- The Silent Anatomy of Breach The Indian banking sector is at a crossroads.
- Not due to inflation which is a given, also not because of defaulters which have always been a issue.
- We are talking of a computer virus Mythos is what the experts are calling it.
- The Reserve Bank of India has issued warnings to banks.
- Also from within the past year we saw many reports of bank computer networks being attacked.
The Silent Anatomy of Breach
The Indian banks systems RBI monitors are at a crossroads. Not due to inflation which is a given, also not because of defaulters which have always been a issue. We are talking of a computer virus Mythos is what the experts are calling it. The Reserve Bank of India has issued warnings to banks. This is very serious we are told. Also from within the past year we saw many reports of bank computer networks being attacked. Today there are over 15,000 daily reports of break in attempts. Hackers are at it. What we are seeing is the introduction of a new age of cyber threats which includes Mythos.
Normal computer viruses act quickly. They get into the system, lock the files and ask for money. With Mythos it is different. That is a threat. It infiltrates the system without you noticing. Usually what happens is that someone clicks on an email or uses an unsafe computer which is how it gets in. Research reports that at large the people are the weak point which they exploit. Mythos plays on that.
Once in Mythos does nothing of note. It. Watches. It studies the system out which users have what access and maps out the network. The banks tech team is not even aware of it. All from the outside looks normal. The system is in large trouble.
The Burden Of Structural Debt
The issue is very large scale to sort out. If Mythos goes after a bank it can bring down the system in under 3 hours. We are looking at a cost of over 120 billion rupees for the repair which includes money which has been taken out, fines and making good with customers. Also the damage to the banks reputation is very hard to put a number on.
Banks’ vulnerability to Mythos is due to their out of date computer systems. During the pandemic banks adopted new systems very quickly. We saw over 350 million new digital accounts opened. The old systems are not secure. Many banks are still in the 1990’s in terms of technology.
They are unable to include security features. Each new feature added to the system increases its vulnerability to Mythos. To upgrade these systems will cost over $2.5 billion. Also most banks are putting off this process because it is very expensive and may cause their systems to be down for a while.
Zero Trust: The Banks Systems RBI Requests
The Reserve Bank of India is aware of this issue. They are unhappy. They have put out word to the banks they must take action. Banks must adopt what is called the Zero Trust Architecture. This system goes on the assumption that the network is already compromised. It is an intensive check of everything at all times. Zero Trust we are told has 64% success in reducing breaches. Also it is a tough sell and very costly.
Banks have to act fast. At present only a few banks have robust security for their internal systems. That is to say if a hacker gains access to the system they can run free. Zero Trust prevents this. It puts up barriers between system elements. If Mythos breaks into one element it does not have access to the rest.
The regulator has put out a call for banks to do regular systems testing. They are to run an attack simulation which they have to repair within in 4 hours. At present only a few banks are able to do this. This concerns the Reserve Bank of India.
Cooperative Banks Are the Weakest Link
In terms of what they are able to do to protect themselves there is a great difference between large and small banks. Big banks put in over 800 crores into security annually and have teams which watch out for threats and which use AI to identify problems. Small banks, which include cooperative banks, do not have that kind of resources. They are the weak links.
Mythos goes after the banks first. They use that as an entry point. As all the banks are connected a breach in one bank can bring down the whole system. That is why the Reserve Bank of India is acting.
Other countries have issues. In 2024 European banks reported that they were hit by a virus which ended up costing them over 4.8 billion Euros to sort out. The Reserve Bank of India is very much aware of these incidents. They see that India does not want to have a similar problem. The Indian economy is what we are seeing play out. Digital systems are at the heart of this growth. Mythos is a issue to that growth.
Escalating Penalties And Boardroom Blindspots
If banks don’t protect themselves they will be fined heavily. The Reserve Bank of India is putting forth rules which should see banks pay a percentage of their global revenue if they are at fault. This will be a large fine up to 500 crores of rupees. The bank will also not be able to issue new credit cards which in turn will bring the bank’s operations to a standstill. Insurance companies have also entered this space.
They have raised premiums by 85 percent. What they want to see is that banks are implementing measures to protect themselves. If a bank is a victim of an attack which it brought upon itself by not updating systems the insurance company will not compensate. Bank managers must address this issue seriously.
They should report to the CEO. Have a large security budget. Currently most security personnel report to the IT department that is not good enough. Security must be a top priority not an afterthought.
Banks need to also improve their employee training. They should train them to identify emails and messages. Hackers are using intelligence to make their messages very real. Banks must put in place simulated attacks to test out employees. Banks also have to be open about attacks. They must report to the Reserve Bank of India which in turn will alert the rest. Also the Reserve Bank of India is putting in place a system for banks to share info on threats.
Digital Finance Clock
The issue with Mythos is growing by the day. Hackers are using smart methods which improve the scale of attacks. We have 12 to 18 months for banks to sort out their defense issues. After that which includes out dated systems will be no use for protection. At present we are at a stage which sees great use of digital economy as a factor.
People put in that which they value into this system should it fail to return that which is theirs we see trust crumble fast. We may have a large scale issue which leads to a systemic crisis.
The Reserve Bank of India has put out a warning to the banks. We must see that they act now. Also that they root out the Mythos in their systems. That which we are seeing is that the virus has already infected some banks and is waiting to pounce.
This is the time for action. Banks can not just leave it at that. They have to hope for the best. They must take it upon themselves to protect and secure their systems and their customers