Chief Information Security Officers (CISO) Forum

IDRBT formed the Chief Information Security Officers (CISO) Forum in the year 2010 with a view to provide a platform for CISOs of all banks to discuss common security concerns in the Indian Banking and Financial Sector and collaboratively provide solutions. The mission of the CISO Forum is to:

  • provide a platform for learning about the latest security technologies
  • share day-to-day problems in implementing security in banks
  • continuously upgrade the security posture of banks.

Over time, the CISO Forum has emerged as the preferred platform to collaboratively discuss and provide solutions for Information Security concerns in the Indian Banking and Financial Sector, which contributes to enhanced Information Security in Banks. The CISO Forum is an active body for learning and doing in the area of Information Security in Banks and is serving as an effective platform for the CISOs of banks to discuss and resolve information security related issues.

The 44th meeting of the CISO Forum was held at IDRBT on February 26 – 27, 2024. Inaugurating the meeting, Smt. K. Nikhila, Director, IDRBT, highlighted the criticality of cyber security and the importance of remaining up-to-date in the field, especially given the increasing dimension of cyber-attacks. She stressed on the need for CISOs regularly to be up-to-date with the trends of cyber-attacks and emerging areas of concern in the area of cyber security. She also announced that the IDRBT is soon starting a separate CISO Forum for the NBFCs.

Shri Abhishek Solanki, Scientist, CERT-In, presented the major business risks (global top-10) and the current threat landscape, focusing on cyber extortion & ransomware, data breach, social engineering manipulations and disruptions, supply chain attacks, insider threats and hybrid threats and suggested that banks create awareness on the current threat landscape. He also dwelt upon the API threat landscape, best practices of API security and highlighted the increase in API-related threats. He explained the recent APT attacks and discussed the importance of cyber resilience and threat hunting for attack prevention.

Prof. B. M. Mehtre, IDRBT, presented the summary of the 35th Cyber Drill, which was conducted in the first week of February 2024 with the participation of 61 banks. Shri Mohit Shukla, Cisco Systems, presenting the cyber security trends in 2024 shared that 90% of data breaches involve human error and 50% of Indian organisations report insider threats, exceeding the global average of 38%. Additionally, 95% of Indian companies face risks from employees using unregistered devices. He highlighted the projection of 27 billion connected devices by 2025, and stressed on the need to consider automating security operations, including by leveraging AI security bots.

Dr. Dipanjan Roy, Faculty, IDRBT, delved into firmware security, highlighting potential attacks and risks and emphasising the need for adherence to NIST’s standards. Dr. Mridula Verma and Dr. Rajarshi Pal, Faculty, IDRBT, spoke on the adversarial implications of AI, focusing on deep fake attacks and illustrated case studies of financial theft. Dr. Mridula Verma also spoke on the applications of Generative AI in the banking sector, discussing various models such as GAN and GPT and Dr. Rajarshi Pal outlined techniques to detect deep fakes.

Ms. Lakshmi Allamsetty, a Partner at Deloitte, presented on effective Vulnerability Assessment and Penetration Testing practices, contextualising them within industry standards and the burgeoning digitization trends within the banking sector. Dr. V. Ravi, Faculty, IDRBT, explained how the Institute has partnered with Canara Bank to develop the defensive mechanisms against adversarial attacks on machine learning models. Thereafter, CISOs shared their insights and experiences regarding cyber-attacks and security tools. Around 35 CISOs from various banks participated.

The CISO Forum, functions under the aegis of the Institute’s Centre for Cyber Security and Data Privacy and is coordinated by Dr. B.M. Mehtre, Dr. Rajarshi Pal, and Dr. Dipanjan Roy, Faculty, IDRBT.