The internet has evolved rapidly over the last decade, which has resulted in a significant change in the way organizations function today. Rajesh Thapar, the Chief Information Security Officer (CISO) at Axis Bank, attributes an organization’s success to its ability to enable digital transformation through innovation. AndAxis Bank has relied on Microsofttoachieve secure digital transformation.
Axis Bank is the third largest private sector bank in India, servicing large and mid-size companies, besides regular customers. With a market cap of USD 33.07 billion, the bank has over eight international centres beside India, making it essential to protect and safeguard sensitive financial data.
Ten years ago, a typical cyber agenda was only to protect the perimeter. Now, detection and response have become more crucial because breaches can happen any time and perimeters have disappeared. This has led to a dramatic change in the threat landscape.
“Earlier, security professionals largely knew the threats they were facing, which guided an organization’s security strategy. But with digital transformation journeys involving entities across the boundaries of enterprise, newer threats keep evolving. Now organizations deal with potential attack vectors all the time and one of the key objectives to protect is by minimising the risk ‘unknown unknowns,” says Thapar.
Banks align with the National Institute of Standards and Technology (NIST) cybersecurity framework. The first pillar of this framework is getting acquainted with your infrastructure and identifying risks and recognizing the regulatory mandates within which an organization must function.After identification, organizations must work to eliminate these risks with finite budgets, resources, and time. Strategizing and prioritizing become very important at this stage.
“At Axis Bank, we decided to implement different frameworks to counter threats. We used a mix of administrative, processes, and tools-based controls to safeguard our IT infrastructure,” says Thapar.
One of the oldest threat actors, which still exists, is malware. Second would be DDOS attacks, not just in the banking sector, but across every…