0

Kerala High Court Directed To Not Freeze The Account Of Traders Completely As They Are Too The Victims Of Cyber Crime

Blog , , , ,

Title: Dr Sajeer V Reserve Bank Of India & Anr.

Citation: WP(C) NO.12960 OF 2023 & conn.cases

Coram:  Honourable Mr. Justice Devan Ramachandran

Introduction:

In the current situation as afore has thrown the petitioners in these cases in the cross hairs of the Police and their Banks, because it appears to be alleged that some one, who had indulged in a cyber financial crime in another part of India, had transferred money to their account; consequent to which, the competent Investigating and Police Authorities issued advisory to their Banks to freeze their accounts.

Facts of Case:

Petitioners have been caught between the “Devil and the Deep Sea” because, for one, they do not know why their accounts have been frozen; and for the second, they are now facing incalculable loss because of the account freeze. The freezing of accounts is all because some unknown person from far has allegedly made UPI transaction to the accounts of petitioners.

The Learned Counsel of Central Government affirmed the petitioners that the ministry of home affairs had initiated to set up NCCP with the intent to protect the victims of cyber crime like these. He added that the duty to handle the investigation and inform the court about the important steps to be taken has to be given by the police authorities.

Court’s Analysis and Judgement:

The court noticed that no one was able to justify why the aggrieved petitioner’s bank accounts in full, should remain frozen. The court directed the Banks arrayed in the case that the accounts of the respective petitioners to be frozen only to the extent to the amounts mentioned in the order of police authorities. The police Authorities are directed to give information to the banks of petitioners regarding till what time and to what extent the accounts of the petitioner’s have to be freezed.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

 Written By : Sushant Kumar Sharma

Click here to view judgement

 

0

Cyber Risks In The M&A Process: Prioritizing Cyber-security For A Successful Merger

Articles , , , ,

Abstract

The growing emphasis on cybersecurity within businesses is shedding light on its pivotal role in enabling successful mergers and acquisitions (M&A). Cybersecurity due diligence holds importance not solely for the acquiring entity; rather, it brings benefits to all parties involved in the M&A process. A robust cybersecurity framework not only enhances the allure of a target firm but also ensures a seamless and secure transition for both entities. This research paper delves into an exhaustive analysis of predominant cyber threats inherent in M&A scenarios. It offers a profound comprehension of cyber risks associated with merger transactions, underscores the imperative role of due diligence in upholding cybersecurity, and presents strategies for effectively managing cyber risks during the amalgamation process. The research concludes that cybersecurity stands as a pivotal consideration throughout M&A undertakings, wherein cyber breaches and threats pose substantial hazards to both acquiring and target enterprises. By proactively adopting a comprehensive and multi-faceted approach to cybersecurity, organizations can effectively mitigate risks, safeguard sensitive data, and facilitate a harmonious post-merger assimilation. Nurturing a cybersecurity-centric approach across the M&A lifecycle emerges as an indispensable necessity in today’s digital landscape, offering protection against the ever-evolving spectrum of cyber vulnerabilities.

 

Introduction

The significance of cybersecurity in facilitating successful mergers and acquisitions has garnered increasing attention from businesses. In the prevailing landscape of threats, concerns related to cybersecurity, such as the discovery of undisclosed data breaches, hold the potential to derail deals. Engaging in M&A activities underscores the need for robust cybersecurity policies, thorough audits, and effective measures to identify, address, and mitigate security challenges and vulnerabilities within the target organization.

However, it’s important to note that cybersecurity due diligence extends beyond the acquiring company alone. Remarkable cybersecurity practices yield advantages for both sides involved in the M&A process. Demonstrating a robust cybersecurity stance can enhance the appeal of a target firm, while the implementation of cybersecurity best practices by both parties contributes to a smoother and more secure transitional phase.

