Business continuity amid the COVID-19 lockdown is a big issue for all companies. Firms are not just at risk of outages but are also facing continuous data security vulnerabilities and cyber threats. As per a study by PwC, the volume of cyberattacks on Indian companies has gone exponential as cybercriminals utilise the new work paradigm brought about by the COVID-19 outbreak to infiltrate corporate networks and steal data.
With the lockdown around the world, employees are expected to continue working remotely, which is undoubtedly a threat to most companies as the network perimeter has expanded radically. In the new work setting, fraudsters are using fake emails, websites, and VPAs (Virtual Payment Address) for fraud and social engineering.
To understand the situation better, Analytics India Magazine connected with Bharat Panchal, Chief Risk Officer – India, Middle-East & Africa, Fidelity National Information Services (FIS) – a Fortune 500 company and a leading provider of technology solutions for merchants, banks and capital markets firms globally.
Bharat comes with extensive leadership experience in managing cyber threats. Prior to his current role at FIS, he served as the SVP & Head – Risk Management & Compliance at National Payments Corporation Of India (NPCI), and previously was also the Vice President and Group InfoSec Audit Head at Kotak Mahindra Bank.
According to Bharat, to mitigate cyber threats and protect data, FIS is taking a comprehensive and multi-layered approach. “We make use of advanced tools that include artificial intelligence to monitor and detect fraudulent transactions on a real-time basis,” he said. The system continuously monitors various threat vectors and advises our customers to remain vigilant against such cyberattacks.
Here are the edited excerpts from the interaction:
AIM: What according to you are the biggest threats as a result of universal ‘work from home’ scenario?
With India under lockdown, organisations are increasingly allowing employees to work from home. However, as greater numbers of staff access sensitive data and process remotely, the possibility of a data breach, accidental data loss, virus or malware attack is a major risk for businesses across the country. The biggest risk is around accidental or unintentional leaks of sensitive information given the potential for reputation loss, customer claims and regulatory actions.
AIM: Should companies (with sensitive customer data) be using virtual meeting apps like Zoom, given the many vulnerabilities and risks that potentially exist on such platforms?
Cloud-based platforms are a key component to enabling business continuity during remote-working. The best line of defence for organisations looking to protect against platform vulnerabilities is ensuring employees are only using licensed platforms, a security-aware employee base, and the automatic deployment of all available security patches in a timely fashion.
AIM: How may cybercriminals and digital fraudsters outsmart companies banking and finance sector using cyber and social engineering techniques during the COVID-19 situation?
The fraudsters are smart and try to find opportunity in every situation. In the current environment, fake emails for donations, emergency medical support, a charity for migrant labours, feeding to daily wagers etc. are rampant; people could easily be tricked into giving donations on those fake accounts possessed by fraudsters. The moratorium by RBI of EMI of any loan is a good attempt to ease the situation for the middle class. But, fraudsters have started making fake calls/messages to gullible customers asking for OTP to delay their EMIs and make use of pre-collected information about a customer to steal money from their account.
Can you share examples of the multiple ways in which attacks (such as phishing) are happening currently?
Fraudsters are using fake emails, websites, and VPAs (Virtual Payment Address) to solicit donations for a range of fraudulent matters ranging from emergency medical support, charity for migrant labourers, food for daily wagers, to fake hospitals, medicine, and people infected during the pandemic. Businesses can reduce these incidents by monitoring network traffic, transaction patterns, and user access habits. Companies can also reduce data security risks by restricting access to systems and emails for non-critical staff.
AIM: What is FIS doing in this context to help its clients deal with the risk and challenges?
FIS takes a comprehensive and multi-layered approach to risk and security. We also make use of advanced tools including artificial intelligence to monitor and detect fraudulent transactions on a real-time basis. Our risk engine with Artificial intelligence is capable of predicting a probability of fraudulent transactions which helps our customers. We continuously monitor various threat vectors and our advice to our customers is to remain vigilant against such cyber-attacks.