into two divisions, which are Video and Broadband Solutions
and Network Services. In both areas, we rank among the world’s leading companies and technological
forerunners. Video and Broadband Solutions focuses on access networks and product solutions in
video surveillance applications. Network Services offers comprehensive services for network design,
construction and maintenance. In 2013, Teleste’s net sales totalled about USD 250 million, and the
company employed more than 1,300 people. Teleste runs a worldwide network of offices and more
than 90% of its sales are generated outside Finland. The company is listed on the NASDAQ OMX
Helsinki Ltd. For more information see http://www.teleste.com and follow @telestecorp on Twitter.
SOURCE Teleste Corporation
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
31
TECHNOLOGY NEWS SEGMENT
Videonetics bags ‘Best R&D effort of the year’
award by SECONA in association with Secutech
India
• Videonetics chosen amid stiff competition from Security, Surveillance & Safety biggies
• Shield 2015 awards held at Mumbai during Secutech India exhibition
• 500+ delegates from Security & safety industry attend the meet
Mumbai: Amid stiff competition from numerous companies in the Electronic Security, Surveillance
& Safety Industry, Videonetics has been chosen for the prestigious ‘Best R&D effort of the year’ award
at the SECONA Shield Awards 2015. SECONA, the first Security Consultants’ Association from India, in
association with Secutech, India’s most successful international exhibition & conference on Security
& Safety, proudly presented India’s first annual awards, for recognizing excellence in the Indian
Electronic Security & Safety Industry – the SHIELD Awards.
The awards were presented at a glittering ceremony on 13th March 2015, during the Secutech
exhibition, in front of about 500 to 600 decision makers, influencers and stakeholders in the Indian
Security & Safety industry.
Acknowledging the award, Dr Tinku Acharya, Founder & Managing Director of Videonetics, said: “Being
named a winner in the ‘Best R & D of the year’ category, is a great honor for us. It shows off the
dynamic team culture that has propelled us to where we are now. We take great pride in having
a company culture that cultivates innovation, teamwork and success. Many thanks to SECONA
for recognizing the R&D effort of an Indian enterprise like Videonetics. This recognition will further
encourage Team Videonetics to build Indian Intellectual property and promote ‘Make in India’ in the
global market and also to put its effort in bringing out new world class technology to make world a
safer & smarter place to live. We thank all our clients for giving us an opportunity to work with them
and achieve their security goals”.
Applications received in the SECONA Shield Awards 2015 were judged by a prestigious panel of jury
consisting of eminent personalities from the field of security, safety and governance•
•
•
•
•
•
Mr. Jayant Kumar Banthia, IAS Retd., former Chief Secretary, Maharashtra
Mr. D. Sivanandhan, IPS Retd., former CP Mumbai & former DGP, Maharashtra, & Chairman SECONA
Mr. K. L. Prasad, IPS, Commissioner of Police, Navi Mumbai
Mr. Vijay Mukhi, Renowned Cyber Expert & President, FIST
Mr. Sushil Jiwarajka, Chairman, Artheon Group of Companies
Mr. M. V. Deshmukh, Director, Maharashtra Fire Services
32
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
TECHNOLOGY NEWS SEGMENT
About Videonetics
Videonetics is an Indian Company with world class technology in Intelligent Security and Surveillance
industry with its deployment in India, USA, and Middle East. Headquartered in Kolkata, the
company offers complete software solution including its unique and versatile Intelligent VMS (Video
Management Software) embedded with Intelligent Video Analytics applications to the IP Video
Security and Surveillance market, as well as Intelligent Traffic Management System, ANPR, Red
Light Violation Detection etc.
Videonetics was founded by Dr Tinku Acharya, who co-architect of the first webcam application
from Intel, an IEEE Fellow and renowned domain expert who holds over 150 US, European and
international patents, author of many books on technology.
Videonetics controls 70% of the market share in verticals like aviation, where they manage security
and surveillance for 73 airports across India. Videonetics has also installed its smart surveillance
systems at 5 major railway stations on the South-Eastern Railway network. It was also entrusted
with the pivotal task of putting in place a wide city surveillance network in the Alipore safe city
in Kolkata. It also executed the setting-up of an Intelligent Traffic & Law Enforcement regulation
system across Kerala- Trivandrum. Kochi, Calicut and Bhubaneshwar in Orissa. Videonetics has
also installed Intelligent Video Surveillance cameras at Allahabad City, Chandigarh High Court,
Anna Centenary Library, Indian Oil Corporation, AP Transco (Transmission Corporation of Andhra
Pradesh), ITC Munger - Bihar, Exide Industries – Haldia, Welspun – Gujarat, Infinity IT Park, Salt
Lake -Kolkata, Capital Plaza Mall and Mushriff Mall in Abu Dhabi UAE. Videonetics ITMS & Safe City
Solution is also under deployment at Indore, the commercial capital of Madhya Pradesh.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
33
iVIS International Pvt. Ltd
34
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
| www.winmagic.com
Isn’t your organisation’s confidential data worth protecting?
Enjoy Peace of Mind
Ensure your data is safe in the event of a data breach
Achieve Regulatory Compliance Adhere to local and global
privacy laws
Reduce IT Costs
Simplify everyday tasks for IT Admins
Improve User Experience Seamlessly secure critical data with
virtually no impact for end-users
Secure Confidential Data
Protection for all sensitive information stored on desktops, laptops,
mobile devices, removable media, servers and Self Encrypting Drives
WinMagic’s award winning data security solution, SecureDoc, has
helped organisations worldwide:
Find out how we can help you secure
your data today. Visit us at
http://winmagic.com/products/contact-sales.
Recognised Innovation Leader in
Data Encryption and Key Management
+44 (0) 1483 243511 | [email protected]
35
NEWS BRIEFS
CYBER SECURITY
Banking passwords stealing virus prowling in Indian cyberspace
Cyber security sleuths have alerted e-banking users in the
country against the infectious and destructive activity of a
“worm” virus, which attacks and steals personal login secrets
and passwords of an individual.