Understanding Cyber Threats in the Context of Mergers and Acquisitions

In the contemporary digital era, the increasing intricacy and frequency of cyber threats have underscored the paramount importance of cybersecurity. Cyber attackers employ intricate tactics, including ransomware, phishing, and data breaches, targeting individuals, businesses, and even governmental entities. The expanding attack surface presents a substantial challenge to cybersecurity efforts. The widespread integration of IoT devices, cloud computing, and mobile gadgets has augmented the potential entry points for cyber criminals to exploit. Given the vast number of smartphone and IoT device users globally, organizations must proactively oversee and fortify interconnected devices and systems to effectively tackle this concern.

The evolutionary landscape of cyber threats is characterized by exceedingly targeted and sophisticated challenges, such as ransomware, Advanced Persistent Threats (APTs), and zero-day vulnerabilities. Traditional antivirus software alone has become insufficient in countering these threats. A multifaceted strategy encompassing advanced threat detection technologies, behavioral analytics, and real-time threat intelligence is imperative for efficacious cybersecurity. Furthermore, the emergence of nation-state-sponsored attacks poses yet another critical dilemma. Governments harness cyber espionage and warfare tactics to secure political and economic advantages, thereby posing profound implications for national security. Confronting these evolving cyber threats necessitates leveraging technology. Machine learning and artificial intelligence amplify cybersecurity capabilities by scrutinizing vast datasets to discern potential threats.

Nevertheless, technology on its own does not guarantee cybersecurity. A collective responsibility involving individuals, enterprises, and governments is indispensable. Educating individuals about risks and best practices assumes paramount importance in fortifying their online protection. For businesses, the prioritization of cybersecurity, robust implementation of access controls, and regular vulnerability assessments stand as vital measures. Governments must establish and enforce robust cybersecurity regulations to cultivate cooperation, the exchange of information, and liability within the digital ecosystem.

Given the dynamic nature of cyber threats, a proactive and comprehensive cybersecurity approach is imperative. Consistently updating systems, staying abreast of the latest threats, and investing in advanced defense mechanisms are pivotal to safeguard the interconnected realm we inhabit today. Cybersecurity has transitioned from being a mere luxury to a compelling necessity in guaranteeing a secure digital environment for all stakeholders.

The Role of Cybersecurity Due Diligence in Mergers and Acquisitions

The process of mergers and acquisitions (M&A) introduces pivotal cybersecurity risks that can cast a shadow on negotiations and yield extensive repercussions for both acquiring and target enterprises. Neglecting to address these concerns not only exposes the involved businesses to potential threats but also ripples into their supply chain. The expenses and time required to rectify profound cybersecurity issues might even imperil the successful finalization of the deal.

  • Technology Integration:

A Central Risk Element In the context of M&A, merging entities often grapple with the intricacies of technology integration, particularly when introducing new technology during the process. The complexity of fully hybrid integration, which entails amalgamating novel technologies with legacy systems, introduces challenges of compatibility and scalability. Unfortunately, this disruption can create a fertile ground for malicious activities by cyber attackers. Amidst the technological turbulence, anomalous cyber behavior might go unnoticed, culminating in data breaches and unauthorized access.

  • Dormant Threats and IoT Vulnerabilities:

The infrastructure of the acquired entity might conceal dormant cybersecurity threats, such as latent malware or issues with access management. Furthermore, the proliferation of Internet of Things (IoT) devices has introduced complexities in M&A cybersecurity endeavors. The convergence of traditional IT with operational technology elevates the potential attack surface, rendering companies susceptible to cyber assaults. In security assessments, certain IoT devices might escape the scrutiny of auditors, rendering them latent weak links in the broader cybersecurity posture.

  • IT Resilience and Cyber Assaults:

Amidst the M&A progression, prolonged periods of overburdened IT resources can emerge as fertile ground for cyber criminals. These vulnerabilities, stemming from heightened operational activity, might be exploited through strategies like phishing, ransomware, or Distributed Denial of Service (DDoS) attacks.

  • Data Security and Information Gap:

Within the M&A realm, two sets of critical data are in play, necessitating a comprehensive evaluation of cybersecurity risks for both participating entities. However, particularly in instances of minor acquisitions, the acquiring company might grapple with acquiring sufficient documentation on the cybersecurity policies and practices of the target enterprise. This information gap amplifies the complexity of cybersecurity due diligence and potentially exposes the acquiring entity to unforeseen cyber perils.

