FM promises Computer Emergency Response Team to combat cyber attacks

Finance Minister Arun Jaitley recognised the rising threat to India’s financial organisations from cyber attacks and announced proposals to create a dedicated response team that could combat Trojan malware such as Odinaff.

Proposing to create a Computer Emergency Response Team in his budget speech in New Delhi on Wednesday, the finance minister said, “Cyber security is critical for safeguarding the integrity and stability of our financial sector. A Computer Emergency Response Team for our Financial Sector (CERT-Fin) will be established. This entity will work in close coordination with all financial sector regulators and other stakeholders.”

Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organisations worldwide, cybersecurity company Symantec said in a press release in October. These attacks appear to be focussed on organisations operating in the banking, securities, trading, and payroll sectors. Organisations who provide support services to these industries have also been targeted.

Although difficult to perform, such attacks on banks can be highly lucrative. Estimates of total losses due to attacks from a related malware called Carbaka range from tens of millions to hundreds of millions of dollars, according to Symantec.

Over the past several years, cybercriminals have begun to display a deep understanding of the internal financial systems used by banks. They have learnt that banks employ a diverse range of systems and have invested time in finding out how they work and how employees operate them. When coupled with the high level of technical expertise, these groups now pose a significant threat to any organisation, the cyber security vendor added.

Jaitley’s proposal is “the need of the hour” Sivarama Krishnan, leader-cybersecurity, at consultancy PricewaterhouseCoopers said in an emailed statement. Linking regulatory authorities will help in the development of more comprehensive guidelines for financial services companies, strengthen sharing of threat information and, consequently, detection, Krishnan said.

Krishnan added that cyber security also becomes more relevant in the context of the government’s plans to back digital finance on multiple fronts, such as the rollout of the BHIM app, the Aadhaar-based point-of-sale machines and digital systems for payments of government and defence employees.

As India’s nascent startup ecosystem grows alongside the number of consumers adopting digital finance, “secure digital transactions is the only way to sustain India's habit of cashless payments”, Bipin Preet Singh, co-founder and CEO of One Mobikwik Systems, which operates the Mobikwik mobile wallet, said in an emailed statement.