India has launched its first-ever Digital Threat Report 2024 to enhance cybersecurity resilience within India’s Banking, Financial Services, and Insurance (BFSI) sector. This report is the result of a collaborative effort between key national cybersecurity entities, including the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), CSIRT-Fin, and global cybersecurity firm SISA.
The BFSI sector in India is at the heart of the country’s digital transformation, as digital transactions continue to rise. With projections suggesting that digital payments could generate up to $3.1 trillion by 2028, the financial sector has become a prime target for cybercriminals. According to the Digital Threat Report 2024, this rapid digital growth has expanded the attack surface for malicious actors, making the need for enhanced cybersecurity more urgent than ever.
The report offers a comprehensive analysis of both current and new cyber threats, as well as strategies for defense. It is designed to empower financial institutions to adapt to new risks, anticipate vulnerabilities, and build long-term cybersecurity resilience.
Unified Cybersecurity Framework
Speaking at the launch event, Shri S. Krishnan, Secretary of MeitY, highlighted the growing risks associated with the digitalization of the BFSI sector. The interconnected nature of the BFSI ecosystem means that a single cyberattack can have systemic repercussions, impacting multiple entities beyond the initial target. This highlights the urgent need for coordinated cybersecurity efforts at both national and sectoral levels,” he said. He emphasized the role of CERT-In and CSIRT-Fin in mitigating these risks, collaborating with industry stakeholders and global cybersecurity bodies to ensure timely responses to cyber incidents.
By identifying sector-wide security gaps and analyzing cyber threats, the report equips organizations with the tools necessary to prevent, detect, and respond to cyber incidents effectively.
Building a Collective Cybersecurity Strategy
Shri M. Nagaraju, Secretary of the Department of Financial Services at the Ministry of Finance, also addressed the importance of cybersecurity in the BFSI sector. He pointed out that cybersecurity is no longer a mere protection but the very foundation of financial stability in the digital age. “As India’s BFSI sector rapidly expands, securing digital transactions is not just a regulatory necessity but an economic imperative,” he stated. Nagaraju highlighted the importance of integrating technology, regulatory compliance, and proactive threat intelligence to bolster the sector’s defenses.
The collaborative nature of the report, which involves national cybersecurity agencies and financial sector incident response teams, reinforces the necessity of a unified approach to cybersecurity. By pooling resources and knowledge, these entities can work together to create a better defense against the new cyber threats.
Rising Threats and the Need for Cyber Resilience
The Digital Threat Report 2024 highlights a sharp increase in the frequency of cyberattacks in the BFSI sector. In 2024, phishing attacks saw a staggering 175% rise compared to the same period in 2023, highlighting the heightened activity within an increasingly volatile threat landscape. The report also identifies cloud exploits as a critical entry point for attackers, who are leveraging the complexity of cloud infrastructures to amplify the financial and operational impacts of cyber breaches.
One of the most concerning trends highlighted in the report is the growing use of artificial intelligence (AI) by cybercriminals. AI-driven cyberattacks, including deepfake technology and identity-based fraud, are becoming more prevalent. Attackers are using AI to craft convincing phishing emails and impersonate executives, bypassing traditional security measures and posing significant challenges to digital trust.
Dr. Sanjay Bahl, Director General of CERT-In, commented on the nature of cyber threats: “Cybersecurity is not just about protecting individual entities; it’s about securing an entire ecosystem. Threats evolve faster than ever, making collaborative intelligence-sharing essential. This report is meant to empower financial institutions to stay ahead of adversaries, adapt to emerging risks, and build long-term cyber resilience.”
Vulnerabilities and Attack Vectors
The Digital Threat Report 2024 provides a thorough examination of the various attack vectors that are currently posing a threat to the BFSI sector. Among the key tactics used by attackers are phishing, credential theft, and social engineering. Phishing attacks have become more advanced, with cybercriminals using AI to create highly personalized phishing messages that are harder to detect. These attacks often involve impersonating trusted entities to trick individuals into revealing sensitive information or clicking on malicious links.
The report also highlights the risks associated with supply chain vulnerabilities, where attackers exploit relationships with third-party vendors to gain access to critical systems. This tactic has proven to be effective in breaching organizations that might have strong internal security measures but are exposed through less-secure external partnerships.
Another concern is the rise of ransomware attacks, particularly those targeting managed file transfer services, such as MOVEit and GoAnywhere. These attacks can have devastating impacts on organizations, leading to operational disruption and reputational damage.
Practical Recommendations for BFSI Institutions
To help BFSI institutions strengthen their defenses, the report offers a series of practical, actionable recommendations. These include implementing multi-factor authentication (MFA) for critical systems, segmenting networks into secure zones, and regularly updating software and applications.
Additionally, financial institutions are urged to monitor and audit logs, enforce application whitelisting, and use virtual patching for legacy systems. The report also emphasizes the importance of timely threat detection and response, particularly of supply chain vulnerabilities and targeted attack methods such as AI-driven social engineering.
Conclusion
As India’s BFSI sector progresses in the digital era, the urgency for better cybersecurity measures will only intensify. The Digital Threat Report 2024 emphasizes the need for a unified approach to cybersecurity, where collaboration between national agencies, financial institutions, and cybersecurity firms plays a crucial role in mitigating risks and protecting the sector against increasingly advanced threats.
More than just a snapshot of current challenges, the report offers BFSI institutions valuable insights to build lasting cyber resilience, advocating for a culture of continuous learning, proactive defense, and shared responsibility. By embracing these strategies, India can reinforce its leadership in secure digital financial services.