  • Organizational Turmoil and the Primacy of Cybersecurity

The process of amalgamating two organizations frequently engenders substantial disruptions as new roles, responsibilities, and operational methodologies are established. Amid these transformations, sustaining stable information systems and upholding cybersecurity assumes arduous proportions. Entities equipped with mature and advanced cybersecurity controls are better poised to identify, manage, and mitigate M&A-linked cybersecurity risks.

  • Integrating Cybersecurity across the M&A Lifecycle:

A successful navigation of the M&A journey necessitates a collaborative approach from both the acquiring and target entities. Well-defined governance structures, policies, managerial protocols, technology tools, and risk assessment metrics should be harmonized to ensure effective management of cyber risks. The identification and prompt remediation of vulnerabilities should persist through the integration process via risk assessments and proactive threat investigation.

In the increasingly intricate landscape of contemporary M&A activities, cybersecurity must assume a central role in strategic deliberations. From the outset of due diligence to the subsequent phases of integration, entities must elevate cybersecurity efforts to shield sensitive data and guard against cyber threats. By giving prominence to cybersecurity, enterprises can confidently traverse the convoluted terrain of M&A, fortified with resilience and assurance.

Strategies for Mitigating Cyber Risks in Mergers and Acquisitions

This article underscores the noteworthy cybersecurity risks inherent in the context of mergers and acquisitions (M&A) and proposes five pivotal strategies for effectively managing these risks. It underscores the critical significance of factoring in cybersecurity considerations early in the M&A journey to evade potential pitfalls that might culminate in buyer’s remorse or resource-intensive post-merger rectification efforts.

 

  • Comprehensive Evaluation of the Target Firm’s Security:

A meticulous appraisal of the security landscape of the target company prior to acquisition assumes paramount importance. Through an assessment of the target’s security posture and policies, the acquiring entity can gauge the alignment with its strategic objectives and risk appetite. Furthermore, it’s imperative for acquiring companies to gain insights into past security incidents, irrespective of their legal disclosure requirements, to attain a holistic understanding of potential risks.

  • Integration of Software Security:

In M&A scenarios with a technology focus, cybersecurity emerges as a pivotal consideration. It is imperative for acquiring entities to ascertain if the target company has ingrained security measures within its software products. Neglecting this aspect could lead to unforeseen future remediation endeavors and heighten the likelihood of data breaches. In such instances, buyers might negotiate adjustments in valuation or allocate funds in escrow to preemptively address prospective security issues. A meticulous evaluation of the software security framework of the target is imperative to prevent any untoward surprises post-merger.

  • Early Engagement of Cybersecurity and IT Teams:

The active involvement of cybersecurity and IT teams during the initial phases of the M&A process is indispensable to identify potential vulnerabilities and weaknesses. In some scenarios, target companies might lack even rudimentary security measures, potentially resulting in substantial remediation expenses. Engaging these teams in the due diligence process ensures a methodical approach to incorporating new acquisitions. This encompasses immediate security assessments and the provision of suitable training for the incoming workforce.

  • Assessment of Data Environment Risks:

Acquiring organizations must undertake a comprehensive scrutiny of the data environment of the target entity. This evaluation entails comprehending the nature of the data in question (such as personal information, healthcare records, payment data) and the pertinent regulatory requisites. Failing to grasp the inherent risks within the data environment could result in an incomplete comprehension of the security controls and overall security posture of the target firm.

  • Skills Proficiency Analysis of Target Employees

Beyond technological considerations, acquiring entities also inherit the workforce of the target company. A thorough analysis of skills proficiency is indispensable to ascertain if the incoming staff can adequately address the demands of the integration process. Overlooking skill gaps and inadequately supporting the workforce during integration might lead to burnout, morale decline, and an uptick in cybersecurity vulnerabilities.

The article underscores the substantial risks associated with data breaches during M&A, which can potentially expose confidential corporate information to malicious actors. Notable cases like Verizon’s acquisition of Yahoo and Marriott’s merger with Starwood Hotels underscore the severity of this issue. Such breaches not only trigger reputational damage but also legal consequences, exemplified by Marriott’s $123 million GDPR fine. Given the mounting frequency of data breaches in M&A, enterprises must accord high priority to cybersecurity, conducting exhaustive due diligence to mitigate risks and safeguard sensitive data.

