SWIFT has published a new paper to help financial institutions in India improve their monitoring of anomalous and potentially fraudulent transactions.
Cybersecurity poses a significant threat to India’s “fast-paced” roadmap for digitalisation in financial services, a key enabler for India to achieve its economic growth target, the paper says.
It comes as a response to the cyber threat faced by India’s financial community, which in recent years has “fallen victim to substantial wire frauds”.
“External and internal malicious actors have successfully compromised the operating environment of the banks, stealing or misusing SWIFT operator credentials, executing fraudulent transactions and obfuscating the attacks,” it says.
The paper notes that the RBI (Reserve Bank of India) has itself responded by introducing strict operating controls, imposing fines in cases of non-compliance, and continuing to audit and monitor SWIFT operating channels.
However, the threat of cyber attacks on banks and their critical channel infrastructure, including SWIFT, is “persistent and increasingly sophisticated”, it says, highlighting a recent report which estimated the average cost of a cyber attack on Indian firms, across all types of incidents, at USD 10.4 million.
According to RBI data, Indian banks fell victim to 130,000 reported cases of cyber fraud involving an estimated INR 7 trillion (USD 101 million) from 2008 to 2017.
“IT and operations executives at financial institutions should instil a culture and discipline of security while mindfully enabling the enterprise with new digital capabilities to combat looming threats,” the paper says.
Indeed, it notes that more resources and investments are being devoted to strengthening cybersecurity, with expenditures of this nature expected to exceed USD 1 trillion from 2017 to 2021.
“In 2018, the average banking and financial services firm allocated 7.8% of its total annual IT spend on security investment and operations,” it says, though adding that IT security budgets are rising so fast that researchers and analyst firms are having difficulty forecasting future expenditures.
Although cybersecurity budgets are increasing, the paper also highlights a large gap in talent which could lead to a global shortage of 1.9 million workers in this area by 2022.
While 62% of firms are taking active steps to strengthen their understanding of cyber security, technology and the threats to business, an EY survey found that only 6% of Indian financial services firms say their current IT security function meets their organisation’s needs, with 31% identifying skills shortages as a potential obstacle.
The paper provides a summary of recent SWIFT threat intelligence, explaining how malicious attackers are evolving and the patterns of wire fraud financial institutions can use to improve their monitoring of anomalous transactions.
It also describes key developments in its Customer Security Programme, available to the SWIFT community in India to leverage to respond to these threats.
Launched in 2016, the programme emphasises the need to secure the local operating environment, prevent fraud in commercial relationships, and collaborate with others to prepare against future cyber threats.
“To meet the challenges of an increasingly complex attack surface and an evolving threat landscape, SWIFT users in the Indian subcontinent must move beyond this baseline towards security best practices,” the paper says, outlining the steps financial services firms need to take.
The full paper is available here (download).