‘Money makes the world go round’, and money mixed with technology can make the world go further round. Digitalization has bubbled over into every facet of our everyday business interactions and coming to the flourishing financial sector, the penetration has been remarkable. BFSI is one of the sectors were customers are getting acclimatized with the new technology platforms at a faster pace. According to a report by MAPE Advisory Group and MXV, “Online financial services in India is expected to be a Rs 15,000-crore market by 2020, up about 15 times from Rs 1,063 crore in 2014, led by a surge in usage of mobile wallets and insurance services, among others.”
SThe banking industry, which goes back centuries into the annals of history, is losing its pedigree and it’s no more confined to traditional brick-and-mortar branch locations as the sector is getting disrupted with new innovative technologies. The world has an estimated 1.2 billion mobile banking users at the end of 2017, which is likely to cross two billion by 2020.
But with every progression comes a set of challenges, the BFSI sector witnesses almost three times more cyber-attacks than any other industry. The sector is also the largest possessor of data, which makes it a lucrative sector for the cyber criminals. Today, threats such as phishing, malware, adware, spam, blended threats, DoS attacks, etc, loom large over the BFSI sector. In a McKinsey survey, it was revealed that digitalization has infiltrated on average a mere 38% across all the key industries, with “61 percent of respondents from BFSI and 57 percent of from IT/ ITeS/ Telecom ranking managing security and compliance high owing to the nature of their business.”
The oligopoly culture is a passé, the financial ecosystem today no more caters to a small fraction of people, but the ecosystem is huge, comprising of customers, clients and vendors. The ecosystem has become highly complex as digital transactions connect financial institutions with their customers, and those customers connect digitally with their own clients and vendors. It creates an uphill task for the CISO/IT team as it is not only about securing the traditional third-party relationships, but it is also about keeping an eye on the threats coming from fourth-party providers of financial data connections.
With a spike in the number of relationships, it becomes quite difficult to monitor and assess the vulnerability of each financial participant. In such a scenario, the IT teams have to ensure that they have a system to monitor their vendors or other third party providers continuously. In case of fourth party, when it gets affected by some ransomware attack, there are high chances of the third party, who has the company’s crucial information also to be affected. Therefore, it becomes imperative for IT to keep a close watch on fourth party activities too.
In 2016, data security breaches costed the BFSI industry nearly $4 billion and exposed an average of 24,000 records per incident. Also, with the rise in IoT devices, the risk accelerates for cyber-attacks. Not only IoT, but every new technology brings a lot of challenges with it. At the same time, the cyber criminals are always on the lookout for some potent attacks, giving a headache to the IT team.
Well, the IT team could be gearing up or have geared up to keep all threats at bay, but the team often overlooks the fact that the humble printer can play a spoilsport in the system.
“Sixty percent of companies had a data breach involving printers and an average of 44% of network-connected printers within their organization are insecure in terms of unauthorized access to data stored in printer mass storage,” says a Ponemon study.
The study also adds that on an average 55% of devices are insecure in terms of access to data stored in printed hardcopy and an average of 44% of devices are insecure in terms of access to data stored in printer mass storage. The printers today hold confidential employee records, credit card numbers, patient's health records and other important documents.
While the IT team deeps dive to safeguard all the end-points to avoid any attack, but in the maze pays no heed to printers.
Print encryption: To secure the transmission of data, it is important that companies should enable printers with characteristics of automatic file encryption.
Storage media: Imaging and printing devices store sensitive information on internal drives or hard disks, which can be accessed if not protected.
BIOS and firmware: Firmware that becomes compromised during startup or while running could open a device and the network to attack.
Mobile printing: Employees who print on the go may accidentally expose data, or leave printouts unsecured.
Management: Without adequate monitoring, security blind spots across your fleet may remain undetected and increase costly data risks.
Network: Printing and imaging jobs can be intercepted as they travel over the network to or from a device.
Input tray: Special media for printing checks, prescriptions, and other sensitive documents can be tampered with or stolen from an unsecured tray.
Ports and protocols: Unauthorized users can access the device via unsecured USB or network ports or via unsecured protocols (such as FTP or Telnet).
Control panel: Users can exploit imaging and printing device settings and functions from an unsecured control panel, and even disable the device.
Cloud-based access: Unsecured cloud connectivity may expose data to unauthorized users.
Capture: Multi-function printers can easily capture and route jobs to many destinations, potentially exposing sensitive data.