Conclusion

To sum up, cybersecurity emerges as a pivotal factor in the M&A process, as data breaches and cyber threats present substantial hazards for both acquiring and target entities. In pursuit of a prosperous and secure merger, it becomes imperative for organizations to accord primacy to cybersecurity. This entails comprehensive due diligence, early engagement of cybersecurity teams, and meticulous assessment of the target’s security stance. By embracing a proactive and multi-pronged approach to cybersecurity, enterprises can effectively mitigate risks, safeguard sensitive information, and cultivate a seamless post-merger amalgamation. Against the backdrop of ever-evolving cyber threats, the steadfast prioritization of cybersecurity throughout the M&A lifecycle becomes indispensable in the contemporary digital realm.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Written by- Ankit Kaushik

0

SIGNIFICANCE OF CYBERSECURITY IN INDIAN BANKING SYSTEM

Articles ,

INTRODUCTION 

Cybersecurity is a vital component of the Indian banking system for protecting the integrity and security of client information and financial activities. As India’s banking industry grows and evolves, the importance of cybersecurity cannot be emphasised. In this article, we will look at the importance of cybersecurity in the Indian banking system, as well as the current condition of cybersecurity in Indian banks and the actions being done to boost cybersecurity in the banking industry. 

Banks and financial organisations are increasingly concerned about cybersecurity. With the increasing amount of online transactions and cyber-attacks, it is critical for banks to secure their data and protect themselves from cyber security threats. 

Banks use numerous tactics to defend their systems from hackers, such as firewalls and antivirus software, but they must go above and beyond to establish effective cybersecurity measures that can help them reduce the impact of a breach on their business operations. In this article, I will focus on the importance of cybersecurity in the Indian banking system, as well as the current condition of cybersecurity in Indian banks and the actions being done to boost cybersecurity in the banking industry.

What is Cyber Security in Banking? 

The methods and tactics used to safeguard banks and financial institutions from cyber threats and attacks such as hacking, phishing, malware, and other types of cybercrime are referred to as banking cybersecurity. Cyber attacks pose a substantial danger in the banking sector since banks are a prime target for cybercriminals due to the valuable information and financial assets they possess. Banking cybersecurity solutions include network and system security, user authentication and access control, data encryption, and frequent security evaluations and testing. The use of information technology to protect a digital network, system, and devices from attacks by hackers, unauthorised users, viruses, and other hazards is known as cybersecurity. Cyber security alerts ensure that only persons with authority can view the data they’re permitted to see.

Cyber security in banking is critical in today’s linked world, as mobile devices and web apps are utilised for everything from shopping to banking. Banks must ensure that cyberattacks do not compromise their consumers while they are online or using mobile devices. Customers are more likely to trust a bank to protect their personal information and financial assets if it is more secure. Your digital infrastructure’s security has never been more vital than now. 

Why is Cybersecurity Important in the Indian Banking System? 

The Indian banking system is critical to the country’s economic progress, and its stability and security are critical. As banks progress towards digitalization and online transactions, the potential of cyberattacks and data breaches has increased considerably. Cybercriminals steal client information using a variety of methods, including phishing, malware assaults, and social engineering. By deploying various security measures such as firewalls, encryption, multi-factor authentication, and access controls, cybersecurity helps to safeguard banks and their clients from these dangers. 

Cyber security is a crucial concern for financial institutions, and the number of cyber attacks on banks is increasing. The term “virtual reality” refers to the phenomenon of virtual reality. A bank’s customer base would dwindle if it fails to protect its customers’ money and information against cyber-attacks.

The danger landscape for financial institutions is constantly changing, with new threats developing on a regular basis to take advantage of the increasing interconnection of people and devices across networks. Human mistake is responsible for about 95% of cybersecurity breaches. While the majority of firms have begun to implement basic security measures, many remain vulnerable to sophisticated assaults because they do not prioritise security or understand what has to be done to protect themselves from these threats. 

