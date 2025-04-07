By Surabhi Gupta
New Delhi: To protect India's rapidly evolving banking and financial ecosystem against emerging cyber threats, the Ministry of Finance, Ministry of Electronics and Information Technology (MeitY), CERT-In, CSIRT-Fin, and global cybersecurity firm SISA have jointly released the Digital Threat Report 2024 for the BFSI sector in Indian context. The extensive report identifies existing and emerging cyber threats and provides strong, insightful recommendations to strengthen defenses for the rapidly digitising financial ecosystem.
The report was launched on Monday by M. Nagaraju, Secretary, Department of Financial Services, Ministry of Finance, and S. Krishnan, Secretary, MeitY, along with Dr. Sanjay Bahl, Director General of CERT-In, and Dharshan Shanthamurthy, Founder and CEO of SISA.
Dr. Abhijit Phukon, Economic Adviser in the Ministry of Finance also welcomed this collaboration approach by the government, regulators, and service providers.
He told ETV Bharat, "This report not only maps threat geographies but also brings global case studies that can help Indian institutions identify and mitigate vulnerabilities. We are streamlining measures and conducting regular reviews to enhance digital resilience."
He added that frameworks for incident response, recovery processes, and data availability are being institutionalised across financial institutions. "We will analyse the report in detail to identify new threat patterns and update our systems accordingly."
AI and Quantum Threats: A New Battlefield
As emerging technologies, such as Artificial Intelligence (AI) and Quantum Computing, are transforming the threat landscape, the report sets out potential future challenges and outlines actions required to stay ahead. Dharshan Shanthamurthy of SISA explained, "This report identifies digital threats impacting not just India but the global BFSI sector. With AI and Quantum security challenges on the horizon, we need to stay ahead of the curve. Our focus is to help institutions prepare for future attack vectors."
He also highlighted the role of public awareness and education, indicating initiatives like partnerships with state governments - like Karnataka - to run cybersecurity awareness programs in local languages. "One of our key advocacies is including cybersecurity in school curriculums starting from classes seven and eight. With initiatives under the National Education Policy (NEP), this is gradually becoming a reality."
Dharshan Shanthamurthy summed up the vision behind the report saying, "Cybersecurity resilience is built on collaboration. By integrating real-world threat intelligence with national insights, this report equips financial institutions to proactively counter cyber threats. Our goal is to create a future where digital transactions are not just seamless but uncompromisingly secure."
Anatomy of Emerging Threats
The report draws on intelligence from the forensic work done by SISA and incident response records from CERT-In to highlight major trends in attacking.
Cybersecurity expert Mayank Raj Jaiswal told ETV Bharat, "Cybercriminals now use smart tools, fake videos, and social media to target not just corporations but also small businesses and individuals. Some attacks even serve international espionage purposes."
He outlined how public and private sector vulnerabilities differ due to gaps in infrastructure, budget, and response capabilities. While public sector systems often run on outdated infrastructure, startups in the private sector struggle with poor cyber hygiene and inadequate security practices.
"These gaps have direct consequences not only for institutions but also for ordinary citizens and small businesses."
Rising Risks for Citizens and Small Businesses
The vulnerabilities have far-reaching consequences. Breaches in government and private databases can lead to identity theft, phishing scams, and financial fraud.
Cybersecurity and AI expert Saakshar Duggal said, "Recent cyberattacks on India have an evident pattern of AI powered cyber crimes, whether its AI-powered phishing, voice cloning, deepfake scams. These are becoming more common, especially those involving executive impersonation and chatbot-based fraud. There's also a sharp rise in credential theft using malware, session hijacking, and information bought from the dark web. Supply chain attacks are also increasing. Moreover, attackers are now exploiting zero-day vulnerabilities within hours of their discovery, giving organisations very little time to respond."
He added, "Public sector organisations often deal with older infrastructure, slow updates, and limited system visibility, which makes them an easy target for cyber criminals. On the other hand private sector companies especially startups today are more cloud-based but often suffer from poor API security, misconfigurations, and weak enforcement of multi-factor authentication."
"These gaps have serious consequences for citizens and small businesses, who are increasingly targeted phishing scams deepfake-based fraud. Since many of them have low awareness of cybersecurity and limited resources, there is an urgent need for having a cyber resilience culture," he said.
Cybersecurity: Now a Foundation, Not an Option
Speaking at the launch, M. Nagaraju emphasised that cybersecurity is no longer a luxury but an essential pillar of economic and financial stability.
"Cybersecurity is no longer an optional safeguard but the foundation of financial stability in the digital age. As India's BFSI sector rapidly expands, securing digital transactions is not just a regulatory necessity but an economic imperative," he said.
He added that the Digital Threat Report 2024 acts as a strategic blueprint, empowering financial institutions to anticipate vulnerabilities, bolster defenses, and foster long-term resilience.
One Attack, Many Victims
Highlighting the interconnectedness of financial entities, S. Krishnan warned that a single breach could cascade across the ecosystem, "The interconnected nature of the BFSI ecosystem means that a single cyberattack can have systemic repercussions, impacting multiple entities beyond the initial target. This underscores the urgent need for coordinated cybersecurity efforts at a national and sectoral level."
He praised CERT-In and CSIRT-Fin for their pivotal role in early detection and swift response to incidents.
A Multi-Dimensional Approach to Cyber Defense
CERT-In Director General Dr. Sanjay Bahl called for a collaborative strategy to outpace the evolving threats. "Cybersecurity is not just about protecting individual entities, it's about securing an entire ecosystem. In today’s hyper-connected world, threats evolve faster than ever, making collaborative intelligence-sharing essential."
He said the report reflects India’s commitment to setting global benchmarks in financial cybersecurity. "Initiatives like these ensure that as digital transactions grow, they remain secure, trusted, and resilient against future threats."
The BFSI sector is the backbone of India’s digital economy, with digital payments projected to hit $3.1 trillion by 2028, forming 35% of total banking revenues.