Financial organisations that don’t reap the benefits of AI & ML, might fall victims to sophisticated cyber-attacks: Ratan Jyoti, CISO, Ujjivan Small Finance Bank
In this exclusive interview with Express Computer, Ratan Jyoti, Chief Information Security Officer, Ujjivan Small Finance Bank, shed light on the bank’s robust information security ecosystem amid the ongoing digital transformation in the banking sector. As the significance of cybersecurity governance becomes increasingly vital for maintaining the trust of clients and safeguarding operations, Jyoti outlined key elements of Ujjivan’s cybersecurity framework.
Can you provide an overview of your current information security ecosystem?
In an era where digitalisation is at the forefront of banking services, ensuring the security of customer data, financial transactions, and sensitive information has never been more critical. Banks like us today recognise the importance of robust cybersecurity governance to safeguard its operations and maintain the trust of its clients. Cyber security governance structure of Ujjivan, highlighting key aspects that drive its security measures and practices is as under:
– Executive leadership: Ujjivan demonstrates a commitment to cybersecurity from the top down. The Board of Directors includes cybersecurity expertise, ensuring strategic decisions prioritise security.
– Chief Information Security Officer (CISO): The CISO is responsible for formulating and implementing the bank’s cybersecurity strategy and regularly reports to the board.
– Security team: Ujjivan maintains a robust internal cybersecurity team comprising of experts in various domains such as network security, application security, incident response, and compliance with global certs like CISSP, CHFI, CISM, CRISC, CEH, OSCP, CHFI.
– Cybersecurity policies and frameworks: The bank adheres to international standards and industry best practices, including ISO 27001, NIST Cybersecurity Framework, and regulatory requirements.
The global banking ecosystem today on one hand is witnessing technological and digital innovation, and on the other hand, new malware loaders and destructive ransomwares are also seen. With a large adoption of AI and open source systems by banks, threats driven by AI and open source backdoors are today the larger threats to banking systems and so the concept of cyber resilience is vital for banks in today’s connected and digital world.
What steps have you taken to build a robust cyber defence infrastructure?
In the world of constant technological advancement, businesses face both opportunities and challenges. A well-structured cybersecurity strategy is crucial to align with business goals in order to mitigate risks introduced by new technologies in order to meet one or more objectives – protection of customer trust, supporting digital transformations, ensuring regulatory compliance.
We can manage risks arising out of adoption to new technologies are as under:
– Continuous risk assessments: We conduct ongoing risk assessments to identify and evaluate the security implications of new technologies.
– Security by design: We integrate security into the development of new technologies, ensuring security measures are not an afterthought but an integral part of the process and stress testing is done using shift right strategy.
– Real-time misconfiguration monitoring and incident management.
– Risk monitoring and reporting framework as part of ERM framework.
– Cyber defences are configured in line with Business requirements.
– Risk models in line with risk appetites are formulated.
Since the cyber ecosystem is seeing more of one day threat than zero day threats, the preparation for one day threat is necessary for the banks as a part of digital security strategy and alignment of digital security strategy should revolve around the business strategy.
In what ways do you leverage AI and ML in your cybersecurity measures?
We, in our quest to foster customer confidence and effectively managing the security risks in order to meet business objectives, have taken below measures:
– ML based offensive security tool implementation to identify gaps at technological levels.
– Automated supply chain risk management using AI based responses and evaluations.
– ML based user behaviour anomaly detection rules are enabled.
– ML based DNS security solutions.
– Security roadmap in terms of short, mid and long terms goals were drafted in line with business goals.
– At the people front, we have, learning through simulations through gamifications of modules using ML based structures.
– Comprehensive security review was carried out and the gaps were filled out.
– Automated ML based cyber defence.
– ML based Threat Hunting models.
AI today enhances the effectiveness of advanced persistent detection and response, automation and cyber attack detection, the machine learning models can detect anomalies in user behaviour and unusual patterns which other security systems might fail to detect. Financial organisations that don’t reap the benefits of AI and ML might fall victim to sophisticated cyber-attacks.
With the increase in remote working, what specific challenges have you faced in terms of cybersecurity?
Initially the readiness was the first major challenge. While technological readiness was easier to fix but process readiness took time to settle down. Finding trust in all stakeholders was another challenge which led to evolution of remote working strategy in line with the business objective. For a bank like us who are primarily a digital bank and relying on digital channels to support customers, the security transformation and adopting a secure remote working not only for employees but a large set of partners and vendors was a challenge. We ensured that we have a complete visibility of remote traffic at all times and anomaly if any is detected in real time by using AI and ML based solutions and algorithms. A zero trust based remote working strategy was adopted by the bank.
Ransomware attacks are on the rise. What preventive measures do you have in place to mitigate the risk of ransomware?
We have adopted a ransomware prevention detection and a recovery strategy which aids us in our journey to provide a safe and secure environment in following ways:
– Secure and automate backups for reliable and rapid application recovery.
– Helps in protecting data in a secure and scalable platform so it is always ready for recovery.
– It validates each node, requires certificate based mutual authentication.
– Helps with data expiration via monotonic clock.
– Impervious to NTP poisoning attacks that will expire back up easily.
– Two-person rules applies to policy and configuration changes
– Most common method used is RSC read only tunnel.
– Replication is push, no ports allowed IN.
– Automate scheduling and management per cluster.
– Flexible object level operations.
– Backup validations for restore integrity.
– CRC fingerprints for all data stored with data to ensure no modification or corruption.
It is also important to train employees and partners regularly. Monitoring and incident response planning should be a vital part of your cyber strategy. Since no system is full proof, testing recovery and response plan is the key.
What emerging trends in cybersecurity do you believe will have the most impact and how are you preparing for them?
Emerging trends in cybersecurity include increased use of artificial intelligence, machine learning for threat detection and a focus on zero trust security models. To prepare, stay updated on industry developments we need to prepare the workforce through training in such areas.
Along with the same LLM (Large Language Models) is also one of the emerging trends and shall be handled carefully with proper ethics.
Other areas that will see prominence are web3 technologies and so the security of web3 will be very important as they will be attacked too. A large adoption of cloud and attacks on cloud will rise further and so cloud security should be part of the cyber security roadmap for the organisation. Open banking, Open APIs and microservices is seeing prominence and these channels must be secure by suitable strategy like authentication, authorisation, encryption and building trust and visibility through continuous testing and monitoring.
Building a cyber culture is most important.
