In May, a little-known cooperative bank called Urban Cooperative got hacked and as a result lost INR 68 lakh from one of its biggest accounts. For a small bank such as Urban, this was especially a massive blow as cooperative banks have very limited resources. But the incident was a reflection of the growing vulnerability of the cooperative sector to cyber attacks.
Another Maharashtra-based coop bank Cosmos Cooperative Bank was the victim of cybercriminals who installed a malware that certified fraudulent transactions as genuine ones. INR 94 Cr were siphoned off before the bank blocked the malware.
These losses are a major pain for India’s banking sector which has already been bleeding thanks to non-performing assets and the NBFC crisis. So regulators are now stepping in to block vulnerabilities and the Maharashtra State Co-operative Banks’ Association (MSCBA), which represents the cooperative banks of the state, has joined hands with Mumbai-based cybersecurity company Sequretek to roll out a cybersecurity programme for eligible banks in Maharashtra. The company will also set up a help centre to assist banks where customer service assistants will be well-versed in Marathi.
As part of the initiative, Sequretek will remotely monitor and respond to security threats that could potentially disrupt the cooperative banks IT infrastructure and will work jointly with MSCBA to train over 1,000 bank professionals in cybersecurity to manage threats on sites within the member banks compliant with RBI guidelines.
“Analysis of several of the recent security incidents reveals that the majority of them could have been prevented had there been a 24×7 cybersecurity operations centre monitoring it. We were also acutely aware of the fact that these banks do not have the resources to implement the same, said Swati Pande, CEO of MSCBA.
The cost element is probably the number one criteria why such small banks do not have the basic gatekeeping mechanisms in place or why other cybersecurity firms have not explored this segment. But will Sequretek, which works with large banks and financial institutions, make money in such a price-sensitive segment?
Related Article: Indian Banking Industry: The Evolution And The Growth Ahead
The answer is simple, it won’t.
According to Sequretek’s cofounder and CEO Pankit Desai, the company will recover the cost it’s putting into the initiative but beyond that, he is not expecting much. Mumbai-based Sequretek, which in September raised $3.7 Mn (INR 27 Cr), is getting involved to help one of the most vulnerable sections of the digital economy and in the process, it is a step that could eventually help broaden its clientele base which mainly consists of the larger players.
North Korean Hackers Attack Mumbai Bank
Not many know about Mumbai-based Chembur Nagarik Sahakari bank which has only 10 branches and serves customers located in the Chembur suburb of the city. It is highly unlikely that even those staying in Chembur would know about this bank, but four weeks ago, North Korean hackers attacked its servers.
“Just one day after we started our pilot project with the bank, we saw this threat and alerted them to it…I don’t know how they found them,” said Desai in conversation with Inc42 during the sidelines of the event.
The challenge for Desai is that for many of the people his company will have to train, they will have to start with the basics with things likes what cybersecurity is, what a firewall is, and other such fundamental problems.
But there is a silver lining here, according to Desai, is that there is a foundation on which he can build these programmes. “They are not tech-savvy, and now they at the very least know what it is,” said Desai. He added that is in a large part due to RBI core banking guidelines which include IT best practices and procedures, that banks are more aware now.
Another challenge for Desai is accessing infrastructure in far-flung areas and keeping a complex and sensitive topic like cybersecurity from overwhelming the end-user. “I don’t want to throw too many things at them, the big threat will be brought to their attention while the rest will be dealt from us behind the scenes through automation,” said Desai.
The average cost of a data breach for Indian enterprises stands at INR 12.8 Cr, an increase of 7.29% compared to last year, according to an IBM study. The report stated that in India, companies in the industrial sector are highly vulnerable to such breaches. Other sectors that were affected include pharmaceuticals, technology, services and financial sectors. A report by MarketsandMarkets suggests that the current global spend on cybersecurity is expected to grow to $202.36 Bn by 2021.
Underserved, under noticed and underprepared, is how Desai describes the companies and sectors, the six-year-old company would look to engage with in the future for its solutions.
“The attacks are very often targeted on non-tech savvy managers. For example, they find pictures of you in a newspaper during a branch opening. They use AI to scan the web, identify names and numbers of people and send the communication to them and it could be the chairman, CEO, treasurer, the top guys who would be used to gain entry,”
Given that many of the big players will have their solutions, the experience and insights that Sequretek will get by helping the cooperative banks in the state would help it address the SME market in India whose data and practices resemble closely with the ongoing bank initiative. And one of the sectors that Desai said the company is gaining a lot of interest from is manufacturing.
The experience can also come in handy if such programmes take off in other states and which could with time become a better proposition financially in which case Sequretek will be counting its experience of serving these smaller players as a big advantage.
For now, Sequretek will slowly start onboarding these small cooperative banks in batches of 30 to 40 (some of them it already works with) and is hoping to reach all 400 that come under the association. The company claims to service more than 50 enterprise clients in BFSI, media, technology, pharma, and manufacturing.