Cybersecurity is also critical to retaining customer faith in the financial sector. Consumers want their financial information to be kept safe and secure, and any breach of this trust might have serious ramifications for both banks and customers. The Reserve Bank of India (RBI) has acknowledged the significance of cybersecurity and has developed rules and regulations to guarantee that banks are appropriately prepared to deal with cyberattacks.

 

The Current State of Cybersecurity in Indian Banks 

Despite the growing importance of cybersecurity, the Indian financial industry faces a number of issues. Many banks continue to use antiquated security methods, leaving them exposed to cyber attacks. Furthermore, a lack of employee understanding about the necessity of cybersecurity and the hazards of cyber attacks might leave institutions vulnerable to assault. One of the key difficulties in India is the scarcity of trained cybersecurity personnel. According to NASSCOM, demand for cybersecurity specialists in India is predicted to reach 1 million by 2020, but supply is only expected to be 0.2 million. This knowledge gap has resulted in a lack of experience among many Indian banks, rendering them more vulnerable to cyber attacks. 

Top Cyber Security Threats Faced by Banks 

Banks are a popular target for cybercriminals who will go to any length to steal money. The following are the biggest threats that banks face: 

  1. Phishing Attacks: This occurs when a user is duped into disclosing personal information or downloading hazardous software. Phishing scams can take various forms, including email communications that look to be from your bank and urge you to confirm your account information or text message links. Don’t get taken in by them. 
  2. Malware (malicious software): Malware is used by hackers to gain access to company networks or individual devices such as laptops and smartphones in order to steal data or cause damage. To be safe online and avoid this hazard, all staff should be trained to use security solutions such as firewalls, anti-virus software, and encryption technologies. 
  3. Cyber Attacks: when hackers gain access to a company’s computer systems in order to steal data or disrupt operations. To get access to critical cyber security information, they may use a virus, a worm, or other harmful software. They can utilise this information for fraud, such as identity theft, credit card scams, and money laundering, after they have gotten access.

Despite the growing importance of cybersecurity, the Indian banking system faces a number of issues. Many banks continue to use antiquated security methods, leaving them exposed to cyberattacks. 

Furthermore, a lack of employee understanding about the necessity of cybersecurity and the hazards of cyber attacks might leave institutions vulnerable to assault. One of the key difficulties in India is the scarcity of trained cybersecurity personnel. 

According to NASSCOM, demand for cybersecurity specialists in India is predicted to reach 1 million by 2020, but supply is only expected to be 0.2 million. This knowledge gap has resulted in a lack of experience among many Indian banks, rendering them more vulnerable to cyberattacks.

several high-profile cyber attacks on Indian banks in recent years 

  1. Cosmos Bank Cyber Attack: In August 2018, Cosmos Bank, one of India’s oldest cooperative banks, was the target of a cyber attack. A malware attack was utilised by hackers to steal over Rs 94 crore from the bank’s accounts. The attackers were successful in circumventing the bank’s security procedures and stealing client data. This attack emphasised the need for banks to develop tighter cybersecurity procedures, and in response, the RBI released instructions. 
  2. PNB Scam: In February 2018, the Punjab National Bank (PNB) was victimised by a huge scam in which fraudsters obtained loans of over Rs 13,000 crore using forged letters of undertaking. Due to a lack of sufficient checks and balances in the bank’s systems, the fraud went undiscovered for several years. This case underlined the importance of improved cybersecurity, internal controls, and risk management policies in banks.
  3. SBI data breach: It was revealed in January 2021 that the personal data of millions of State Bank of India (SBI) clients had been exposed owing to a security weakness in the bank’s mobile app. Anyone with access to sensitive consumer data such as bank account information, mobile phone numbers, and email addresses could exploit the weakness. This example demonstrated the need of conducting frequent security audits and vulnerability assessments in order to detect and address security issues in bank systems. 
  4. ICICI Bank Phishing Attack: In 2016, a phishing attack was attempted against ICICI Bank clients in order to acquire their login information. The attackers sent out bogus emails purporting to be from the bank, requesting that consumers update their login information. This instance demonstrated the need of educating clients about phishing attempts, as well as the need for banks to implement multi-factor authentication to prevent similar attacks.

