Learnings from Canara Bank hack

On August 2, the visitors on the website of Canara Bank—one of India’s biggest lenders—saw a strange sight.

A Pakistani hacker, who called himself Faisal, had managed to hack the bank’s website. He had defaced the site by adding a malicious page and had even tried to block some of the bank’s online payment services.

What actually happened?

Canara Bank, one of the leading lending and banking institution suffered a cyber incident. Their main page read, “We are a team of Pak Cyber Attackers. Go Home Kiddo. Need Security? Contact me".

It was serious, particularly because memory of the recent attack on Bangladesh Bank was still fresh. It was also particularly troublesome because the hacker had attempted, albeit unsuccessfully, to disrupt tax & e-payments by the bank’s customers. The number of hacking attacks on Indian banks has increased in the last few months. This was merely the latest one in a series of similar attempts.

The bank’s response

Canara bank sprung to action after the attack. It lodged a complaint with the local law enforcement and took several actions to protect their customers. These involved isolating the server and diverting the traffic to a standby server.

Even the Reserve Bank of India got involved. Within just a day of the attack, it sent a confidential letter to the Canara Bank authorities asking for a review of the funds in their overseas accounts and reconcile SWIFT payments on an hourly basis. The post-attack efforts spent much of the bank’s time, and resources.

But the bank could easily have avoided all that with a simple measure—continuous security monitoring.

What is continuous security monitoring (CSM)?

Many of the organizations follow a rather simplistic, approach to cyber security. They either try to get ahead of the threat or be prepared to face the consequences of the cyber attack and aim to minimize the losses.

But there is a middle ground. A better way, Continuous Security Monitoring.

According to the definition by the National Institute of Standards and Technology, CSM refers to “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”

What this means is that, through continuous security monitoring, helps you keep a constant vigil on your most critical organizational assets. This enables you to detect and eliminate potential threats in real time. CSM helps detect vulnerabilities and threats before the bad actor detects them. Prevention is better than cure. And nowhere does this piece of conventional wisdom apply more than cyber security.

How could CSM have prevented the embarrassing hack?

The global cyber threat landscape is extremely dynamic. The nature of the threats evolves faster than the organization’s ability to prevent those threats.

Canara Bank, or any other financial institution for that matter, can never hope to compete with that. What they can do, however, is to constantly assess their vulnerability in the threat landscape through continuous security monitoring.

The Cyber and Continuous Monitoring Practice Manager for Symantec, Ken Durbin, calls Continuous Security Monitoring “threat agnostic”. When organizations make efforts to identify the critical assets and place appropriate controls in place to protect those assets, it can help prevent potential threats from breaching the system. If the bank had a CSM program in place, it could not only have prevented the hack in the first place, but also saved themselves from negative media attention and the post-hacking disruptions.

How can a Managed Security Services Provider help?

The story of cyber security is the story of trying to keep up with the rapidly evolving threats. And you just cannot win. All you can do is to keep a constant eye out for threats. But most organizations do not have the time, resources, or the incentive for continuous security monitoring processes. And this is where the final piece of the puzzle seamlessly fits in—Managed Security Services Providers (MSSPs).

One of the greatest concerns for any organization when it comes to continuous security monitoring is the cost of the endeavor. Hiring in-house and full-time security experts can end up costing a fortune. Not only would you need a team of security specialists, you would also need to build the necessary tooling & infrastructure. Managed Security Services Provider can offer both these elements at a much more affordable price.

One of the biggest advantages of MSSPs is round-the-clock support. This means you have trained security staff monitoring your network and devices on a 24/7. Other advantages include on-demand cybersecurity skills, help with incident response, one-demand high-profile skills and staff augmentation.