The Reserve Bank of India, in its recent Financial Stability Report, has expressed grave concerns over the escalating cybersecurity challenges confronting the financial sector. Alongside its insights, the report incorporates alarming statistics from the Indian Computer Emergency Response Team (CERT-In), highlighting a significant rise in cyber incidents.
According to CERT-In, between January and October 2023, India witnessed cybersecurity incidents totaling 13,20,106. This includes 711 phishing attacks, 4,39,431 cases of unauthorized network scanning/probing, and vulnerable services at 7,18,548 incidents. Additionally, there were 1,44,950 virus/malicious code incidents, 9,820 website defacements, 967 cases of website intrusion and malware propagation, and 5,679 other types of security breaches.
The RBI’s report highlights how these incidents exacerbate the vulnerabilities within the financial sector. With the adoption of remote working, cloud technologies, and increased internet exposures, the financial institutions’ IT environments have undergone significant changes, making them more susceptible to cyber threats.
The nature of cyber threats is rapidly evolving. Basic attacks like DDoS are being overshadowed by more sophisticated ransomware attacks, which not only disrupt business operations but also cause substantial financial and reputational damage. The RBI also warns of the potential of state-sponsored cyberattacks and the implications of AI in cyberattacks, which add to the efficiency of attack vectors.
“Inter-connections among financial institutions, common and high degree of dependencies from third party service providers, volume, and speed of transactions due to increased adoption of application programming interfaces (APIs) and innovative and invasive technologies are some of the major factors that make the impact from cyberattacks a plausible scenario from a systemic perspective,” says the report.