Some cases in which Supreme Court of India raised the Concern related to cybersecurity in indian banking system

  1. Reserve Bank of India v. Jayantilal N. Mistry (2016)

In this case, the Supreme Court of India ruled that banks must safeguard the security of their customer’s information and transactions. The court also noted that the RBI has the authority to regulate and oversee banks’ cyber security measures. 

  1. K. Sputnik v. The Union of India and Others (2018)

This case related to the security of mobile banking transactions. The Supreme Court held that banks must ensure that their mobile banking apps are secure and that customers are protected against cyber fraud and theft. 

  1. K.S. Puttaswamy (Retd.) and Another vs. Union of India

The Supreme Court observed that the right to privacy is a fundamental right, and that individuals have the right to protect their personal data from cyber threats. 

  1. Jayantilal N. Mistry vs. LIC of India

The Supreme Court highlighted the need for cybersecurity measures to be implemented in the insurance sector. The court emphasised that financial institutions like insurance companies should ensure the confidentiality and security of their customers’ data. 

Steps Being Taken to Strengthen Cybersecurity in Indian Banks 

The Reserve Bank of India (RBI) has taken many initiatives to boost cybersecurity in the Indian banking industry. The RBI issued a set of guidelines in 2016 to help banks enhance their cybersecurity posture. Implementing security measures such as firewalls, encryption, and multi-factor authentication, conducting regular security audits and penetration testing, and ensuring that workers are trained in cybersecurity best practises are all part of these requirements. 

A few of banks have also taken aggressive initiatives to improve their cybersecurity. HDFC Bank, for example, has established a specialised cybersecurity department to monitor and prevent cyber threats. Axis Bank has created a cybersecurity system that includes frequent vulnerability evaluations and penetration testing. Furthermore, the Indian government has taken steps to solve the qualified cybersecurity expert deficit. The National Cyber Security Coordinator (NCSC) has been established to manage and integrate cybersecurity efforts across multiple industries, including banking. 

Furthermore, the government has created a number of efforts to encourage cybersecurity education and training, including the Cyber Swachhta Kendra and the Cyber Surakshit Bharat initiative. 

 

CONCLUSION 

The Indian financial sector has made considerable advancements in terms of cybersecurity, but there is still much work to be done. Cyber threats are continually growing, and institutions must be agile and adaptable to stay ahead of the curve. The RBI’s rules have laid a solid platform for banks to expand on, but banks must continue to invest in cybersecurity and training to remain ahead of the dangers. Banks can retain client trust in the banking system by ensuring the security and integrity of their customers’ financial information.

It is difficult to keep a bank safe against cybercrime. Banks must educate their staff on how to better protect themselves against threats and attacks. There is also a need to invest in technologies that can identify harmful activity on our systems before it does harm.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

References

  • J. J. Xavier and A. C. R. Paiva, “Cybersecurity in the banking sector: Challenges and opportunities,” Journal of Business Research, vol. 120, pp. 360-371, 2020.
  • P. M. Herath and C. M. Rao, “Cybersecurity in banking: An organizational perspective,” Journal of Business Research, vol. 69, no. 5, pp. 1792-1801, 2016.
  • P. Arora and R. K. Bali, “Cybersecurity and its impact on the banking sector,” Journal of Internet Banking and Commerce, vol. 23, no. 2, pp. 1- 13, 2018
  • NASSCOM. (2017). Indian Cybersecurity Services: Future Ready. Retrieved from https://www.nasscom.in/indian-cyber-security-servicesfuture-read
  • NASSCOM. (2017). Indian Cybersecurity Services: Future Ready. Retrieved from https://www.nasscom.in/indian-cyber-security-servicesfuture-read
  • K.S. Puttaswamy (Retd.) and Another vs. Union of India, (2017) 10 SCC 1 
  • Jayantilal N. Mistry vs. LIC of India and Ors., (2006) 3 SCC 709 

 

Article by – Abhay Shukla