Connect with us

Hi, what are you looking for?

Articles

Automated, Adaptive, AI-enabled Architecture is a must

Security heads from 2 BFSI companies reveal the key cyber frauds and strategies to combat them:

The rise in mobile transactions has opened the door to increased cyber fraud. Phishing, smishing, and vishing attacks are on the rise, with mobile devices becoming prime targets for cybercriminals. Exploiting the convenience of mobile banking, hackers deploy malware via deceptive WhatsApp and SMS links. These tricks often lead users to unknowingly surrender sensitive information like banking credentials, personal IDs, and even their entire identities.

New Frauds

Neha Anand, Vice President and Head of Cyber at Prudent Insurance Brokers, commented: ”During the pandemic, these fraudulent tactics escalated as hackers took advantage of widespread fear and confusion, embedding malware into links disguised as essential covid information. We are now witnessing an alarming increase in incidents where criminals gain unauthorized access to funds, often as a result of sharing sensitive financial information over unsecured channels. It is clear: if you are using your phone, you are a target.”

According to Kasiviswanathan S, Chief Information Security Officer at Dvara KGFS, there is a significant trend toward mobile banking, especially among urban and literate populations. Rural individuals and those with limited education and exposure are more susceptible to cyber fraud, highlighting the need for increased awareness among these groups. Common cyber fraud tactics include Smishing (SMS phishing), Quishing (QR code scams), SIM swapping, fake apps, and Clickjacking (an attack that deceives users into clicking on something different than what they intended). Unfortunately, various forms of social engineering are also employed in cyber fraud.

Solution is in the Data

In today’s world of sophisticated cybercrime, detecting fraud relies on analyzing transactional behavior and using advanced algorithms to identify patterns that might otherwise go unnoticed. Kasiviswanathan explains: “Advancements in data analytics, machine learning, and behavioral analysis have made it easier to detect fraudulent activities in real time. The most valuable data points for detecting cyber fraud include user behavioral data, device fingerprinting, geo-location, biometric data, and historical user data.”

Behavioral data – such as how, when, and where a user transacts – has become a crucial tool in the fight against fraud. For instance, an IP address originating from a suspicious location or an unusually high volume of transactions can raise red flags. Neha further explains: “In the event of a hacker breaching an organization, forensic audits and root cause analyses are essential. They aid organizations in identifying the specific vulnerabilities that were exploited, whether it was an overlooked software patch or outdated encryption protocols. Ultimately, this detailed analysis is crucial for tracing the origins of a breach and ensuring better containment of future incidents.”

Protecting WFH Employees

Hackers have adapted remarkably well to the work-from-home era, exploiting unsecured home networks, phishing attacks, and sophisticated social engineering techniques. Remote employees are particularly vulnerable to malicious emails or text messages disguised as work-related communications or service requests. However, financial institutions have responded by deploying Virtual Private Networks (VPNs), multi-factor authentication (MFA), and advanced Endpoint Detection and Response (EDR) systems to enhance their defenses. But technology alone isn’t enough.

Neha shares details about the awareness program: “Cybersecurity awareness programs that teach employees how to recognize phishing attempts and suspicious activity have become one of the most important tools in this ongoing fight. We’ve learned that even the best technology can be undermined by human error, so employee training is the front line of defence that must not be overlooked.”

There are a few common techniques used by hackers to target work-from-home employees. They use social engineering to trick employees into divulging sensitive information or making critical mistakes. Attackers leverage weak personal devices or email phishing to gain entry, leading to a surge in malware and ransomware infections.

MFA & MDM

Remote employees often use personal devices for work that may not be adequately secured, may lack endpoint security, encryption, or updated software, and to mitigate these risks, organizations should take countermeasures.

Kasiviswanathan advocates: “MFA (Multi Factor Authentication) has to be made mandatory for all remote employees accessing corporate systems. This requires a second layer of authentication (one-time codes, mobile authenticator apps, etc) beyond just a password. Industry best EDR solutions must be present on employee devices, which can continuously monitor, detect, and respond to suspicious activities in real time.”

Companies should also enforce strict device security policies thru Mobile Device management solution (MDM), requiring all devices used for work (both corporate and personal) to meet security standards, including encryption, regular updates, and endpoint protection.

Phishing & Malware

The threat landscape is changing rapidly, and traditional defenses are no longer sufficient. Phishing and malware attacks have become more advanced, exploiting real-time vulnerabilities. Neha says: “For CISOs, the focus should be on implementing a multi-layered security architecture that incorporates behavioral analytics, AI-powered threat detection, and machine learning algorithms to anticipate and adapt to these evolving threats.”

Finance companies should adopt Zero Trust Architecture (ZTA) to restrict lateral movement within networks and ensure that every access request is continuously verified. Additionally, integrating continuous threat intelligence is crucial – this allows systems to learn from emerging global attack patterns and update protection protocols in real time. Automated incident response systems should be implemented to promptly isolate infected systems and prevent further spread without requiring human intervention.

Tech that Fights Threats

Patch management must be proactive, not reactive. Cloud-native security solutions, along with micro-segmentation to isolate sensitive assets, can offer dynamic protection. Says Neha: “In short, cyber defenses today require a real-time, adaptive approach, driven by AI and automation. Legacy solutions simply can’t keep pace with these sophisticated and rapidly changing attack patterns, and waiting too long to upgrade could spell disaster”

Kasiviswanathan shares his views: “Organizations have to ensure that their protection systems are foolproof through continuous threat intelligence and monitoring, along with regular updates to security solutions and AI and ML-driven security solutions.”


[email protected]

Read more:

Customers attracted to electronics, travel & dining

 

 

 

 

India: A new trinity in digital lending space

Don't miss our updates on your email

Subscribe to our Newsletter

PR Newswire

Copyright © Glocal Infomart Pvt Ltd. All rights reserved. Usage of content from website is subject to Terms and Conditions.