The virus, of the deadly Trojan variant, has been identified
and named as ‘Cridex’ and is considered notorious as it can
assume as many as six aliases to perpetrate its activities.
“It has been observed that the new variants of Cridex malware
are spreading widely. Cridex is an information stealing
e-banking Trojan that propagates via removable drives and
targets users of online banking/social media for stealing user
name, passwords among others,” the Computer Emergency
Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country.
The virus spreads by simultaneously opening a backdoor for downloading a number of malicious files once it enters a
user’s personal Internet working stream.
Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions
contained in the configuration file. The malware routes the users to fake banking sites for divulging user information
and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking,” the agency
said in its alert.
Some of the identified aliases of this banking virus are ‘Geodo’, ‘Dapato’, ‘W32/Kryptik.BVB’, ‘Worm.Win32.Cridex’,
‘PWS:Win32/Zbot’ and ‘Trojan.Gen.2’ and can be noticed by these names when they appear online.
The agency said, once activated, the virus targets and steals login credentials of various banks and social networking
sites like Facebook, Twitter and Instagram among others.
The anti-sabotage cyber agency has also recommended some counter-measures for the users to deploy in their personal
computers and Internet-enabled devices from where they perform their e-operations and online banking jobs.
“Enable firewall at desktop and gateway level, keep up-to-date patches and fixes on the operating system and
application software as well as anti-virus and anti-spyware signatures at entry points,” it said.
It also suggested users to update and install the latest updates and softwares to protect computer from viruses,
Trojans, guard against social engineering attacks, usage of strong passwords, limiting user privileges, exercising caution
while opening attachments to emails received from known or unknown sources and avoiding downloading of pirated
software.
Bengaluru, India’s tech capital, has no cyber
crime police station
Bengaluru city, for all its claims to being India’s Silicon Valley,
lacks a basic yet essential feature to back that up: A cybercrime police station.
Bengaluru has a cyber-crime cell at the CID headquarters on
Palace Road, but that’s the head office with jurisdiction across
Karnataka. It doesn’t take routine cyber-crime complaints, its
powers having been heavily diluted as its officers struggle to
cope with a deluge of cases.
According to Bengaluru Police Commissioner MN Reddi, office space for a cyber-crime police station has been allotted
in the new commissioner’s building, and all the required technology and equipment have been installed, but the
department is still searching for a suitable official to handle cyber-crime cases.
36
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
Gulshan Rai becomes first chief of cyber
security
The Indian government has created a cyber-security chief’s
position under the Prime Minister’s Office and has appointed
GulshanRai, said a top official in the IT ministry.
Rai, who has been heading the computer emergency response
team at the department of electronics and information
technology (DeitY), will now take charge as special secretary
for cyber security.Rai has been working since 1998 in the area
of evolving legal framework to address issues arising out of cyberspace. He is also expected to head the national cyber
coordination centre (NCCC) that the government is also setting up with a budget of Rs 1,000 crore. He was for a long
time tipped to become the first national cyber security coordinator. Rai couldn’t be reached for comments. DeitY has
already posted a vacancy for the post of director general for Indian computer emergency response team.
Cyber security is fast becoming a nightmare for the government even as its Digital India initiative will increase the
relevance of the internet and expose the country to large cyber-attacks.Reported attacks on Indian websites have
increased nearly five times in the past four years. Until mid-2014, more than 60,000 incidents were recorded, according
to the Indian Computer Emergency Response Team.
Experts believe that a special secretary for cyber security under the PMO will help India secure its digital assets in a better way.
Gujarat police to get anti-cyber crime cell
Gujarat police will soon get a ‘Cyber SurakshaKavach’, a special
cell for prevention, control and detection of the cyber-related
crime in the state.Police officers will be trained under the
aegis of the cell, which will help them solve cyber-related
cases more efficiently.
A ‘Digital Skills Academy’ will be also initiated, which will be
governed by the state HomeDepartment.The cell will provide
training and certification course to the police officers for the first
time in India and the course will be completed in three years.
Police and experts in the field of cyber security will work
together in this cell, which will be headed by an ADG-rank officer. The first-of-its-kind of body will take assistance from
Gujarat forensic Science University (GFSU).
NASSCOM task force to work on cyber
security
A task force of NASSCOM (National Association of Software
and Services Companies) will work exclusively on cyber
security so that the Indian cyberspace is firewalled from
attacks. Nasscom president R. Chandrashekar said the task
force would be constituted in a month.
The move comes in the wake of Prime Minister NarendraModi
expressing concern over the country’s cyber security at
an event held by NASSCOM.He said Centres of Excellence,
specialising in Internet of Things (IOT), would come up in five
cities across the country. Each centre, to be set up in collaboration with the government, is expected to work on
solutions on problems using IOT in various sectors like healthcare, agriculture and others.
NASSCOM will also undertake a global campaign to attract overseas business and create awareness on Indian IT
capabilities.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
37
NEWS BRIEFS
Powergrid to develop Grid Security Export
System
Grid Security Expert System (GSES) is proposed to be developed
by POWERGRID and it involves installation of knowledge based
Supervisory Control and Data Acquisition (SCADA) system, numerical
relays and Remote Terminal units upto 132 kV stations and the
reliable Optical fibre Ground wire (OPGW) communication system
at an estimated cost of around Rupees 1200 crores. The objective of
the GSES is implementation of the Automatic Defense mechanism
to facilitate reliable and secure grid operation. This was stated by Sh.
PiyushGoyal, Minister of state for Power, Coal & New and Renewable
Energy (IC) in a written reply to a question in the Rajya Sabha.
The Minister further stated that CERT-In (Computer Emergency Response Team-India), Department of Information
Technology, Ministry of Communication and Information Technology, Government of India has prepared a Crisis
Management Plan (CMP) for countering cyber-attacks and cyber terrorism for preventing the large scale disruption in
the functioning of critical information systems of Government, public and private sector resources and services. The
Crisis Management Plan (CMP) for Countering Cyber Attacks and Cyber Terrorism outlines a framework for dealing with
cyber related incidents for rapid identification, swift response and remedial actions to mitigate and recover from cyber
related incidents impacting critical national processes.
