Bangalore - Phishing attacks, a prevalent cyber threat in India, have seen a significant rise, increasing by 464% year-on-year in 2023. These attacks, often employing social engineering tactics, target human interaction and exploit psychological manipulation.

Despite heightened cybersecurity expenditure, there remains a pressing need for broader awareness and education. The primary aim of these attacks is to illicitly obtain sensitive information such as credit card details and passwords. In response to the escalating number of data breaches in Indian banks, the RBI has issued new guidelines to bolster IT governance and risk management practices.

Nitin's endeavor to schedule an appointment with a doctor he discovered online ended in frustration. After nearly abandoning the phone numbers obtained from his online search, he received a call purportedly from the doctor's office. The caller instructed him to download a mobile application and provide personal details to finalize the appointment process. Before Nitin realized the deception, he had lost ₹47,000 from his savings account due to phishing.

Such online attacks, commonly referred to as 'phishing', are on the rise, leveraging human interaction and becoming increasingly sophisticated with the integration of artificial intelligence. They are categorized as 'social engineering attacks' and exploit psychological manipulation rather than relying on complex hacking techniques. According to Acronis, a leading cyber protection provider, phishing constitutes over 84% of total cyber threats received annually in India and witnessed a staggering 464% increase in 2023.

R Subramaniakumar, CEO of RBL Bank, emphasizes the necessity of continuous education to combat phishing, acknowledging its effectiveness even on educated individuals. Despite substantial cybersecurity spending, social engineering attacks in India resulted in an average annual loss of ₹19.1 crore, as per Nasscom's 2023 cyber security trends report.

Although cybersecurity spending in the BFSI sector surged by 35% to $1,738 million in 2023, there are no regulatory directives regarding the minimum expenditure on cybersecurity. Most Indian banks allocate 9-10% of their IT budget to cybersecurity, but Dilip Asbe, CEO of NPCI, advocates for increased spending and the implementation of a standardized minimum budget allocation for cybersecurity.

The primary objective of these attacks is to acquire sensitive information like credit card numbers and personal details. Often, users become the weakest link due to direct communication channels utilized in these scams. While most banks have robust backend systems, the CEO of RBL Bank warns that breaches can occur unexpectedly, emphasizing the need for continuous vigilance.

To address the escalating threat landscape, the RBI has issued a master direction on 'IT Governance, Risk, Controls, and Assurance Practices', effective from April 1. This initiative follows a staggering 248 data breaches reported by Indian banks in 2022, accounting for one-fifth of global breaches.