INTRODUCTION

The world has progressed from the Industrial Revolution, which came about with the
advent of rapid industrialisation, to the age of the Information Revolution, which is
distinguished by an economy based on information, computerisation and digitalisation.

However, increasing globalisation and digitalisation have brought a lot of challenges.

There has been an alarming rise in cybercrimes on a global scale. With India also moving
towards a digital economy with the adoption of Aadhaar and an ever-increasing
dependency on information, the concerns over cyber security, data protection and privacy
are justified.

Technology is one of the major forces transforming our lives. However, its misuse causes
detrimental effects. The digital era has opened up a Pandora’s box of various concerns
such as Data Theft, Scams, Eavesdropping, Cyberbullying, to name a few, with the
overarching concern on the intrusion to the privacy of Individuals. In an Indian context,
various factors such as Nuclear families and cultural views, have for ages, stifled the need
for personal space and privacy. However, urbanization, digitization and changing
lifestyles have resulted in a growing demand amongst Indians for Privacy and protection
of the Information they share, specifically on digital platforms. In the wake of recent
developments and the Supreme Court holding 'Right to privacy' as a fundamental right
lays the corner stone for a strong data privacy regime in India. The data protection
framework, proposed by the Committee of Experts under the chairmanship of former
Supreme Court judge Shri B N Srikrishna, is the first step in India's Data Privacy journey.
While it is not possible to deter the growth and use of technology, it is important to strike
the right balance between the digital economy and privacy protection which is the key
objective of the Data.

The key objective of the proposed data privacy framework is “to ensure growth of the
digital economy while keeping personal data of citizens secure and protected”. In the
current scenario where everything is moving into the digital space, it is important for us
to move from manual processes to more automation. In the arena of data protection &
privacy, technology serves as a key enabler to ensure and demonstrate compliance.

New laws are taking effect across the globe to regulate the collection, use, retention,
disclosure and disposal of personal information. At the same time, the rate of cyber
attacks, data breaches and unauthorised use of personal data is growing exponentially. In
the current environment, it is more important than ever, particularly for those
organisations handling financial data, health information and other personally identifiable
information, to understand the rights and obligations of individuals and organisations
with respect to personal information.

While it may be easier said than done to implement new policies and best practices,
companies are faced with the additional challenges of evaluating and deploying new
technologies that simultaneously may both hinder and help with compliance in view of
the new privacy and data security regulations. For example, blockchain technology offers
significant advantages for a wide variety of applications from a data security perspective,
offering the ability to record transactions in a decentralised and immutable fashion.
However, these same technological principles may raise complex issues when looking at
compliance with new privacy regulations. For example, in connection with the “right to
be forgotten” under the GDPR, how is a subject’s personal information to be erased from
an immutable and fully-distributed blockchain? A variety of solutions have been
proposed to provide for greater control and management of information with blockchain,
including anonymous transactions and voting systems, secret contracts and blind
auctions, but they will have to be evaluated in view of the evolving regulatory
framework.

Before an Organization can make decision on the technical measures it should adopt for
data protection, it needs to understand the data protection risk posed by its data
processing activities and the wider environment in which it operates. Assessment of
technology risks is essential to improve the technology stack of an Organization so that
they are better equipped to address the threats that they are exposed to given the nature of
service and operating environment. This would require deployment of Technical systems
specifically around network security, application security and IT Infrastructure in order
ensure personal data is collected, stored and handled in a secure manner.

Further, in the wake of the Supreme Court ruling that privacy is a fundamental right,
there is a growing sense of urgency in India to have in place a proper legislative
framework to address the concerns over cyber security, data protection and privacy.
BACKGROUND (Literature review)

1) Disclosed is a cyber-security system that is configured to aggregate and unify data

from multiple components and platforms on a network. The system allows security
administrators can to design and implement a workflow of device-actions taken by
security individuals in response to a security incident. Based on the nature of a
particular threat, the cyber-security system may initiate an action plan that is tailored
to the security operations center and their operating procedures to protect potentially
impacted components and network resources.
THOMAS, B., Scott, D., BROTT, F., & Smith, P. (2019). U.S. Patent Application
No. 16/185,865.

