Enabled by AI, phishing becomes quite simple

Phishing attacks, a prevalent cyber threat in India, are on the rise, growing 464% YoY in 2023. These attacks, often using social engineering, target human interaction and rely on psychological manipulation. Despite increased cybersecurity spending, there's a need for greater awareness and education. Most attacks aim to steal sensitive information like credit card numbers and passwords. The RBI has issued new guidelines to enhance IT governance and risk management in response to the rising number of data breaches in Indian banks.
Rozebud Gonsalves
  • Updated On Apr 1, 2024 at 10:55 AM IST
Read by: 100 Industry Professionals
Reader Image Read by 100 Industry Professionals

Nitin's attempts to schedule an appointment with a doctor he had found online had proved fruitless. He had almost given up on the phone numbers that had popped up in the online search, when he received a call.

The person claimed to be from the doctor's office and asked him to download a mobile application (app) and fill his personal details to complete the appointment process. Before Nitin realised that something was amiss, he had lost ₹47,000 from his savings bank account. He had been 'phished'.

Such online attacks - called 'phishing'- that rely on human interaction, are on the rise. They are easy to execute and are getting increasingly sophisticated because of the use of artificial intelligence (AI). Also called 'social engineering attacks', these practices don't require complex hacking and rely on psychological manipulation of human emotions.

Advt
Phishing is the most common form of cyberattack in India, accounting for more than 84% of the total cyber threats received every year, according to Acronis, a leader in cyber protection. The attacks grew 464% YoY in 2023, said Acronis.

"There is no one fix that will help us in this case. Educated people fall for it and constant education is the only way, but unfortunately it is not reaching every one," said R Subramaniakumar, chief executive of RBL Bank. "They (scamsters) are coming up with innovative methods again and again."

IT teams in Indian organisations on average receive reports of 15 suspicious emails on any given workday.

According to a report on cyber security trends in 2023 by Nasscom, social engineering attacks in India led to ₹19.1 crore in losses on an average every year.

Spending on cyber security in the BFSI (banking, financial services and insurance) sector in India grew 35% to $1,738 million in 2023 from $518 million in 2019, according to Nasscom. However, there are no regulatory guidelines on the minimum amount that must be spent on cyber security.

Most Indian banks spend 9-10% of their IT budget on cyber security. However, Dilip Asbe, chief executive and managing director of National Payments Corporation of India (NPCI) said spending needs to be increased, and a common threshold on minimum budget for cyber security needs to be implemented.

Advt
"What many countries have adopted is, they have a certain amount of budget to be spent, at least for the financial services. Something like 25% of your IT spend should be allocated to information security", said Asbe. "I think in India that awareness and reality has not stuck, unless the incident happens."

The goal of these attacks is to gain sensitive information like credit card numbers, one-time passwords and personal details. Most of the time, users are the weak link in the chain, as these are direct forms of communication with them.

"Most phishing scams that happen to the general public are not because a security application fell short, but because there is lack of cyber hygiene and awareness", said a security officer of a top private bank. "I don't think we will fall short on buying technologies that will protect; the issue will come in with people's awareness."

Most banks have invested fairly well, and the backend system is secure. But one never knows, said the CEO of RBL Bank. "You are secure till you are breached."

The Reserve Bank of India (RBI) notified a master direction on 'IT Governance, Risk, Controls and Assurance Practices', which will take effect from April 1 this year. The central bank had to rethink its strategy after Indian banks reported 248 data breaches in 2022, a fifth of the world's total.

  • Published On Apr 1, 2024 at 10:54 AM IST
Be the first one to comment.
Comment Now

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles
Scan to download App