India Insights with Geetha Nandikotkur

CISO Trainings , Forensics , Governance & Risk Management

Indian Banks Recruiting Cybersecurity, Forensics Experts

Finding Professionals with Right Skills Will Be a Significant Challenge
Indian Banks Recruiting Cybersecurity, Forensics Experts

Following recent data breaches, more Indian banks are taking extra precautions to create a secure environment. In a new trend, some scheduled banks are taking the step of advertising for cybersecurity and forensics specialists to work with their CISOs. This is, indeed, a positive sign.

See Also: Live Virtual Summit | Measuring Your Data's Risk & The Cost of Unpreparedness

For example, Union Bank of India recently invited online applications for specialist officers' posts, which included manager - IT systems administrator; manager - IT information and cybersecurity; and manager - IT digital and cyber forensics.

I spoke with CISOs of several banks who confirmed they are recruiting cybersecurity and forensics experts to map risks. These new employees are likely to report to the CISO.

Banks are starved for resources in building cyber resilience, so investing in forensics will build better vulnerability detection capabilities.

Calicut-based Dr. P. Vinod Bhattathiripad, a cyber forensics expert, tells me that Indian banks do not have good forensics policies and lack forensics experts. The security teams only conduct their forensic investigations as part of their compliance efforts, he contends. That's why creating dedicated forensics teams is so important.

Let's hope nationalized banks and smaller banks will follow the lead of the scheduled banks and recruit cybersecurity and forensic professionals in the months ahead.

But finding professionals with the right skills could prove challenging for those banks, given that all sectors are grappling with building cybersecurity capacity. So financial institutions must also work on developing the cybersecurity skills of their staff.

Need for CyberSec and Forensics Pros

While security breaches have prompted banks to recruit forensics and cybersecurity professionals, they are also compelled to meet RBI's new cybersecurity mandates.

RBI has required banks to follow four aspects - detection, response, recovery and containment - as part of a cyber crisis management plan and promptly detect cyber-intrusions to respond/recover and contain the fallout.

Sriram Natarajan, chief risk officer at Quattro, a business process outsourcer, says some CISOs are relatively inexperienced when it comes to the latest banking technologies, including mobile payments, because they focus on traditional IT security, while cybersecurity and forensic professionals are more clued in to hacking trends.

Current security teams seem to lack capabilities to spot system vulnerabilities that could expose banks to cyberattacks.

Banks are also under pressure to improve security because if there's any fraud in the banking transaction, the liability generally lies with the banks and not the customer, according to the RBI.

Will They Find the Talent?

While the movement toward developing in-house cybersecrity teams is encouraging, it represents a substantial new expense.

Dr. Ashwini Sharma, director general of the National Institute of Electronics and Information Technology, which is responsible for building the capacity of professionals, notes: "India can produce 40,000 or less cybersecurity professionals per year, whereas the demand is around 500,000 per year."

The question is: Will banks align with academia and others to develop the cybersecurity professionals India needs?

Banks need to take several key steps, including:

  • Work closely with CERT-In; the National Cyber Security Coordination Centre headed by Dr. Gulshan Rai; and the RBI to develop a training and skill development program for banks;
  • Work with academia and research groups to build a skills development program;
  • Work with the Indian government to tap master trainers for cybersecurity and forensic skills in the banking sector, which is part of the nation's critical infrastructure.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.