In December 2010, Ministry of Power had constituted CERTs (Computer Emergency Response Teams) for power sector
i.e.; CERT-Thermal (nodal agency- National Thermal Power Corporation (NTPC)), CERT-Hydro (nodal agency- National
Hydroelectric Power Corporation (NHPC)) and CERT-Transmission (nodal agency- Power Grid Corporation of India
Limited (PGCIL) to take necessary action to prevent cyber-attacks in their domains. The State Power Utilities have
also been advised to prepare their own sectorial Crisis Management Plan (CMP) and align themselves with the Nodal
Agencies i.e. NTPC, NHPC & PGCIL and CERT-In for the necessary actions.
Now M-Tech Course in Cyber Security
Paladion Networks, Asia’s largest information security provider,
is partnering with Karnataka’s leading engineering college MS
Ramaiah University of Applied Sciences to launch an M Tech
program in Cyber security and Information Assurance.
The two year course, co-designed by Paladion, offers a
leading edge curriculum that covers security intelligence and
analytics; governance, risk and compliance; security operation
centre and much more. The program also offers a nine month
internship with Paladion, which may involve being placed in its
global client locations. Bright young graduates in B Tech or BE
with a CGPA of 7 or above can apply for the course. An aptitude test and interview will be part of the selection process.
India will require five lakh cyber security professionals by the end of 2015 to support its fast growing internet economy
as per an estimate by the Indian Union Ministry of Information Technology.
Cyber security center in Himachal Pradesh
soon
The Himachal Police is set to crackdown on increasing cybercrime by bringing best technical support under one roof at
the center for cyber security after the success of the Crime
and Criminal Tracking Network System (CCTNS) pilot project.
The CCTNS was aimed at creating country-wide network to
facilitate tracking of criminals.
The center for cyber security for investigation and innovation
will be set up at the state Police Headquarters in Shimla. Best
technical support from the entire state will be brought under
38
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
one roof to develop synergy and keep constant vigil on cyber space.Expected to become functional within a year, the
center would enable the police to put a tab on the mischievous elements in the virtual world invading private cyber
space of individuals, government agencies, industrial houses and banks by indulging in hacking, phishing, cyber terror,
cash cards electronic thefts, industrial spying, web defacements, stocking and publication of obscene contents.
A cyber lab being developed at a cost of Rs 50 lakh would also be part of the “centre for cyber security”. Voice analysis
and digital forensic, which would come up at the Forensic Lab in Junga would go a long way in speedy investigations
and analysis of samples of computer files, voice recording and digital data being sent outside the state.
Maharashtra Govt to set up labs for speedy
probe of cyber crimes
To aid investigation of cyber-crimes, the Maharashtra
government has decided to set up forensic laboratories in each
city of the state. The government will also create cyber-crime
cells across the state, besides setting up a regional office of
the Computer Emergency Response Team (CERT) in Mumbai.
The state police, in association with National Association of
Software and Services Companies (Nasscom), have set up a
laboratory in Mumbai to trace cyber offences. The government
will soon seek Nasscom’s participation for the establishment
of such labs all over the state. Besides, a special force of 1,000 personnel will be dedicated to handle cyber-crimes,
including online banking frauds, illegal money transfer especially through credit cards, cyber terrorism and social media
harassment. The cyber force will even scan suspicious online posts for intelligence inputs.
The cyber force will undergo training in partnership with industry experts and agencies, including Nasscom and
the Centre for Development of Advanced Computing.The government has requested the Centre to make necessary
amendments in the Information and Technology Act, to enable police officials in the rank of deputy commissioner of
police to investigate cases of cyber-crime. Also the Reserve Bank of India had agreed to depute a senior official with
the state government to help disposal of seized assets by police in various cases.
FRAUDS
RBI mandates 100% provisioning for fraud
cases
Alarmed by the growing number of fraud cases in the banking
system, the Reserve Bank of India (RBI) has told lenders
to make 100 per cent provisioning for such accounts if a
wrongdoing is detected.
central bank directed.
The entire amount due to the bank (irrespective of the amount
of security held against such assets) or for which the bank is
liable (including cases of deposit accounts), is to be provided
for over a period not exceeding four quarters, commencing
with the quarter in which the fraud has been detected, the
If a delay in reporting the fraud, the entire provisioning is required to be made at once. “In addition, RBI may also
initiate appropriate supervisory action where there has been a delay by the bank in reporting a fraud or provisioning,”
the notification added.
Based on the Indian Penal Code provisions, RBI norms classify fraud in seven categories -- misappropriation
and criminal breach of trust, fraudulent encashment through forged instruments/manipulation of books of
account or through fictitious accounts and conversion of property, unauthorised credit facilities extended for
reward or for illegal gratification, negligence and cash shortages, cheating and forgery, and irregularities in
foreign exchange transactions.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
39
NEWS BRIEFS
RBI to soon issue norms for Central Fraud
Registry
Reserve Bank of India (RBI) has almost finalised the structure
of the Central Fraud Registry and will soon come up with
guidelines to enable quick sharing of information about
unscrupulous borrowers and help banks fight bad loans.
RBI Deputy Governor S SMundra mentioned to press that
the proposed institution, which will enable quick sharing of
information on entities found to be defrauding banks, would
work under the supervision of RBI.
Currently, banks are advertising the list of wilfuldefaulterson their website and newspapers individually. With setting
up of this registry, list of all unscrupulous borrowers will be available on a single platform.
Thus, banks can take advantage of the registry at the time of sanctioning loan by checking the credentials of a borrower
from the registry.
“It is important for the system to weed out the unethical elements at the earliest opportunity to ensure the credibility
and the efficiency of the credit system in the country,” he said.
“Efforts also need to be made to alienate the wilful defaulters and fraudsters and debar them from accessing the
banking system for further finance,” he added.
As per RBI data, the gross NPAs (non-performing assets) of the PSU banks stood at Rs 2,60,531 crore, as on December 2014.