2) With the significant improvement in deployment of Internet of Things (IoT) into

the smart grid infrastructure, the demand for cyber security is rapidly growing. The
Energy Internet (EI) also known as the integrated internet-based smart grid and
energy resources inherits all the security vulnerabilities of the existing smart grid. The
security structure of the smart grid has become inadequate in meeting the security
needs of energy domains in the 21st century. In this paper, we propose a cyber
security framework capable of providing adequate security and privacy, and
supporting efficient energy management in the EI. The proposed framework uses an
identity-based security mechanism, a secure communication protocol and an
Intelligent Security System for Energy Management to certify security and privacy in
the EI. Nash Equilibrium solution of game theory is applied for the evaluation of our
proposed ISSEM based on security events allocation. The formal verification and
theoretical analysis show that our proposed framework provides security and privacy
improvement for IoT-based EI.
Sani, A. S., Yuan, D., Jin, J., Gao, L., Yu, S., & Dong, Z. Y. (2019). Cyber security
framework for Internet of Things-based Energy Internet. Future Generation Computer
Systems, 93, 849-859.

3) The author puts forward his point that the weak link in cyber safety - the human angle. He
points out that the place of the crime, the criminal and the machinery used can be out of
the Indian jurisdiction. Today Internet is used by common people, making them easy
targets for cyber criminals. Data is a broad categorisation, from credit-card information to
 bank and other financial records to personal information. The current resolution to this
very grave and farreaching issue lies in basic awareness, protection and care, by
education.
MATHEW K

4) Cyber security is a field that is becoming more and more important. Yet many
universities do not put much focus on teaching this subject to students. This is especially
true in liberal arts schools. By creating easier to understand and enjoyable course work in
this subject universities could help their students became stronger in their cyber security
knowledge. Through online courses and labs that allow students to actually test what they
learned in a real world simulation student will get a better understanding of the world
around them.
McDowell, J. (2019). Making Cyber Security More Accessible To Students.

5) Systems and methods for a cyber security system with adaptive machine learning
features. One embodiment is a system that includes a server configured to manage a
plurality of user devices over a network, and a user device that includes an interface and a
processor. The interface is configured to communicate with the server over the network,
and the processor implements a machine learning function configured to monitor user
interactions with the user device over time to establish a use profile, to detect anomalous
use of the user device based on a variance from the use profile, to determine whether the
anomalous use is representative of a security threat, and to instruct the user device to
perform one or more automatic actions to respond to the security threat.
Glatfelter, J. W., Kelsey, W. D., & Laughlin, B. D. (2019). U.S. Patent Application No.
15/647,173.

6) Cyber security comprises of technologies, processes and practices designed to protect

computers, programs, networks and data from hacking, damage or unauthorized access.
Cyber security is also sometimes conflated inappropriately in public discussion with other
concepts such as privacy, information sharing, intelligence gathering, and surveillance.
Cyber security comes into picture as well as we encounter cyber crimes. To avoid giving
cybercriminals the initiative, it is important for those involved in the fight against
cybercrime to try to anticipate qualitative and quantitative changes in its underlying
elements so that they can formulate their methods appropriately. The importance of being
 acquainted with the effects of cyber crime keeping in mind the recent activities that have
taken place and offering solutions to protect an individual and/or an organization from
them is laid down in this paper. Types of cyber security and cyber attacks are listed in this
paper. It also throws light on the state of cyber crimes and cyber security in India. A gist
of Indian cyber laws is presented in this paper as well
SHWETA GHATE - Department of Computer Science, Institute for Excellence in Higher
education, Bhopal, M.P. (India)

7) Cyber security is the activity of protecting information and information systems

(networks, computers, data bases, data centers and applications) with appropriate
procedural and technological security measures. Firewalls, antivirus software, and other
technological solutions for safeguarding personal data and computer networks are
essential but not sufficient to ensure security. As the authors' nation rapidly building its
Cyber-Infrastructure, it is equally important that they educate their population to work
properly with this infrastructure. Cyber-Ethics, Cyber-Safety, and Cyber-Security issues
need to be integrated in the educational process beginning at an early age.
https://www.techrepublic.com/resource-library/whitepapers/cyber-security-challenges-
for-society-literature-review/

8) The term cyber security is often used interchangeably with the term information
security. This paper argues that, although there is a substantial overlap between cyber
security and information security, these two concepts are not totally analogous.
Moreover, the paper posits that cyber security goes beyond the boundaries of
traditional information security to include not only the protection of information
resources, but also that of other assets, including the person him/herself. In
information security, reference to the human factor usually relates to the role(s) of
humans in the security process. In cyber security this factor has an additional
dimension, namely, the humans as potential targets of cyber attacks or even
unknowingly participating in a cyber attack. This additional dimension has ethical
implications for society as a whole, since the protection of certain vulnerable groups,
for example children, could be seen as a societal responsibility.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
APPLICATION

In most countries, direct money siphoning from banks through cyber-attacks are small-
scale frauds through phishing attacks and cloning/stealing of payment cards/net banking
identities/information. These are high-frequency but low impact events. RBI data and our
estimates show that during 2008-17, banks in India faced 1,30,000 reported cases of
cyber fraud involving an estimated Rs.700 crore. This is equivalent to just 0.006% of the
outstanding deposits of Indian banks. By contrast, a severe cyber attack can result in bank
failure even when no money is lost directly.

