Investigative Space Of Cyber Laws Needs To Be More Sophisticated

In an interview with Biztech2.0 Japjit Sandhu, CISO, YES Bank, speaks about his challenges as a CISO, the emerging threats and Cyber Laws in India.

What challenges do you face as a CISO?

The foremost challenge that I face as a CISO is to ensure that our customers feel Yes Bank is a safe and secure place to bank. This can happen only by ensuring that our customer information is safe and that all security processes, policies and procedures are up-to-date. We constantly update the system and mitigate the latest threat vectors.

Another challenge is to constantly educate customers. At YES Bank we make proactive efforts to inform customers of our new security initiatives and update them from time to time.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

What are the threats emerging with the latest technologies such as Web 2.0?

Web 2.0 constantly allows users to seamlessly share all kinds of information in real time. The threats involved in this two-way information exchange are numerous. Threats such as codes injected into pages, users being forwarded to malicious links etc. will assume greater proportions with Web 2.0. These threats primarily focus on the privacy of the end user. YES Bank has not yet taken measures specifically focusing on Web 2.0, as we do not use any of the Web 2.0 related technologies. Hence, we do not see any threat from the same.

Do you feel current cyber laws are in sync with the emerging cyber crimes?

I do not believe that the current cyber laws are in sync with the emerging cyber crimes. Regulatory Compliance needs to be built into a more flawless system. There’s been a lot of debate on this already, wherein controlling bodies have tried to take certain measures, but these measures have not been able to achieve the required results. Firstly, the investigative space of cyber laws needs to be more mature and sophisticated. The confidence of banks in these investigative agencies to track, chase and close cases needs to be strong. Secondly, I feel regulatory compliance needs to strengthen the guidelines and, accordingly, make laws stringent for trespassers.

How can phishing threats be completely neutralised?

Phishing is the biggest challenge to BFSI, and the threat is here to stay. To mitigate phishing threats, a constant educational platform for end users needs to be adopted. At YES Bank we frequently educate customers about our channels of communication and awareness on not sharing passwords, PINs or user IDs. Internally, we continuously monitor our ‘Internet Point of Presence’ from where the HTTP traffic can be analysed closely. We use realtime secure web gateway solutions to ensure that all traffic entering and leaving the YBL infrastructure is safe with real time content filtration. We also get updated about any new websites that come up, that are similar to ours. Finally, to protect our identity on the web, we have tied up with market leaders in the security space to provide us with anti-phishing and anti-pharming services.