The top 30 defaulters are sitting on bad loans of Rs 95,122 crore, which is more than one-third of the entire nonperforming assets (NPAs) of public sector banks as on December 2014.
The total number of borrowers having defaulted on Rs 10 crore and above at the end of September 2014, stood at
2,897 with outstanding amount of Rs 1.60 lakh crore.
RBI has issued instructions including designing framework for revitalising distress assets to improve the health of the
financial sector, to reduce the NPAs, improve asset quality of the banks and to prevent slippages.
As per the framework, each bank has a Board approved loans recovery policy and it requires a robust mechanism for
early detection of signs of distress including prompt restructuring in the case of all viable accounts.
It has been stipulated to review NPA accounts of Rs 1 crore and above by Board and top 300 NPA accounts by the
management of the Board.
Frauds worth Rs 11,022 crore detected in
PSU banks during April-December
PSU banks have reported over 2,100 fraud cases involving a
sum of Rs 11,022 crore in the first nine months of the ongoing
fiscal, with PNB reporting the maximum number of such
instances.
An analysis of the data available with the Reserve Bank shows
fraud cases, involving amount of Rs 1 lakh and above, in 26
state-owned banks during April-December 2014 has already
surpassed the 2013-14 figure.
In 2013-14 fiscal, there were 2,593 such cases involving an amount of Rs 7,542 crore. The figure has shot up to Rs
11,022 crore from 2,166 cases in the nine-month period ending December 2014.
Delhi-based Punjab National Bank (PNB) had 123 cases of fraud totallingRs 2,036 crore, followed by Central Bank of
India with 147 cases involving an amount of Rs 1,783 crore.
40
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
Although the number of such fraud cases is the highest in country’s largest lender State Bank of India (SBI) at 474, the
total amount involved was less at Rs 1,327 crore.
Syndicate Bank reported 114 cases of frauds with total amount of Rs 749 crore involved, followed by Oriental Bank of
Commerce (OBC) at 86 cases involving Rs 719 crore.
PSU banks report fraud cases of Rs one lakh and above to banking regulator RBI.
As per the data, Bank of Baroda (BoB) reported fraud worth Rs 597 crore, followed by IDBI Bank (Rs 507 crore), UCO
Bank (Rs 424 crore) and United Bank of India (Rs 376 crore).
India needs statute protecting common
citizen against cyber frauds: RBI
The Reserve Bank of India (RBI) executive director G
Padmanabhan has called for the need for a statute protecting
a common citizen against cyber fraud or cyber-crime.
Cyber-attack is generally met with panic. A policy that clearly
states the roles and responsibilities of each stake holder and
the response that is required for each scenario will ensure that
panic is replaced with decisive action said Padmanabhan.
According to Padmanabhan the biggest challenge in making
the financial sector cyber resilient is to first acknowledge the complexities and interdependencies and then to
proactively address failures, adopt effective resilience techniques, and resolve problems through cooperation.
Padmanabhan’s comments come at a time when the country is moving towards digital banking in a big way. RBI and
government have been consistently making efforts over several years to encourage electronic banking and electronic
financial transactions to bring the economy out of cash based system.There is also a need for the support of the
insurance sector too in a bid to implement customer protection effectively he added.
Team to monitor Aadhaar database
The Indian government has put in place a dedicated fraud
investigation and analytics team to monitor the database
of Aadhaar, the unique identity project. This is to ensure
compliance with various fraud detection rules in addition
to the need for a periodic analysis of the database of the
Unique Identification Authority of India (UIDAI) to detect any
fraudulent patterns, said Rao Inderjit Singh, minister of state
for planning, in a written reply in the Rajya Sabha.
India launched the Aadhaar scheme in 2009 to give every
one of its residents a unique identity number. According to
the government data, by 2014 end, more than 700 million people were issued Aadhaar numbers. The data collected
during enrolment process is immediately encrypted and transmitted to the Central Identities Data Repository (CIDR)
of UIDAI for processing.
The methodology for generation of the unique identity number involves using certain basic demographic (name,
age, gender and address) and biometric information (10 finger prints, two iris images) with a photograph to uniquely
identify a resident after a process of biometric de-duplication that ensures uniqueness of a record to a high degree of
accuracy, exceeding 99%. After a series of validation and quality checks, the residents’ biometrics are matched against
the existing database of UIDAI to determine if the resident has previously enrolled.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
41
NEWS BRIEFS
City Security and Police Modernisation
Modern & tech-savvy cops: Government
plans smart police station
A modern reception to receive visitors, gym for police
personnel, lock-ups with CCTV cover and malkhana or records
rooms with modern storage system and deep freezers for
forensic samples.
This is home ministry’s conception of a smart police station,
as per a draft prepared after Prime Minister NarendraModi
pitched for smart policing in December last year.
Efforts have been made to make these police stations gender
sensitive, modern, smart and techno-savvysays the 34-page concept paper prepared by the home ministry, which has
come up with new standards for a modern police station
There should be a separate investigation room with workstations as per the paper, a malkhana with modern storage
system as developed by CBI and NIA and deep freeze facilities so as to keep biological, viscera and DNA samples
preserved at low temperatures.
The ministry has also asked for a briefing room with the facilities of TVs, digital maps, projections and video conferencing.
“All the lockups should be monitored through CCTV cameras which should be operational 24X7 as is being done in
police stations in some south Indian states,” the paper says.
Besides, the ministry has asked for a recreation room or gym in each police station for cops, as it is required for
unwinding stress and boosting up health and morale.
Karnataka budget: Stress on internal
security, modernization sidelined
With an increase of 10 per cent in the budgetary allocation
for the home department, a major push has been given to
addressing major needs in the state’s law and order situation.
The budget allocation for the sector may have increased
from Rs. 3,941crores to Rs. 4,372 crores to address issues like
terrorism, women’s safety and surveillance, there is limited
scope for police modernization and investment in futuristic
technology.
