In an interview with ETCIO, Agnelo D’souza talks about how the bank is continuing to invest in technology despite budget constraints.
In this pandemic, what are the current business security requirements in the bank for internal and external customer relations?
The pandemic has immobilized the workforce and hence, ensuring business continuity is the need of the hour. For the last two months, our top priority has been ensuring secure and seamless work from home for our employees. Data security and privacy are key requirements.
Customers should be alert at all times and on the lookout for such frauds. We regularly reach out to our customers asking them to observe some basic precautions to ensure a safe banking experience.
Fraud cases are on rise and we are ensuring effective communication to prevent any sort of banking sacm. We are spreading the message that always remember, a bank will never ask a customer for confidential information such as passwords, OTP, PIN, CVV number etc. If a mail/SMS urgently asks you to take action or warns of consequences, that should be a red flag! Don’t comply until you have verified the message. We have technologies to support and analyse such spikes in our customer queries.
Kotak Mahindra Bank has among the highest digital adoption rates in the country, thus digital security plays a very imperative role. What is your strategy to support the bank’s digital use cases?
The world is grappling with a completely new way of working. Digital and cyber threats are increasing and phishing is the most widely used attack vector. We have threat intelligence and monitoring systems to proactively detect such phishing attacks on our staff and customers through digital channels.
All the basic hygiene practices such as ensuring the user endpoint systems are updated with security patches, antivirus, data leakage monitoring etc. are all the more important now.
To combat digital frauds, we have fraud monitoring systems implemented for detecting spikes through a combination of rule base, prudent statistical models and machine learning. The system is very active and advanced to combat any form of fraud attempt.
In addition, the growth of digital technologies will further pick up and hence, security / processes around these need to mature. There is also a pressure to control costs and hence, investing in and implementing the right technologies is key. Our focus would be more on AI-driven platforms to detect user behaviour anomalies.
How is your IT security team supporting BCP readiness of Kotak Mahindra Bank?
Our security team is equipped with secure access to manage all systems. The Security Operations Centre (SOC) continuously monitors the network connections to detect anomalies. As we are operating from remote locations, communication relies on digital platforms which need to be secured from end to end connection. To protect our communication, we have enabled a secure video conferencing facility for virtual meetings. The activities and deliverables are discussed and tracked accordingly and data is transmitted through highly secured gateways which are monitored by internal teams. We rely on our internal talent more than any vendor support.
As there is increased usage of digital banking channels, we have increased security of our online transactional gateways. Our Net Banking allows customers to transact over a completely secure medium. All their transactions are transmitted via 256-bit SSL encrypted medium, the highest level of security on the internet. The servers are protected with firewalls that make unauthorized access impossible. This gives customer’s trust and reliability in the bank and ensures business continuity too.
As the bank is operating in a work from home phase where the internal teams connect through personal devices as well. How are you managing and ensuring that the network and hardware accessed by internal employees is safe?
The critical network and hardware have to be scaled up to ensure uninterrupted access while working for home. At the bank, the hardware capacity and licenses are augmented to ensure that the considerable increase in volumes can be managed accordingly during such critical times.
The work from home facility has also been extended to IT Infrastructure monitoring and support resources. We have implemented models powered by machine learning for automated threat hunting to detect malware and other malicious behavior in the IT Infrastructure. Our monitoring system works on advanced mechanisms which detect multiple types of malware and anomalies in the network and the system as well operated from any remote location.
Threat intelligence feeds from various providers aid in making threat hunting more effective and reduce false positives. We have also implemented Endpoint threat detection systems to gain higher visibility into activities on the endpoints which are very important in the WFH phase. We have control on the device’s endpoints and network route. So in any attempt of malicious activity, our threat intelligence alerts us and beforehand we can emit the possibility of cyber attack.
The critical areas needing physical access are managed onsite with people operating from the bank branch/office in a safe manner, practicing safe distancing and following health advisories related to personal hygiene habits. We have taken care of security there as well through hardware security alignment.
- Top 12 stocks to look at from banking & financial space after RBI panel recommendations
- Mahindra Thar Secures Four-Star Rating At Global NCAP Crash Tests: Watch The Test Video Here!
- HDFC Bank boss Aditya Puri's record as India's longest-serving bank CEO likely to be unbroken
- Bank Nifty and financials lift up indices; Nifty ends above 12,850
- RBI internal working group recommends promoters to hold higher stake in private banks
- RBI report: Doors could be finally open to large business houses to launch banks
A look at Kotak Mahindra Bank’s IT security plan have 1039 words, post on ciso.economictimes.indiatimes.com at May 11, 2020. This is cached page on Talk Vietnam. If you want remove this page, please contact us.