• 3 weeks ago
Description: Ransomware attacks on Indian banks and financial institutions are increasing. These cyber threats pose significant risks to the financial sector, affecting operations and customer trust. The rise in such attacks highlights the urgent need for enhanced cybersecurity measures. Kaustubh Medhe, Interim CTO & VP - Research and Threat Intelligence at Cyble gives his expert opinion on how to deal with such scams.

#AvoidTheFishingNet #OneindiaExplains #OneindiaSpecialSeries #BankingFraudAlert #Scams #Financialscams #Banks #Cybersecurity
~HT.178~PR.362~GR.125~ED.346~

Category

🗞
News
Transcript
00:00Hello and welcome viewers, ransomware attacks on Indian banks and financial institutions
00:10are increasing. These cyber threats pose significant risks to the financial sectors, affecting
00:16operations and customer trust. The rise in such attacks highlights the urgent need for
00:22enhanced cybersecurity measures. We have today with us Kaustubh Medhe, Interim CEO and VP
00:29at Saibel. Hello Kaustubh, how are you? I am doing great Shruti, thanks for having me
00:34on the show. My first question to you is, Kaustubh, what role does cybersecurity play
00:42when it comes to banks, NBFCs where, you know, customers' wealth is at stake? Yeah, I think
00:49it's a very interesting question and, you know, with the kind of technologies that are
00:55coming up, banks have been forced to launch new innovative products using a lot of these
01:01technologies to, you know, make sure that customers are really engaging with their services
01:07and customers have a great user experience and convenience, right? So, now, I always
01:14like to give this analogy of a car driving on a high speed highway, right, with speed
01:21limits, right? And consider a situation where you have a nice looking car, right, goes very
01:29fast, but, you know, you don't have a speedometer to know what speed you're going in, right?
01:35You don't have seatbelts. There are no airbags, right, in the car. There are no brakes,
01:43probably. And, you know, there are no rearview mirrors, but the car is great. It's fast, looks
01:48nice, right? How safe would you feel driving such a car on a high speed highway, right? And
01:56that's the role typically I see cybersecurity playing in a banking environment where, you
02:04know, cybersecurity is basically an enabler. It allows you to take risks, but at the same
02:13time, protects you from any high risk situations or incidents. And even when an incident happens,
02:20it ensures that, you know, you are able to come out of it relatively unscathed. So that's
02:26the role typically what cybersecurity plays in a banking environment.
02:30Right, right. Very interesting perspective. Kaustubh, my next question is, see, we all
02:35have bank accounts and in India, especially we use UPI and credit cards all the time.
02:42But sometimes banks are accused of not doing enough alerts, not sending enough alerts to
02:49customers about ongoing scams, where, you know, these scammers call and say that these
02:53are from some banks and then they scam people. So how can we create more awareness for people
03:02across India about cyber threats? How can banks ensure that their security is up to
03:08the mark? I guess I wouldn't fault banks, honestly, for not informing customers. It's
03:15simply a case where cyber threats are evolving at such a fast pace that sometimes banks themselves
03:22are not aware of these threats. And there is this whole proliferation of WhatsApp and,
03:28you know, these closed messenger platforms. A lot of these apps tout privacy as a feature,
03:36you know, to protect information and identities of people. And that's actually exploited by
03:42cyber criminals, because they are anonymous. And I know these apps help them to stay anonymous.
03:50They can create fake profiles and send very convincing messages to these unsuspecting
03:57users. And many of the victims do fall prey to, you know, these some of these techniques.
04:03And especially with the evolution of AI, for example, fraudsters are increasingly using
04:10these technologies to make very convincing audio deepfakes, video deepfakes, you know,
04:16and trying to scam people. Now, the only way in which banks can manage this problem is
04:25by one, having the right threat intelligence and awareness of what types of scams are happening.
04:32And then accordingly, you know, tailor their messages security awareness programs for end
04:39customers to make sure that your customers are made aware of these evolving scams, right
04:45and they can protect themselves. So I think the starting point is having a right threat
04:50intelligence capability in the cyber security team, which can then be used to do the right
04:58security messaging through the marketing team.
05:01Right. I understand. Like, that's the big picture. Let's talk about Saibal. Now, first of all,
05:09I've gone through the website looks very interesting. What are the core values of the company?
05:14And what are your goals for the next, say, three, four years midterm, near term to midterm goals?
05:21What are the different challenges that you probably as a CTO face have been facing?
05:26And how do you deal with that? Because what I feel as a media person is that
05:33adaptability and awareness amongst even corporates are questionable sometimes about
05:42cyber threats about scams, because we have seen educated people and you know, who are probably
05:49aware of the financial system, they even they fall into this, these scams, they become the next
05:56victim. So let's let's talk a little bit more about what are the things that your company does?
06:01And what are the challenges that you face? Right, so lots of things to talk about. So I mean,
06:09let me begin by telling you about Saibal. So we are actually a very, very young startup.
