Pulling out 86% of currency to achieve a dream of cashless economy. Are we ready ?

Prime requirement of the cashless economy is high cyber security awareness, secure implementation, adequate safety measures, proper precautions, and imposed security policies at all stages. Continuing from the previous article " Post demonetization, India is witnessing an emerging era of a paperless economy. Is our cyber security ready for it? ", more on present situation India is going through. 
People are using public wifi networks along with mobile wallets and banking application through apps and smartphones, which are still not linked to any identity. Digital identity can be easily forged, nonrepudiation following frauds and attacks is another major issue. OTP is one of the methods to counter nonrepudiation again focusing on the mobile security.
India is among top target of worldwide hackers stealing data. According to Trend Micro report, 16 percent of the victims of data-stealing malware were from India. The report adds that hackers are making the strategic approach by targeting selective victims to improve their infection rates. Also, India rank third after Japan and the United States in terms of the country's most affected by online banking malware. In 2015, Regional Advanced Threat Report for Asia Pacific, released by the FireEye, a publicly listed enterprise cyber security company found that 38% of organizations in India were vulnerable to targeted advanced persistent attacks. India is inviting increasing focus from hackers because of the projects like Digital India that intends to place sensitive personal information over the digital networks. Further, India has been ranked fourth in Asia Pacific countries that have the most command and control infection callbacks which indicated the presence of compromised systems that are already communicating with remote servers run by hackers.Reports by Kaspersky Lab and Akamai suggested that India tops the world in ransomware attacks. These attacks mostly target banks and organizations with confidential information or sensitive data.
The Recent security breach at some at the Indian bank is still fresh on the minds of security professionals and banking customers. Many organizations in IT sector, still do not have Chief Information Security Officers CISOs. Also, there are no guidelines for businesses to get cyber security reviews done or even report the breaches. 
In order to protect the consumers from online frauds, the Reserve Bank of India had instructed the banks to have a two-factor authentication process in order to strengthen the online payment industry still there is a lot of scope for cyber criminals who are backed up by latest attacks. Companies, customers, and the government should join hand and collectively engage to mitigate attacks and diminish its damages.
The complication does not lie in the objective of going paperless but the fact that we are going paperless with so many vulnerabilities on our way. Although cybersecurity is seen as the biggest risk faced by financial systems, still little investment has been done to guard against future attacks.
To avoid another big debit card breach, banks should switch to better ATMs with stronger security infrastructure and controls. More investment should be made, also placing a dedicated cyber security cell in the organization.Moreover, India needs to open more courses in the field of cyber security to train upcoming generation and produce a strong cyber workforce.
Most of the developers and management are mainly focusing on functionality without considering security much, this trend needs to the revised. The government can generate interest among private player by offering incentives to improve their security posture. Breaches should not be let without reporting them, the government should lay down standards and not complaisance should be dealt strictly. Risk-based standards like NIST Cyber Security Framework are required in order to provide the common standard to manage cyber risk and enhance cyber preparedness without placing additional regulatory or requirements on the organizations.
Thus it's safe to conclude that India is still lacking in terms of cyber security in digital transactions and thus becoming essential to understand and implement strong cyber security measures in the wake of going cashless and dream to go digital.
Authored By - Shefali Singh
TCS Enterprise Security and Risk Management
Rate this article: 
Average: 2.3 (10 votes)
Article category: 

There is 1 Comment

Actually IT Act 2008 mandates that the organizations that collect privacy information should have security policies and procedures in place, shoud possess industry recognized security compliance certificate. Probably enforcement may improve the situation