Is june@2023 a good or bad password? This was a poser thrown at the audience by Shibu K Thomas, Joint General Manager & Chief Information Security Officer of South Indian Bank.
The chief information security officer of SIB was speaking during the panel discussion on 'Securing the Digital Banking System' organised as part of Manoramaonline Techspectations held at Le Meridien in Kochi on Friday. It was one of the student participants who answered.
“It is very common for people to use their own names with their year, current or birth year. This can easily be hacked by a normal brute-force attack,” said Abhay Das, an engineering student of Amrita Vishwapeedom, Kollam. Shibu said Abhay was spot on.
“Please avoid guessable passwords,” Shibu said. “If you use such passwords, you are leaving yourself open to a cyberattack,” he said. In fact all the panelists, all of them experts of cyber security, strove to drive home the importance of sensible users in the prevention of cyber crime.
These hackers are running a set of programmes to net passwords that are easy to guess. That is how they sneak into your network and snatch your credentials. Once they get hold of it, it is easy for them to do the transaction,” said G Venkataraman, Chief Information Security Officer, ESAF Small Finance Bank. He suggested that people were so careless that they don't bother to memorise their passwords and, at times, even share it with others.
Babu Thomas, the Senior Vice President & Head - IT of Federal Bank said that every person using a digital facility should be mindful. “Mobiles are routinely getting hijacked by applications that are controlled remotely,” Thomas said. Malicious elements are roaming the net in search of an opportunity. They would find nothing more exciting than soft self-possessed passwords.
The Federal Bank VP wondered why people would share OTPs. “Except in the case of Flipkart or Amazon, there is no other place you have to share your OTP for a financial transaction,” he said. He discouraged the use of a common single password for all our different uses. “Once this password is compromised, all our accounts are getting compromised,” Thomas said.
Venkataraman of ESAF served a warning. “Account takeover is increasing at an alarming rate. There are so many free tools to achieve this purpose. In fact there are APIs (Application Programming Interface) available, which would interface with the user and take over the accounts,” he said.
Arvind Ganesan, Business Head, India - BFSI & Enterprise of Akamai Technologies flagged the issue of DDoS (distributed denial-of-service) attack. DDoS is an online fraud attack that essentially chokes the websites of banks and financial institutions. Arvind called the phenomenon of virtual mercenary teams carrying out DDoS attacks as “the return of the hactivist”.
Most of the experts seemed to suggest that if a DDoS attack happens, there is nothing much that could be done. Babu Thomas of Federal Bank said that tools were available. “Cloud-based services are available. But when it comes to DDoS attacks, you just have to prepare for the worst,” Thomas said.
In fact, he said DDoS attacks could be outsourced to entities in the darknet. “Theere are teams out there in the net who can do the hatchet job for you for a nice sum of money,” he said. Quotation gangs on the web.
Babu Thomas said DDoS attacks would continue. “They bombard you with massive amounts of data, and will send specific data packets to choke your system. The only thing we can do is to harden our systems,” he said.
Venkataraman of ESAF said a DDoS attack, by bringing down a system, could scale up into a ransomware attack. Meaning, malicious actors could after choking the network seek ransom.
That data security has become perhaps the most towering concern of India could not be overstated. If any indication was required, it was evident at Techspectations. When a hand count was done, there was not one among the packed Techspectations audience who had not done a UPI (unified payments interface) transaction.
Arvind of Akamai said that by November 2022, UPI (unified payments interface) transactions had crossed Rs 2.1 trillion. India's mobile wallet industry, growing at a compound annual growth rate of 150 per cent, is set to touch 4.4 billion dollars by 2024.