Apart from tying up with CERT-In empanelled organisations, Saraswat Co-operative Bank also participates in various cyber drills conducted by regulatory and other subscribed bodies from time to time, states Dimple Santwan (Dy. Chief General Manager) | Head – Information Security Department (CISO), in an interaction with CIO AXIS.
CIO AXIS: What would the threat landscape look like in the next 12 months?
Dimple Santwan: I am looking for a controlled threat landscape in the next 12 months which could be accomplished by continuing to deploy state-of-the-art cybersecurity technologies in addition to the already deployed ones for safeguarding the organization.
CIO AXIS: Can you give an overview of cybersecurity technologies you have deployed?
Dimple Santwan: Some of the significant cybersecurity technologies deployed are
- SOC for Round-the-clock monitoring for cyber threats along with Security Orchestration, Automation, and Response (SOAR)
- SIEM for correlation of rules/building blocks, automatic analysis and correlation to identify known and unknown threats
- Anti-DDoS solution as a preventive mechanism
- NGFW to ensure perimeter security is intact
- WAF to ensure no application is impacted
- DLP to have a robust mechanism with respect to data leakage
- MDM to control spread of information via portable devices
- IDAM to ensure only authorized individuals manage bank’s systems
- AVDF to protect our databases
CIO AXIS: How is Saraswat Co-operative Bank’s cyber security strategy going forward? What would be the biggest drivers for security spending in 2022?
Dimple Santwan: The bank’s cyber security strategy going forward would be to strengthen the already deployed technology where policies are fine-tuned, processes are revised keeping in mind the latest know-how, revaluating the security posture of the bank, and then placing more advanced cybersecurity solutions basis the need. We have set up our SOC which would be the biggest driver for security spending in 2022 due to its diverse need of upgrading and this would be followed by other security solutions.
CIO AXIS: In case a breach happens, how prepared is your organization to deal with such a situation?
Dimple Santwan: While we are positive about bank’s cybersecurity posture, still in case of a breach, we have laid down detailed procedures bearing distinct roles and responsibilities on use case basis. The resilience plan, which is not only created, is also tested from time-to-time and if there are any gaps noticed, same is being taken up as a learning as also if there is a need to revise the policy / process / technology, the necessitating is done. The bank has also tied up with CERT-In empanelled organisations which would look into the forensic part of the breach (if any) on priority. The bank also participates in various cyber drills conducted by regulatory and other subscribed bodies from time-to-time thereby also including a flavour of people awareness with respect to latest or sophisticated cyberattacks.
CIO AXIS: What kind of technologies/solutions do you use to prevent theft or leakage of information from insiders?
Dimple Santwan: While we have a Data Leakage Protection (DLP) security solution in place for web, endpoint and email systems, the entire concept is actually a combination of people, process, and technology. With respect to the people aspect – regular training and awareness is created about data/information theft or leakage wherein all our policies and processes set-up for end users’ responsibilities are sensitized. With respect to the technology, apart from a DLP solution, we have also deployed Mobile Device Management (MDM) solution so as to have a control on official documents on personal devices of staff members. A restriction is also put up on accessing official email from devices other than the official ones, to limit the exposure of information. Even the internet usage is controlled by a proxy solution so as to further lessen the exposure. It is ensured that all ingress/egress points of exposure are always kept an eye on for fine-tuning / further hardening of controls.