By Daksh Dhruva, 63SATS
The financial sector in India is no stranger to digital disruption — and with innovation comes an ever-expanding threat landscape. The Digital Threat Report 2024, jointly released by CERT-In, CSIRT-Fin, and SISA, offers an eye-opening assessment of the cybersecurity challenges facing banks, insurance providers, NBFCs, and fintechs across the country.
This isn’t just another industry report. It’s a playbook for what’s unfolding now — and what’s coming next. Here’s a breakdown of the most critical insights from the report, along with what BFSI leaders need to act on today to stay protected in 2025 and beyond.
A 175% Surge in Phishing: The Alarming New Normal
The first half of 2024 saw a 175% spike in phishing attacks in India’s financial sector compared to the same period last year.
Attackers are using AI-generated content, real-time social engineering, and even chatbot-based phishing to bypass traditional detection methods. Business Email Compromise (BEC) attacks have also risen sharply, with 54% of cases involving pretexting — attackers impersonating trusted individuals to trick employees.
Breach Costs at Record Highs
The numbers speak volumes:
– The global average cost of a data breach hit $4.88 million.
– In India, the figure stands at $2.18 million per breach.
These aren’t just numbers — they reflect long-term operational and reputational risk.
Cloud and API Vulnerabilities: The New Attack Frontier
Cloud adoption is rising, but so are its risks. CERT-In reports a 180% rise in exploits targeting misconfigured cloud environments and insecure APIs.
Attackers are gaining unauthorized access through:
– Publicly accessible cloud buckets
– Poorly secured admin consoles
– Hardcoded API keys
– Weak multi-factor authentication (MFA) implementations
Supply Chain Attacks: Trust, Exploited
Threat actors are infiltrating vendors and supply chains to reach otherwise secure networks.
Examples include malicious updates, compromised code libraries, and third-party breaches that bypass primary defenses.
Deepfakes and Chatbots: The New Face of Fraud
AI-generated impersonations are emerging as major risks:
– Deepfake audio/video used to impersonate executives
– Chatbot phishing schemes collecting credentials
– Malicious LLMs like WormGPT and FraudGPT enabling scalable attacks
Insider Threats Still Loom Large
One case study highlights a rogue employee who manipulated dormant accounts for over two years, redirecting funds and covering tracks with falsified documentation. This calls for strict access controls and monitoring.
IoT in Finance: Convenience Meets Complexity
IoT usage is growing fast, but so are the risks:
– 99% of IoT attacks exploit known vulnerabilities
– 34% of IoT breaches cost between $5M and $10M
Without visibility, segmentation, and updates, BFSI entities are vulnerable.
Five Recommendations for 2025 and Beyond
CERT-In recommends:
1. Universal MFA for all systems
2. Secure APIs with proper token and access control
3. Log retention of 180+ days and active monitoring
4. Network segmentation to reduce breach impact
5. Ongoing employee training against social engineering
Final Thoughts: Compliance Isn’t Enough. Resilience Is Key
The CERT-In Digital Threat Report 2024 shows that compliance is only the beginning. Resilience, proactive defense, and system-wide security culture are what will protect BFSI organizations in 2025 and beyond.
Credits: https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf
