People tend to think of security only after a theft has happened, but banks are gradually moving from reactive to proactive measures, points out Vishwas Korrane, Head – Security, IndusInd Bank, in an interaction with Elets News Network (ENN )
In this Internet age, how important is security in the banking sector?
In today’s age, security is divided into three parts – physical security, cyber security and people’s security. If you have information stored in a laptop, there are two ways of stealing it; first is to physically steal a laptop and second by hacking into it. Therefore, we have to have controls for both ways of theft. The value asset of a particular electronic device like phone can be Rs 40,000, but the information value is much more. In the banking sector, most of the banks are following the RBI guidelines and doing online transfer of cash, due to which there is no physical movement of cash. In cyber security, the banking sector is one of the top priorities, but one cannot ignore the physical security as well.
So, is the threat more from cyber security angle?
Yes, there are a lot of cyber threats, and cyber security is a control like various types of firewalls. But the most important factor is what is that one needs to guard. We guard information. In banks, we have a Fraud Department, which handles those issues through not both through reactive as well as proactive measures.
What are major challenges faced while putting security measures in place?
With the growing Indian market, the prevalent culture is more to do with the reactive measures rather than the proactive measures. Till today, we would think of security only after a theft has happened. But gradually, banks are moving towards proactive measures. However, since the banking regulator — the Reserve Bank of India — is yet to give clear-cut guidelines with regard to security in the sector, as a security head when I present my requirements of cameras and other security equipment, the management asks me about the RBI guidelines. In the absence of guidelines, it becomes difficult to convince the management to take necessary proactive measures.
Also, safety is a legislated sector, but not security. So, it depends on the nature of the individual who heads security wing how the issue of security is driven. If we take example of the Bangalore ATM incident, we would understand another challenge that we face. The security runs on prevention, detection and response. In Bangalore ATM, there were preventive measure and there were detective measures, but the response time was too long.
What are the measures we can take to improve the response time in such situations?
We need to realise that better response will come when you are ready for a particular situation. So, we need to be ready and we need to know what can exactly be done to minimise the damage. There are small measures we can take, like training our guards to let one person go at a time, prevent people wearing helmets from entering the ATM, etc. As for installation of devices like cameras and buzzers, cameras are there but the buzzers cannot be installed at a public place. The best way is to generate security awareness among the masses.