Among the major projects announced, a sum of Rs.50
crores has been allocated for a central command centre to coordinate anti-terror activities in the state. The ongoing
surveillance improvement program in the city, following the Church Street blast case, is expected to get a boost with
the government announcing Rs.8 crores for the installation of surveillance cameras.
Also to improve the investigations in to the crime against women cases, 6 special units with 15 personnel, headed by
an SP rank officer will be established.
In other good news for Bengaluru, the B-TRAC project for finding a permanent solution to the city’s traffic woes has
been extended for three more years. However, no specific amount has been earmarked for the project. Projects similar
to B-TRAC will also be launched in Belgavi (Bel-trac), and Hubli-Dharwad (H-trac) for planning traffic infrastructure
developments in the districts.
The CM also announced the establishment of a new jail in the outskirts of Bengaluru to solve the problem of
overcrowding in the city’s central jail.
42
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
Police chiefs sound alarm in wake of cuts to
modernisation budget
Directors-General of Police from several states have warned
Home Minister Rajnath Singh that the government’s decision
to slash central funding for state police forces could hit their
combat capability in insurgency and terrorism-hit states.
Police chiefs have also warned that the cuts will hit plans to
modernise the forensics and investigative skills of their forces.
The cuts to the centre’sModernisation of Police Fund (MPF),
will slash about Rs 800 crore from funding for key police infrastructure—construction and upgrading of police stations,
police housing, forensic science laboratories and training facilities. The cuts to the MPF were announced in the Union
Budget as part of an effort contain the fiscal deficit. Now, state governments will be expected to provide their own
funds for these elements of police modernisation, through the additional 10% share of central tax revenue they were
granted by the Fourteenth Finance Commission.
SMART CITIES
Task forces for Smart Cities set up
City-wise task forces have been set up by Urban Development
Minister Venkaiah Naidu for drawing up concrete action plans
for development of Ajmer, Allahabad and Visakhapatnam as
Smart Cities.
The Task Force will have representatives of the ministries
of Urban Development and External Affairs, respective
state governments and cities and the United States
Trade Development Agency (USTDA), said a senior Urban
Development Ministry official.
Setting up of these Task Forces is in pursuance of the decision taken at a recent meeting between Naidu and the US
Secretary of Commerce Penny Pritzker.
The Task Force on Ajmer comprises Divisional Commissioner, Ajmer (Chairman), Secretaries of Town and Country
Planning and Municipal Affairs in Rajasthan government, District Collector of Ajmer, Administrator of Urban
Improvement Trust, Ajmer, Municipal Commissioner of Ajmer, Mayor of Ajmer besides Joint Secretary of Union Urban
Development Ministry, and representatives of Ministry of External Affairs and USTDA.
Allahabad Task Force comprises Divisional Commissioner (Chairman), Secretaries of Town and Country Planning and
Municipal Affairs in UP government, District Magistrate, Vice-Chairman, Allahabad Development Authority, Mayor of
the city besides Additional Secretary (Urban Development), Government of India and representatives of Ministry of
External Affairs and USTDA.
The Task Force for Visakhapatnam will be headed by Secretary (Town and Country Planning) in Andhra government,
Secretary (Municipal Affairs), District Collector, Municipal Commissioner, Vice-Chairman, Visakhapatnam Urban
Development Authority, Mayor of the city, Joint Secretary (Urban Development), GOI and representatives of Ministry
of External Affairs, Indian Navy and USTDA.
NBCC, DDA sign MoU for first smart sub-city in East Delhi
The National Buildings Construction Corporation Ltd. (NBCC) and Delhi Development Authority (DDA) have signed
anMoU for the first smart sub-city to come up at Karkardooma in East Delhi.
As per the MoU between NBCC and DDA, the project, which will be spread over an area of 30 hectares, will be completed
in phases and the first phase of construction will be completed within a period of 36 months. As per the MOU, NBCC
will manage the project and a joint team of VC, DDA and CMD of NBCC will monitor its progress.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
43
NEWS BRIEFS
The finalization of designs etc will be done by a
Committee represented by both the Organisations
and experts. NBCC shall be paid project management
charges @10 percent of the final project cost (i.e. only
the cost of construction and development without
including the cost component of land) for coordination,
supervision and monitoring of the project as per
approved detailed project report.
NBCC with prior written permission of the DDA may
undertake marketing of the built-up space at such
terms and conditions which may be mutually agreed
from time to time.
NBCC in consultation with DDA will finalize disposal
methodology, phasing of disposal, period of disposal,
rates thereof and other terms and conditions for
disposal of the built-up space. NBCC shall be entitled to disposal fee @ one percent of disposal Price of such properties.
However, DDA would retain authority for pricing and disposal of the property.
It may be recalled that “East Delhi Hub” at Karkardooma project is the first TOD project which will be taken up and
since this will be a unique mix of small size town homes, apartments, studios, residents for senior citizens including
commercial, recreational etc. with world class facility etc, it is slated to change and shape the lifestyles of Delhiites as
there will be more emphasis on quality living with less use of personal transport and more of pedestrian commuting.
An MOU with NBCC has already been signed outlining the details of the responsibilities of NBCC and deliverables to
DDA. It has been agreed by both parties that the project should be designed in such a manner that it has the advanced
technology features.
Fuji Electric eyes smart city, energy
management projects
Japanese energy efficiency solutions provider Fuji
Electric is in the process of identifying smart city
projects in India and Andhra Pradesh, in particular, to
offer their solutions.
Kazuhiko Hanaoka, General Manager, Fuji Electric,
Power & Social Infrastructure Group, said that the
company has been deployed in a number of smart
community projects across various parts of the world
including Japan, has begun a pilot project in AP.
In India, the company has worked on Smart Grid in
Panipat, Water Recycling System in Maharashtra,
Energy Management System in Andhra Pradesh. “The challenges faced by power distribution companies in India, such
as outage management, peak load management and the need to deploy smart metres, could be handled in a holistic
way addressing the overall energy management efficiently,” he said.
