SBI’s recent data breach revelation is sending shock waves through the industry. But to be honest, it should not come as a surprise to anyone. Data breaches are unfortunately far too common, even in the banking sector. The notion that banks have more security budgets and are hence more secure than other organizations is just a myth.
Just a few years ago, we saw one of the largest data breaches in India’s banking system, where nearly 3.2 million debit cards were affected. More recently, in August 2018, another bank became a victim of a cyber-attack, and saw nearly Rs 100 crore being siphoned off followed by over 4 leading banks in India.
Speaking about the growing incidence of breaches, Dharshan Shanthamurthy, Founder and CEO, SISA Information Security Worldwide said, “The biggest reason for this is not so much the absence of security standards. Rather, it the implementation that falls woefully short, especially in India. Often, organisations, including banks, take a check-the-box approach to security, rather than making an active effort to maintain top notch security of data. Given that new threats emerge every single day, a passive approach to security can backfire in a big way.”
Sometimes, it can be a case of pure carelessness. In the recent case of SBI, the breach is appeared to have occurred because SBI forgot to secure a key server in Mumbai that was hosting sensitive information. This negligence may have led to details of millions of bank accounts being leaked say media reports.
As the number of online transactions increase, hackers are upping their game, finding new ways to penetrate an organization’s security measures. The responsibility of maintaining the security of organizational data lies with organisation’s leadership team and management. They need to take strong steps to evaluate their current standing, identify vulnerabilities and take measures to fill any gaps.
There are several measures that the Government can take as well to avoid or at least minimize breaches for this nature. One is to make the regulation even more strict, so that organisations take security far more seriously. Harsher penalties can also help to a large extent.
On their part, organizations need to place greater focus on breach detection and invest in stringent self-assessment at regular intervals to ensure water-tight compliance on security.
As technology becomes more complex, so will security. But taking basic, common-sense measures to ensure that all bases are covered, is imperative, especially for organizations that deal with large volumes of data, day in and day out.