06:14We were formed during the pre COVID era. And in that sense, you know, we were remote,
06:22a cloud native, SaaS based company. And the focus of the company has been always on providing
06:32visibility and awareness of cyber threats and risks, which impact enterprises and individuals.
06:41So that's the broad focus of the company. And we have a slew of our products,
06:48aimed at helping our customers gain an understanding of, you know, what are the
06:52technical threats, new emerging threats and attacks which are happening all around, which of
06:59these threats are likely to impact them, and then what they need to do to prevent an incident from
07:05happening. So in a sense, you know, we are a partner to any organization who wants to stay
07:10one step ahead of these threats, and protect themselves from a breach, right. So that's the
07:15high level goal of Saibal. If you talk about values, you know, honestly, we are in such a
07:22high paced environment that for us, you know, innovation and agility are primary. So that's
07:29a core value of Saibal. If you notice, we've actually launched a number of products and
07:35capabilities in the platform, in a very short span of time. And that's primarily because the
07:41threat landscape is changing so fast, that our products need to continuously evolve to make sure
07:47that you know, we are in line with what the customers need to protect themselves. So that's
07:53one. The second thing I would say is, we are very, very customer centric, you know, which means that
08:00our product evolves based on customer needs. And in a sense, you know, we collaborate very closely
08:06with customers, we learn a lot from our customers, the feedback that we receive from customers and
08:12through our agility based focus, we basically make sure that those gaps or those requirements
08:19are quickly brought in, into our platform to make it relevant and stay relevant for the customer,
08:24right. So in a sense, these are the core values of the company that we work with.
08:30And now coming to, you know, challenges that we face as an organization, I would say many
08:36organizations today lack situational awareness of, you know, their organizations assets, you know,
08:44what are the critical assets that they have, in terms of where is the data lying in? How is it
08:50secured and protected? There is a lot of gap when it comes to an understanding of risks.
08:56You know, when it comes to cybersecurity, especially this problem is more and more
09:02visible in small and medium enterprises, because they tend to have, you know, a problem with
09:10allocating enough resources, or allocating the right level of skill, you know, to address some
09:15of these issues. So yeah, this is a problem that we see largely in the small and medium
09:21enterprises. And it's only through awareness at the top, that, you know, that security culture
09:29and understanding of security only will be able to solve this problem for them.
09:34All right. One last question, what advice do you have for our, say, Gen Z and Gen Alpha viewers who
09:43almost always connected to the internet, and maybe they're more prone, more vulnerable to these
09:49attacks? Yeah, I think, you know, coming from my generation, I think there is a generational shift,
09:57you know, as a father of a 13 year old, I can really perceive that difference.
10:02So, I would say this generation is a lot more tech savvy. I mean, technology comes naturally
10:09to them, they are actually born in the era of virtual reality, augmented reality, you know,
10:16these kinds of technologies, you know, AI, they see a lot of these assistants, voice based
10:22assistance, etc, being used. Also, I see that there is a shortened attention span of this
10:29generation. So the kind of marketing and messaging of awareness that is relevant for our generation
10:36may not necessarily appeal to that generation. So in a sense, I think companies, if they want
10:42to target this generation, they need to change the way they market, you know, to this generation in
10:48terms of finding out what in what type of influencers they follow, what type of shows
10:53they follow, maybe associate music and sports activities or events to promote their security
10:59awareness messaging to this generation, right. And I think cybersecurity is more about having
11:05the right set of habits. So every time you have a habit, then naturally, you know, it's like
11:09exercising every day, or following the right diet. So if people start following these cybersecurity
11:16principles in daily life, I think that's something which will really help bring up a generation with
11:22more cybersecurity resilience. And I would just advise this generation to just stay skeptical
11:29of anything that you receive on your phone or device. You know,
11:35don't trust unknown senders and messages blindly, even if they appear to come from a legitimate
11:41source. Anyone can clone a photograph of a friend and send you some messages.
11:46Don't overshare information on social media, even if it is with with your close ones. I don't
11:52share sensitive data like passwords on your details, because you never know which device
11:56or machine would get compromised and then your data would land up in in the wrong hands. I would
12:03say force your parents to buy and install a good antivirus or a web security solution on your device,
12:10because that's the first step to protecting it. Don't, you know, install nice looking games,
12:17stickers, that kind of content on your phones, unless it's from a well known or a reputed source.
12:24So I mean, these are some of the, you know, basic cybersecurity hygiene principles that
12:30the generation needs to follow to stay safe online.
12:34Absolutely, absolutely. I couldn't agree more. Thank you so much for joining us. Viewers,
12:40that was Kaustubh from Saibel. Thank you for watching us. Have a good day.

Recommended