Referring to the projects under way in AP, he said it involves setting up of monitoring equipment, following this up with
the energy management system. “The renewable energy sector, which is posed to grow in the country, would give us
opportunities to provide integration services,” he said.
Once the energy efficiency management is taken care off, the next important solution that would be useful for electric
utilities is the demand supply forecast and management. This enables utilities to better manage generation demand
based on the requirement and supply needs that too location-wise.
44
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
Gujarat to adopt Bengaluru model for city
roads
Gujarat government will adopt the Automated Traffic
Enforcement (ATE) system used by Bengaluru city police.The
system which aims to improve the traffic management and
punish traffic law violators in major cities of the state will be
launched in Ahmedabad and Jamnagar on a pilot basis. The
government has allocated Rs 6 crore for the pilot project.
Under the ATE system in Bengaluru city, constables note down
the numbers of the offending vehicle and pass the information
to the Automation Enforcement Centre equipped with
computers, software and vehicle database. Enforcement surveillance cameras keep watch on the motorists crossing
the stop line, breaking lane discipline, and violating other traffic rules.
The offender is issued computerized challans generated under the section 133 of M V Act and it is sent to the offender
by post.The traffic police also use smart phones to impose fine on the offender.
This type of system helps in on-the-spot fine collection and receipt generation. Cases booked are stored in the server
and repeated offenders are identified. For those who cannot pay the fine on the spot, notices are issued to them
and the details are put up on the server. The registration database from the transport department is linked to the
automated centre so it helps in taking action like cancelling licence of the repeated offender.
ISB to develop Smart City Index for Indian
cities
Indian School of Business (ISB) having campuses in Mohali
and Hyderabad, is working on a plan to develop a Smart City
Index for Indian cities.
An initiative of the Punj Lloyd Institute of Infrastructure
Management at ISB, the index would be rooted in the Indian
context though it has been modelled after some of the best
international indices, ISB said today.
The project has been conceived in such a way that it will allow
comparisons among cities and rank them based on how they perform. It can assess improvements over the time and
also serve as the measure of a city’s livability and smartness, it explained.
A smart city is defined as one that is socially, environmentally and financially sustainable and which strives to minimise
waste of resources, like energy and water, in meeting the needs of its residents.
Such a city also values its citizens’ views and adopts a practice of citizen consultation in almost everything it does and
will deploy technology extensively to improve the delivery of services.
It is projected that will account for nearly 75 per cent of the GDP in the next 15 years. It is for this reason that the
government has decided on developing 100 smart cities in the country. The Smart City Index will support this initiative
of the government, the B-school explained.
Kandla, JNPT to be ‘smart port cities’
At least two smart cities are expected to come up in the
Special Economic Zones in two major ports in the country in
the coming five years. Under the ambitious Sagarmala project,
Ministry of Shipping will build at least two smart cities in the
SEZs in Kandla and Jawaharlal Nehru Port Trust.
“In the first phase, we plan to come up with at least two smart
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
45
NEWS BRIEFS
cities in ports of Kandla and JNPT, complete with affordable housing and other necessary infrastructure, wind and
solar power generators for electricity generation,” said Nitin Gadkari, Minister of Shipping, after the Cabinet gave an
‘in-principle’ nod to the project, aimed at port-led development in coastal States.
“We are confident that the Sagarmala project will bring down cost of export-import, boost coastal traffic, improve
trade and will provide infrastructure by way of roads and rail to transfer goods from one port to another,” he said.
Giving the example of high costs involved in transferring a shipment by road from Mumbai to Aurangabad vis-à-vis
by ship from Mumbai to Delhi, Gadkari said, “Not only is mobility by road expensive and time consuming, but is also
environment unfriendly and comes with an added risk of accidents.”
The port-led development is expected to lift India’s GDP growth by 2 per cent, Gadkari said. Terming the decision as
“revolutionary” Gadkari said, “An allocation of Rs4,000 crore has been made for SEZ at JNPT. Our second SEZ is proposed
at Kandla port, for which we have two lakh acres of land in its possession.” Gadkari said a National Perspective Plan
(NPP) for the coastline will be prepared within six months which will identify geographical regions to be created as SEZs.
The Cabinet also nodded the creation of a Special Purpose Vehicle by the Ministry of Shipping, which will be funded
by 12 major ports and Rail Vikas Nigam Limited. The SPV, which will improve the last mile connectivity to ports and
modernise evacuation infrastructure will aim at reducing time and costs involved in cargo transfer. Gadkari further said
that parliamentary nod is also being sought on the Bill to convert 101 rivers into National Waterways in the ongoing
Budget Session.
24 year-old wins Indias first Smart City
Contest
ShubhojitMallick was adjudged as the winner of the
‘Dalmia Bharat Smart City Contest’ which was conducted in
collaboration with Ashoka University and NASA Research Park
based Singularity University. ShubhojitMallick won the contest
for his innovative project in Bangalore that captures pollutants
from automobiles using Nanocylinders to reduce pollution.
The contest was conducted over two months and received
several entries from across India and Asia.
A first of its kind, the contest enabled Indian students to
participate in the annual Global Impact Competition (GIC) of Singularity University that is conducted across various
countries. The winner received a fellowship worth USD 30,000 and will also attend the Graduate Studies Program (GSP)
at Singularity University, US.
Singularity University has been conducting the GIC for two years across markets with a different focus and
theme for every geography. In India, the contest was launched on January 2, 2015, opening a platform for
Indian students to develop innovative ideas that are focused on helping further India’s dream of building 100
smart cities in the next 3-5 years. The winner will also represent India amongst other students from all over the
world at Singularity University.
CII inks pacts for smart city initiative
Industry body CII has signed agreements with Hitachi India
Ltd and Siemens Ltd to set up a National Mission that will help
realise government’s vision of creating 100 Smart Cities in the
country. Under the pact, CII will establish a National Mission
for Smart Cities -- a platform comprising industry leaders and
experts to provide “policy advocacy and thought leadership” to
government and other stakeholders.
with US-based Cisco Systems by the end of the month.