The main threats that a bank faces from cyber attacks include breach of customer data
privacy, loss of reputation, business discontinuity, loss of assets/business information,
post-breach information security revamping cost, third-party claims and penal actions
from regulators. Strong customer data privacy protection norms and stringent penalties
for infringement have been the main drivers of robust cyber security arrangements by
banks in most OECD countries. For example, General Data Protection Regulations
(GDPR) in the EU imposes a penalty of up to €20 million, or up to 4% of the annual
worldwide turnover, for violation of norms.

The extent of data privacy norms in India is far less stringent versus those of the GDPR.
Besides, the predominance of public-sector banks creates the impression of an implicit
sovereign guarantee against the failure of such banks. This reduces the threat of
reputation loss of public-sector banks due to cyber attacks. Also, the severe implications
of a cyber breach seem to be lost on a large number of bank managements. These factors
could have created a relaxed attitude among banks to cyber-risk management.

At the same time, even in industrialised countries, the sensitivity of banks to cyber attacks
and investments for cyber risk management have gone up sharply only in the current
decade. For a large part of this period, Indian banks, especially those in the public sector,
were faced with serious asset quality deterioration, restricting their capacity to invest in
cyber security.

Indian banks do not have much choice concerning a major revamp of cyber security.
Cyber attacks are global in nature and, with better cyber-risk preparedness in OECD
countries, hackers are increasingly focusing on vulnerabilities in emerging-market
countries. This can create existentialist problems for Indian banks. For example, the
money siphoned off from Cosmos Bank is 14 times the bank’s FY18 profit.
The regulatory situation in India is also becoming more stringent. In 2016, the RBI has
asked banks to put in place board-approved, robust cyber-risk management systems. The
regulator has also set norms that put losses due to cyber attacks almost exclusively on
banks. Most importantly, the draft Personal Data Protection Bill, 2018, has proposed that
for breach of personal-data protection, banks would face penalties similar to those under
the GDPR.

The detailed analysis of cyber-risk management by listed Indian banks shows that there is
considerable divergence in the cyber-risk preparedness of Indian banks. While private-
sector banks generally exhibit greater cyber maturity than the public-sector banks, there
are numerous exceptions. The perception that smaller banks generally have lower levels
of cyber-risk preparedness and, thereby, greater vulnerability, however, does not seem to
be true.

Many of the ‘old’ private sector banks appear to be better prepared than their larger peers.
Indian banks seem to focus more on identification and prevention of cyber-attacks than
breach detection, crisis management in the immediate aftermath of detection and
corrective measures thereafter. As examples of major global banks including the Bank of
America, Citi, JP Morgan Chase, PNC, USB or Wells Fargo suggest, irrespective of
the cyber investment, preparedness and management, cyber breach is a near certainty for
banks. Quick breach detection and appropriate corrective actions decide the impact of
such incidents on banks. It is high time that Indian banks wake up to harsh cyber realities

Cyber crime has jumped to the second position as the most reported economic crime and
financial institutions are prime targets. As cybercriminals find new ways to attack,
breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and
social engineering evolve and become more sophisticated. Organisations need solutions
that assess their own and their vendors’ vulnerabilities in real-time.

In India, banks have been seeing relentless attacks from possible state and non-state
actors, organized crime and hacktivists. This was illustrated in the case of Canara Bank,
when in Aug 2016, a hacker from Pakistan, attacked and defaced the bank’s site by
inserting a malicious page and tried to block some of the bank’s e-payments.

For financial and banking institutions, the Union Bank case breach highlighted a few
important things. The first is the dynamic nature of new malware; the second is the
importance of security awareness within the organization; and lastly the effectiveness of
the existing security monitoring practices. Due to effective action on the part of Union
Bank of India, there was no loss to the institution, highlighting the importance of incident
response readiness.

