National Council of Applied Economic Research
Opinion: C.S. Mohapatra.
The aggregation of personal and financial data through fintech platforms presents an attractive target for hackers, leading to concerns over data privacy and security.
The digitalized payment landscape, while making transactions more efficient and cost-effective, has unintendedly heightened the risk of cyber frauds and personal data misuse. Cybercriminals exploit vulnerabilities in the system, engaging in phishing attacks, exploiting software flaws, or deceiving users into revealing sensitive information. The aggregation of personal and financial data through fintech platforms presents an attractive target for hackers, leading to concerns over data privacy and security.
Hacktivism, that combines “hacking” and “activism” to use hacking skills for promoting specified objectives, presents multifaceted challenges to India’s financial sector, notably through operational disruptions from denial-of-service attacks and website defacement, exposing data security vulnerabilities that could be exploited for cybercrime. These activities pose regulatory and compliance risks besides inflicting reputational damage, undermining customer trust and potentially leading to financial losses.
In the digitalized world, Application Programming Interfaces (APIs) are important elements of innovation, efficiency and seamless connectivity. These enables different software applications to communicate with each other, playing a crucial role in the functionality of the digital experiences of social media platforms like Facebook, Instagram, eCommerce platforms, YouTube, ChatGPT, etc.
The increasing reliance on APIs, however, has escalated the risk of cyber threats, highlighting the critical need for advanced security measures, including the financial sector. APIs are the unsung heroes of the digital age, enabling the rapid exchange of data and functionality across diverse platforms. In the financial sector, APIs have been instrumental in driving mobile commerce and the Internet of
Things (IoT), with Akamai estimating that APIs drive roughly 83% of internet traffic. The financial sector, a vital component of national infrastructure, has witnessed a surge in API-related cyberattacks.
Cybercriminals exploit vulnerabilities to access or corrupt sensitive data, posing significant risks to consumer trust and financial stability. This widespread adoption underscores the urgency for robust API security mechanisms to safeguard sensitive financial data and consumer privacy.
A proactive and well-coordinated cybersecurity posture, with an emphasis on resilience and collaboration with national cybersecurity bodies like CERT-In and specific financial sector organization, i.e., CSIRT-FIN to safeguard against the evolving threat landscape posed by hacktivism is thus essential.
CSIRT-Fin and CERT-In have been instrumental in protecting India’s financial sector through vigilant monitoring, advisories, and collaboration, yet the dynamic nature of cyber threats demands ongoing enhancements to their efforts. Besides, financial service providers and regulators have to allocate significant resources towards enhancing cybersecurity defences, including adopting advanced threat detection technologies, comprehensive employee training, and developing robust incident response strategies.
AI: A Game-Changer in API Security
Conventional security measures, while necessary, are increasingly insufficient against sophisticated cyber threats that target the business logic of APIs. AI-based security systems are a game-changer, as they are capable of analyzing vast amounts of data to identify patterns and detect anomalies that deviate from normal behavior and allows for the early detection of potential threats, including those that traditional security measures are likely to overlook.
Government, regulatory authorities, and financial service providers, including fintech companies alike are collectively seized with a significant shift towards prioritizing cybersecurity initiatives for investor protection, marking a departure from conventional challenges to embrace a new paradigm where digital security is at the forefront of strategic planning. With cybersecurity steering the course of investor protection, these initiatives will underscore the commitment to shield investors’ interests and assets in an increasingly digital financial realm.
The Digital Personal Data Protection (DPDP) Act, 2023 is all set to bolster consumer protection in the financial sector against malicious threats by enforcingvstrict data privacy regulations, including explicit consent for data collection, data minimization, and stringent security measures to safeguard personal data. It mandates timely breach notifications, ensuring consumers can act swiftly to secure their information.
The DPDP Act aims to create a more secure and privacy-conscious digital financial ecosystem, significantly reducing the risk of cyberattacks and data misuse. In addition, the adoption of AI and ML technologies offers a promising path forward as these technologies provide dynamic, intelligent systems capable of real-time monitoring and threat detection, ensuring that API security evolves in tandem with emerging threats.
Way Forward
It’s crucial for organizations to integrate advanced technologies like AI for real-time critical threat detection, foster stronger public-private partnerships to leverage private sector expertise, and conduct more frequent cybersecurity drills to identify and mitigate vulnerabilities.
Secondly, expanding awareness and training programmes can empower both organizations and consumers to navigate the digital landscape safely. Thirdly, modernizing the regulatory framework by financial sector regulators to reflect the latest cyber threats and ensuring compliance across the sector is the need of the hour.
Additionally, strengthening domestic as also international collaboration for sharing threat intelligence and best practices can provide a preemptive edge against globally coordinated attacks. By adopting these strategies, we can significantly improve the resilience of India’s financial sector against evolving cyber risks.
Thus, the future of financial security lies in leveraging AI to develop adaptive, intelligent systems that can anticipate and neutralize cyber threats. Updating the curriculum, more digital literacy awareness programmes, case-study based learning, addressing different target groups by class-oriented module structure can help address cybersecurity issues. The National Strategy for Financial Education (NSFE) needs to be revamped to orient towards handling the modern issues and complexities of financial world.
As digital financial services continue to underpin the fabric of financial sector today, ensuring their security against cyber threats has never been more important. Hence, there is an urgency of adopting AI-driven security measures by which the financial sector can navigate the complex cyber threat landscape with confidence, ensuring the integrity and resilience of its digital ecosystems, while simultaneously facilitating a robust and stable growth of the financial sector.
The author is a former official of the Indian Economic Service and IEPF Chair at National Council of Applied Economic Research, Views are personal.