46
The forum will engage with central & state governments as well
as other public authorities to promote the Smart City initiative,
CII said. CII said it also hopes to finalise a similar agreement
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
NEWS BRIEFS
The idea is to help form consortiums to enable Smart Cities happen, working with the state governments to see how
we can bring expertise and knowledge from these countries to India to enable the vision of creating a 100 Smart Cities.
Industry partners will support the Mission by generating ideas promoting Smart City concepts amongst stakeholders.
They will also prepare and undertake demonstration projects, prepare prototypes to showcase best practices in various
fields related to Smart City development.
Sri City starts centre for smart cities
A new centre for smart cities has been started at the Indian
Institute of Information Technology (IIIT), at Sri City in Andhra
Pradesh.
M Venkaiah Naidu, Union Minister for Urban Development,
Housing and Urban Poverty Alleviation inaugurated the centre
in the presence of Srini Raju, Chairman, Sri City Foundation
and Member Secretary, IIIT and others dignitaries.
The Centre is expected to help Sri City in managing the
water and power resources efficiently, besides balancing its
ecosystem.Naidu said it was among the first of such initiatives by an academic institution.
RavindraSannareddy, chief of Sri City said,” Centre for Smart Cities’ of IIIT would enable R&D of such
technologies for building smart cities and smart villages, and aid in achieving the goals announced by central
and state governments.”
Haryana plans services data hub in first
step to build smart cities
The state government is planning to launch a separate
company to maintain and manage its geo-spatial data. For
this, a centralized databank will be created that will source
information from 19-odd government departments. The
policies of this company, as well as its formation, are being
deliberated upon by the department of town and country
planning (DTCP), which aims to centralize geo-spatial data
and enable other government agencies impart smoother
citizen services.
The need for creation of ‘Haryana Urban Geo-Spatial Applications Limited’ (HUGSA), for preparedness in urban
e-governance and development of smart cities, was discussed in a meeting called by the additional chief secretary to
DTCP, P Raghavendra Rao, with 16 senior officials from departments including urban local bodies, DTCP, HUDA, HSIIDC,
transport and MCG. According to Rao, the proposal to create a specialized agency (HUGSA) is aimed at integrating data
from different departments, and to develop a technology-based platform for data-sharing and coordination among
various arms of the government.
If customized applications are made using this databank to cater to services offered by bodies like HUDA, HSIIDC and
municipal corporations, it will improve response time and efficiency of all departments, as well as of citizen services,
he said.
He further said the purpose of this company is to integrate geo-spatial data (from creation to updating, management,
dissemination and sharing of the data), master plans, a land-use portal, land-ownership records, data from public
utility networks (including roads, water, sewerage, electricity, telecommunications) maintained and managed by
various departments, local bodies, HUDA, HSIIDC, housing boards, among others.
He added that the ‘draft concept note’, issued by the Union ministry of urban development on smart cities, lays great
emphasis on building a GIS (geographic information system) database for selected cities/towns as well as urban
e-governance.
Three cities from Haryana - Gurgaon, Faridabad and Sonepat - are likely to figure in the smart city scheme list. One
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
47
NEWS BRIEFS
of the prerequisites of a ‘smart city’ would be to have an integrated and reliable database, which in case of Haryana
could benefit HUDA, licensed colonies, the public health department, municipalities, PWD (Buildings and Roads), Delhi
Metro, for future infrastructure expansion or development.
Need to tap new funding sources for
infrastructure: Raghuram Rajan
The banking sector has already overstretched itself in
lending to infrastructure, Reserve Bank of India Governor
RaghuramRajan said, underscoring the need to tap new
sources of funding for this industry.
“Going forward, we need to develop new sources of risk
capital so that our infrastructure needs can be financed
with moderate amount of debt, even as we help the system
deleverage,” Rajan said in his inaugural address at a conference on financial inclusion, organised as part of the RBi’s80th
anniversary celebrations.
India’s infrastructure funding needs were estimated at more than $1 trillion (Rs 62.60 lakh crore) over the 12th plan
period ending March 2017. To meet that, tapping other sources too would be required.
“Our tasks are far from over. The nation has enormous financing needs in infrastructure, and far too many of our banks
already have too much exposure,” he said. Moreover, big corporate infrastructure players have also taken too much
debt. The government has already allowed mutual funds and non-bank finance companies to float infrastructure debt
funds to cater to this sector.
Excessive reliance on the banking sector to fund infrastructure could potentially impact financial stability, Rajan
warned. “The required national push to finance infrastructure should not override financial stability, which is key to
national security.”
48
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
Not more security. Better security.
For the consumer.
Think of knowledge-based security as sprawl. When one
level becomes ineffective, another level is added. PINs
become passwords and passwords then require security
questions to back them up. This is hard and stressful
for the customer, and it puts them further away from
completing their intended task.
Voice Biometrics does away with all this. It uses the
customer’s voiceprint for authentication. It can be passive,
where the user can say anything and we match their
voice, or it can be based on a passphrase. Either way,
it’s a natural, effortless, and much more accurate way to
authenticate.
For the corporation.
Knowledge-based security is easily compromised. The
four-digit PIN is the weakest credential as it’s often shared
and a brute force attack can compromise it without any
knowledge of the legitimate account holder. Passwords
and security questions can be successfully answered
based on simple web searches .
Voice Biometrics is more secure than a PIN or password,
because a compromised voiceprint has no value to a
hacker. Not only that, when a fraudster speaks in an IVR,
call centre or mobile app, they leave behind their own
voice – which can be used to identify them.
Powerful Voice Solutions for Public Security
Nuance is the global leader in public security solutions employing voice biometric and other speech technologies.
Nuance delivers successful security solutions to government, military, intelligence and law enforcement agencies to
assist in crime prevention, investigation efforts, and voice recording analysis.