Top 5 Biggest data breaches and hacks:

1) Yahoo believes that "at least" 500 million user accounts were stolen, which would
make it the biggest breach of all time.
2) A massive data breach targeting adult dating and entertainment company Friend
Finder Network has exposed more than 412 million accounts.
3) The hotel chain asked guests checking in for a treasure trove of personal information:
credit cards, addresses and sometimes passport numbers. On Friday, consumers
learned the risk. Marriott International revealed that hackers had breached its
Starwood reservation system and had stolen the personal data of up to 500 million
guests.
4) Twitter Inc urged its more than 330 million users to change their passwords after a
glitch caused some to be stored in readable text on its internal computer system rather
than disguised by a process known as “hashing”.
5) Chinese resume leak: 202,730,434 records contained the details not only on the
candidates’ skills and work experience but also on their personal info, such as mobile
phone number, email, marriage, children, politics, height, weight, driver license,
literacy level, salary expectations and more.

The banking and financial services industry, in particular, has become the target of the
major cyber attacks. In this post, we will look into the major threats and potential
solutions for cyber security in the banking and financial services sector.

The banking and financial services sector faces almost three times more cyber-attacks
than any other industry. Banks are where money is. Additionally, the banks also possess
data of millions of users. So, for cybercriminals, attacking banks offers multiple avenues
for profit through extortion, theft, and fraud. More and more, financial services
organizations are operating under a constant state of attack, leaving IT and security teams
challenged in their ability to collect, disseminate and interpret malicious events.
CYBER SECURITY SOLUTIONS FOR THE BANKING & FINANCIAL
SERVICES SECTOR

Communication and Intelligence- The cybersecurity and fraud have now shifted from a
walled-garden approach to a holistic one, and this has brought a better communication
and intelligence sharing. This comes down to not just technology, but people and process.
It helps to shift cybersecurity analyst that is very much focused on technology and cyber
controls, to an analyst that understands the business and can have a conversation with the
customer in the payments space. This approach can also be seen in the language of
modern cybersecurity vendors.

Scenario-based Testing- Structure exercises and scenario testing are also one of the best
ways for the banking and financial industry to protect from cyber threats, specifically
when they are conducted across the industry. Doing exercises, like getting everyone
around the table and you recreate different scenarios to understand where your gaps are
and what you do well, it also gives an understanding about what needs to be built into
your cyber process and resiliency process. It is essential to do that with everyone within
the organization: legal, compliance, the business, cyber, the operations staffs, the
technology staffs and even with peers.”

Cross-industry Collaboration- In order to progress in combating today’s cyber threats,

banks need to stop keeping the cyber strategy a closely guarded secret with banks staffs
only. In today’s time threats exploiting the ecosystem, don’t look for an individual link in
the chain, whereas they look for weak points in the end-to-end chain.So the response
means we have to work together as an ecosystem. Moreover, as soon as you make it more
difficult, start sharing and taking away the different avenues to target any bank and
increase awareness, you making it a less alluring environment for adversaries to engage
in.

Actionable Awareness- Financial and banking Industry is seeking to get more actionable
insights not just for their security analysts but also for the people within the business
units. It allows intelligence to quickly turn into a response by the most relevant people,
especially important in a landscape where breaches happen in a heartbeat. It is important
in the payments system, to create intelligence inside the bank and publish it out and
circulate that fast and someone needs to receive it and do something with it, so actionable
intelligence. That more likely to speak a common language. So being able to say, here is
a set of accounts and a volume of transactions that you should be mindful of so that they
can set alerts.

From perimeter security to multiple layers- Banks need for a change its perimeter
security to in-depth multi-layers defence. Realizing the fact that sooner or later someone
will get in and catching them when they get in, seeing what they do and being able to
respond by having multiple layers of defence is important.

IMPLEMENTING BLOCKCHAIN TECHNOLOGY FOR CYBER SECURITY

Blockchain technology can be very useful for tightening cybersecurity. Blockchain could
reduce banks infrastructure costs by US$ 15-20 billion per annum by 2022. Owing to
their distributed nature, blockchains provide no ‘hackable’ entrance or a central point of
failure and, thereby, provide more security when compared with various present
database-driven transactional structures.

Blockchain technology Applications in FinTech & Cybersecurity:

 Resolving the “lack of trust” problem between counterparties at the basic level

 Eliminates human intervention from the Authentication process

 Ensures decentralized storage

 Cryptographic security that protects that storage from unauthorized modification

 Has the potential to improve everything from improving data integrity and digital
identities to enabling safer IoT devices to prevent DDoS attacks

 Provides traceability of all transactions

 Synchronized, consensus-based third-party validation on every recorded transaction

DISCUSSION

Personal data is anything that is specific to you. It covers your demographics, your
location, your email address and other identifying factors. It’s usually in the news when it
gets leaked (like the Ashley Madison scandal) or is being used in a controversial way
(when Uber worked out who was having an affair).

