In November last year India went through a demonetization drive when the government banned the Rupees 500 and 1000 notes. It caused a lot of near term pain with some serious liquidity crisis in a primarily cash driven economy. However, sanity returned in a few months with various private and public sector initiatives driving the move to a cashless economy. But the lack of governance and awareness on cyber has left the consumers and banks exposed to large scale cyber attacks. The recent ransomware attacks were very successful in India, and that feels like just the start.
Wannacry Ransomware attacks were reported across about 48000 computers in India with 60% of targeted victims being institutions and 40% being consumers. On investigation, it was revealed that the weak link that allowed many of the attacks was Windows XP and unpatched Windows operating systems used by institutions. However, about 70% of the country’s ATMs run on these operating systems and largely remain unpatched, hence posing a huge risk to consumer banking credentials.
During the attacks, Cyber Peace Foundation (CPF), which is running a research project monitoring cyber attacks, saw nearly a 56-fold increase in breach attempts at sensors installed across eight states in the country. Computer Emergency Response Team (CERT-In) asked the Reserve Bank of India (RBI), stock exchanges, the National Payments Corporation of India (NPCI) and other vital institutions to safeguard their systems against the ransomware.
Just a few weeks after the demonetization announcement, Prime Minister Mr.Narendra Modi announced the BHarat Interface for Money (BHIM) mobile application, which was downloaded 17 Million times within two months of launch. PayTM, India’s leading mobile payments service crossed the 200 Million users mark earlier this year, and have most recently launched PayTM bank with about $1.4 Billion raised from Softbank valuing the firm at $7 Billion. The “Jan Dhan Yojna” scheme successfully brought about 200 Million unbanked consumers into banking. Post demonetization, bitcoin has started to be more widely used.
This is all great news, but it feels like the country is doing it all too fast, without the right governance, and more importantly consumer awareness on cyber risks. Over the last few years, India has consistently been identified as one of the most vulnerable countries to cyber attacks as the digital infrastructure was growing at a crazy pace without the necessary controls in place. The country has about 300 Million internet users of which about 150 Million are only using mobile internet. However many of these phones use vulnerable operating systems and are easily hacked.
One of the common modes of cyber attacks in the country happens through malicious applications on smart phones. This occurs when users download mobile applications that come with some online offers, and allow access levels to the applications that in turn allow the hacker to ask the users’ contacts to make payments using mobile wallets. With a booming e-commerce industry projected to reach $64 Billion by 2021, banks and payments providers lack the capability to keep Cyber attackers at bay.
Challenges in handling cyber attacks are different depending on if the victim was a bank/firm or a consumer. The problem with banks is the secrecy they maintain about cyber attacks on their systems. A few months ago, data of about 3.2 million debit cards was lost in what is claimed to the India’s biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were all hit by the breach of debit cards. RBI has hence mandated banks to reveal any cyber attacks that banks have had to suffer. Cyber attacks cost Indian businesses about $4 Billion every year as per latest estimates.
Banks in India have also managed to set up shadow or decoy systems which resemble the actual systems and have developed honey pots to trap such hack attempts. However, they still lag behind their western counterparts in sophisticated techniques and forensics needed to counter cyber attacks.
Still, banks are much more prepared to handle cyber attacks than consumers who are easily manipulated. This is primarily because consumers lack awareness of cyber attacks and social engineering techniques by the hackers are getting more and more sophisticated. There are measures from the government (unlike old times) to bring awareness to people on Cyber risks. 90% of the consumers are unaware that the government runs a 24X7 TV channel “Digi-Shala” that focuses on digital payments.
When Demonetization was announced, the Modi supporter in me felt super thrilled about the possibilities as the economy accelerated towards a cashless state. Even the near term pains faced by the common man felt justified in some ways, but it feels like India is ill-prepared to take on cyber risks inspite of efforts from the government and central bank. Watch this space.
Arunkumar Krishnakumar is a Fintech thought-leader and an investor.
Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.