Nuance Identifier
Nuance Forensics
solution that allows agencies to quickly and easily identify
known individuals through their voice within large audio
data sets, as well as enroll voiceprints for individuals
under surveillance or investigation to:
• Identify speakers, language & gender quickly and
accurately
• Spot keywords spoken in over 80 different languages
and dialects
audio analysis
Nuance
Communications
Nuance Communications
Deepak
Bhatia
|
T +61 2 9434 2300
Ashish Bhat |
australia.nuance.com
Nuance Forensics is a web-based voice biometric
software solution designed to provide forensic examiners
and law enforcement investigators with the ability to
quickly and accurately match an individual’s identity from
audio captured during a criminal investigation.
• Support successful prosecutions or defence with
comprehensive biometric forensic reports
• Advance active investigations by biometrically linking
targets with audio statements
• Leverage language, dialect and gender detection
capabilities to speed up investigations
Brisbane
Melbourne
Sydney
[email protected] 23,| 40 City+91
99111 81052
245 - 249 Lutwyche Rd
Rd
Level 11, 124 Walker St
[email protected]
|
+91 98102 14664
Windsor QLD 4030
Southbank VIC 3006
North Sydney NSW 2060
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
49
50
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
BANK SECURITY
Tackling the Cyber Threat- Way
Forward
T
echnology’s giant strides and its incredible success in terms of bringing more people in the
ambit of a digitized and connected world need no elaboration. If the last decade of the 20th
Century witnessed the advent of new age banking in India with the ubiquitous Indian customer
being introduced to the concept of ATM, the first decade of the 21st Century saw the expansion of the
sphere of plastic money, internet based banking or net banking as well as phone banking. Over the
last five years or so, the exponential growth of smart phones, tablets and the advent of the new age
of applications or app as there are commonly known as, has brought in a completely new dimension
so far as spreading the reach of banking is concerned. This has been extended even more with the
massive proliferation of blogging sites such as facebook and twitter. New age banking thus had to
keep pace with all these developments and bring innovations to match the pace of technological
developments. Today one can even operate or rather make banking transactions with twitter.
With time, the reality of today is that one can and does operate a bank account from multiple
platforms like the smart phone, the tablet as well as the PC or laptop. Ports have been replaced
by smart applications and even though cyber banking has made life and transaction extremely
convenient, it has not come without its baggage of inherent risk because of cyber related frauds.
A report by the Centre for Strategic and International Studies (CSIS) in 2014 stated that the global
cost of cyber crimes is to the tune of a whopping $445 billion. In fact the enormity of the impact of
cyber related crimes on the banking industry can be gauged by what was reported in February this
year. An article by The Telegraph of UK stated that a gang of Russia based hackers were behind a
cyber heist that resulted in stealing of £650 million from some UK as well as Japan, China and US
based banks, As pert the news report the modus operandi of the gang involved using malware to
infiltrate into the concerned banks’ network and then sending data back to the hackers for months.
To take another example, in 2013, it was reported how the hackers had stolen around $45 million
from a couple of Gulf based banks after successfully hacking into the system of a credit card
processing firm and then withdrawing money from ATMs from around 27 countries.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
51
BANK SECURITY
With India continuing to be the one of the fastest growing markets for internet, net banking and
digital payment industry has been growing by leaps and bounds here. Reports state that in 2013,
India 800 million financial transactions through the electronic media with almost 44% of the same
being through net banking. By certain estimates, the digital payment industry of India was worth
nearly $20 billion in 2014. The rapid increase of mobile banking as a result of a massive proliferation
of mobile telephony and popularity of smart phones have made the Indian market one of the fastest
for net based banking. However, as is the case with the global trends, the proliferation of net banking
and cyber world has brought with it, its own set of problems. India has been witnessing a whopping
40% increase in cyber crime annually and a substantial portion of this is related to banking as well.
Cyber attacks not just by non-state actors but also state sponsored concerted cyber attacks have
become a real issue.
The modus operandi of the cyber criminals remain more or less the same across the world with some
of the most popular method of attacks can be categorized as virus, spam mails, Trojan, malware,
scare ware, phishing, fiscal fraud and carders.
Criminal
Processes
Poor Practice
Accidental
Assets
Governance
Information Sharing
Mutual Aid
Reputation
Traditional
Regulations
Coordinated Action
Risk Markets
Embedded Security
Community
People
Corporate
Espionage
Terrorism
Responses
Policies
Hacktivism
Government
Driven
Values at Risk Systemic
Vulnerabilities Technology
Threats Source- World Economic Forum Report
The impact, efficacy and indispensability of the cyber world today is such that the only way forward
to make sure that on the regulatory, policy and awareness front, a considerable amount of effort
is put to make sure that both organizations and governments take ample precautionary measures
and sensitize the citizens so that cyber crimes can be contained if not completely done away with.
While cyber attacks with time would become more of a norm than an exception, the key question
that would be the determinant factor is how much the financial industry and governments would be
willing to learn and invest in preventive measures, The response in this respect has to be in the realm
of traditional approach such as improving the regulatory and policy measures in addition to more of
information sharing and coordinated actions as well as investments in cyber security technologies.
In this respect one has to accept that some positive steps have been taken by the Government of
India through the creation of the Critical Information Infrastructure Protection Centre as well as
coming out with a National Cyber Security Policy but more has to be done in terms of doing away
with the culture of denial that exists so far as cyber crime is concerned. Disclosure of cyber attacks
on organizations should ideally be made mandatory.
52
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
Notes
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
53
Notes
54
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
Special Issue on the occasion of
BFSI
3 SECURE
CONCLAVE
rd
April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai
New Delhi
Next to Syndicate bank,
Subhanchal Hostel Building
Near Vikas Sadan, INA colony
New Delhi – 110 023
T: +91 11 4955 6600
F : 91-11 4373 4477
Mumbai
103/104, 10th Floor, Maker
Chambar VI, Nariman Point,
Mumbai - 400021
T : 91-22-43423313 33
F : 91-22-43423322
Bangalore
503, 15th Main, 7th Cross 3rd Block,
Koramangala Extn
Behind BDA, Bangalore – 34
T : 91-80-4125 4959
F : 91-80-4125 4958
To know more please visit
www.securitywatchindia.org.in
or email us at
[email protected]
Please Search SWI at :