Lots of different companies collect your personal data (especially social media sites),
anytime you have to put in your email address or credit card details you are giving away
your personal data. Often they’ll use that data to provide you with personalized
suggestions to keep you engaged. Facebook for example uses your personal information
to suggest content you might like to see based on what other people similar to you like.

In addition, personal data is aggregated (to depersonalize it somewhat) and then sold to
other companies, mostly for advertising and competitive research purposes. That’s one of
the ways you get targeted ads and content from companies you’ve never even heard of.

Scope and challenge for Cyber Security professionals

Cyber security is referred to as information technology security, focuses on protecting

computers, networks, programs and data from unintended or unauthorized access, change
or destruction.

Increase in criminal activities through computer network has led to the focus of attention
towards protecting sensitive business and personal information, as well as safeguard
national security.

Most developed nations agree that cyber attacks and digital spying are the top threat to
the country's security, out shadowing terrorism.

Subsequently, scope for Cyber security professionals in data protection system of the
nation, companies, etc., is huge.

In fact, today national security and business interests of a country totally depends upon
cyber security.

Entry-level position of a cyber security professional is a position that requires least work
experience with the responsibility of correlating broad security guidelines of the
organization with daily security operations.
Middle level managers' responsibility would be management of security programs, data
security, policy creation & management, business continuity and disaster recovery. Only
persons with prior experience are likely to be considered for this position.

Next top-level position is Chief information officer. The role of this senior position is to
rationalize cost of current and future investments to minimize information risks. This
position is only meant for persons with good experience.

Although there is a little chance for a fresher but you can get the job after having few
years of experience.

Pre-requisite for Cyber Security Job:

Must be a graduate in any discipline, but preferred, a degree in computer science.

Basically, candidates with software engineering background can easily make their way in.

Good knowledge of computer networks and understanding of hackers mind is a must.

Certified courses like CISA (Certified Information System Auditor), CISM (Certified
Information Security Management), CISSP (Certified Information Systems Security
Professionals) are available for aspiring students.

Other well-known courses are CCSP (Cisco Certified Security Professional) and MCSE
(Microsoft Certified System Engineer)

Cyber security professionals are much sought by state police departments, intelligence
wing of the army and private companies.

Salary for cyber security professional with one-year experience is around Rs 300,000 Per
Annum.

Persons with 5 years of experience can yield about Rs 8 to 10 Lakhs.

In India, scope of cyber security job is very bright. but with some experience its a
lucrative career option. As world is coming together, we need more secure and reliable
communication systems.

According to an updated press note, with more information and data being hacked these
days, the role of cyber security professionals is going to be extremely challenging.
CONCLUSION

Recognition of the new and evolving international privacy and security regulations is a
requirement, especially in view of the threat of increasing liability and risk with statutory
penalties and class action lawsuits. Implementing a compliance programme with a set of
best practices for privacy and data security will surely help mitigate these risks, but it is a
continuing process, especially as companies face new hurdles when rolling out new
systems and technologies.

This is particularly true where newer technologies, such as blockchain and AI, are
incorporated into systems in a manner that simultaneously offers important contributions
to security and privacy while exposing new vulnerabilities and concerns. Thus,
companies may be well-served by a privacy by design approach that promotes privacy
and data security compliance from the start in order to mitigate risk down the road.

There is no doubt that the challenges of securing information and financial assets of the
customers and citizens, as well as to provide cutting-edge services, in a competitive
business environment will test the financial institutions severely. This is a battle to be
fought on various fronts and it is essential to plan well, commit fully, exercise rigorously
and execute flawlessly. A lot can be done by taking a collaborative approach, which will
reduce the cost of business without compromising quality, trust and reliability.

The target of the report was to present the importance of Cyber Security in India and also
analyse the present framework and policies of government. There is an increasing rate in
the number of Cyber Attacks throughout the globe causing large amount of loss top
business, user’s privacy and data. India’s cyber Attack’s situation is running parallel,
response to the Cyber Attacks but such policies failed due to lack of resources and serious
government interest. As a result the users in India are still not safe when connected to the
Internet. Along with the users, businesses have incurred huge losses, which could have
been saved by paying little attention to the cyber security aspect.
REFERENCES

https://www.pwc.in/assets/pdfs/publications/2018/an-overview-of-the-changing-data-
privacy-landscape-in-india.pdf

https://www.stoodnt.com/blog/cybersecurity-in-banking-financial-services/

https://Economictimes.indiatimes.com/markets/expert-view/expert-take-indian-banks-
need-to-wake-up-to-harsh-cyber-realities/articleshow/65509359.cms?from=mdr