Cyberattackers 10 steps ahead, says Cybersecurity expert Prashant Mali

Looking at the recent infiltration of hackers into the banking system of Cosmos Bank, it appears to be the need of the hour to secure the entire banking operation with more layers of security and protection. But how?

The attitude of the management and awareness of the employees in the banking industry need to change and have to become positive. They have to bend towards cybersecurity. Updating and upgrading to hardened systems is the need of the hour. ATMs cannot be on Windows XP.

How is it that we are headed hammer and tongs towards a digital era, yet we are not able to manage the alarming rate of cyber crimes, whether it is in the corporate sector or the banking sector?

Criminals are always one step ahead of law enforcement, but cybercriminals are 10 steps ahead. In some cases, the prowess of law enforcement agencies is not anywhere near the criminals'. So forget catching the cyber offender, they don't even anticipate a cybercrime. Not having enough cyber intelligence or not acting on online intelligence is the biggest failure of Indian law enforcement till date in the digital space.

What are the forms cybercrime which are prominent in modern times? And what modus operandi do the fraudsters use to steal information from users?

Various cyber crimes via social engineering, and organised international cybercrime gangs like Lazarus or Cobalt — I can say that these are today's challenges. Both are essentially part of organised crime syndicates. Police do catch some of the ring members but there has been no conviction in India to create deterrence among cybercriminals. I find cyber criminals often walk out on bail and gte back to business as usual.

What measures would you suggest to the administration to tackle the threat?

There are measures the administration needs to implement. One, large-scale digital literacy programmes in vernacular languages. Two, a cyber cadre of police without any other law enforcement duties. Three, an industrial CERT, or computer emergency response team, to warn the industry against specific types of cyber threat. And four, a functional civil court, or an adjudication officer, to grant appropriate damages and compensation.

How are consumers becoming more vulnerable? What needs to be done to spread security awareness among the masses?

Cellphones, mobile operating systems and mobile apps that are not fully secure have created this situation where the consumers have become vulnerable. The Reserve Bank of India and the state governments need to set and achieve targets in digital literacy programmes for banks. They also need to monitor the progress of these initiatives. Such training should be given in vernacular languages so the people have a better grasp of the subject, as well as the new technology.

How does cybersecurity and data protection affect banking sector's performance?

More cybersecurity and less data leakage mean more trust in digital banking — Digital India. And leakage or illegal transfers give banking a bad name. Today, everything in banking is IT-based and delivered via cyberspace. If cybersecurity is taken seriously by every bank employee, then crime can be avoided and good services can be provided to digital banking customers. Data is the new gold, and banks are now custodians of this gold.