In-house audit

Millions of customers got their details compromised by the State Bank of India. The breached server was allegedly unprotected with a password. Confidential data, including account numbers and transaction information, could be freely accessed due to the low security server located in Mumbai.

Although the problem has been fixed, it is yet to know whether the details were obtained and misused by a third party. “Banks in India conduct audits in areas where the RBI has made it compulsory. The other areas are usually ignored,” says Prashant Pandey, security researcher.

Regular check and proper configuration is an issue which needs to be thoroughly reconsidered by local companies. Audits are not sufficient, an in-house solution is required to provide your corporate network with ongoing monitoring and assessment of a company’s policy relevance.

Relying on audits and willing “to pass an exam” making sure that the measures taken are relevant, organisations should pay attention to internal continuous control of settings configuration and employee accountability.

Rakshit Tandon, cybercrime expert, is convinced that the breached data can be affected by social engineers, and clients might receive suspicious texts and emails so the awareness should be raised regarding possible fraudulent attacks.