Forbes India – August 4, 2017

August 4, 2017 forbes india | 29

EnEmy

at

thE

G at E s

sameer pawar

By Aveek DAttA

N

o cyber threat, however

over-the-top its depiction,

seems far-fetched

today. Take the 2017

instalment of the movie franchise

The Fast and the Furious, in which

cars hacked into by an antagonist,

who was sitting in a plane 30,000

feet up in the sky, drop off a multi-

storey parking lot in New York—by

themselves. Far from gimmicky, the

high-octane scene, in fact, strikes a

chord, reflecting the grave danger that

a digitally connected world faces.

After all, real life isn’t bereft of such

drama either as Indian companies

—much like their global peers—

have found out. On the rain-soaked

morning of July 21, 2016, Arun Tiwari,

former chairman and managing

director of the state-run Union Bank

of India (he retired in June this year),

found himself in office, not knowing

whether the $171 million (a little

over `1,100 crore) just stolen from

his bank by hackers would ever be

recovered. The said sum had been

debited from one of Union Bank’s

foreign accounts and had made

its way to multiple other accounts

across the world, using SWIFT

(Society for Worldwide Interbank

Financial Telecommunication), a

mechanism employed by global banks

to transfer funds electronically.

Investigation later revealed that

one of Union Bank’s employees

had fallen prey to a phishing email,

masked as sent from the Reserve Bank

of India (RBI), which infected the

bank’s network and gave the hackers

access to the credentials needed to

execute the transaction. However,

Tiwari kept his nerve and initiated

swift action, which included hiring

Ernst & Young (EY) to investigate the

fraud, and ensured that his bank’s loss

was limited to a mere $497 (`32,000).

“Holding my head and coming

down heavily on my employees

would have led us nowhere,” Tiwari

says, recalling the events of a year

ago. Instead, he got a floor at the

bank’s headquarters in Mumbai’s

Nariman Point vacated and used it to

centralise the bank’s entire SWIFT

operations, which was earlier spread

across 380 nodes all over India,

using sanitised machines, to ensure

complete control on operations.

This was achieved overnight and

without causing any disruption to

the bank’s customers. The money

trail was followed and the illegal

transaction was stopped in its tracks.

The importance of timely action

in recovering losses arising out of

such a breach is evident from the

fact that a similar e-heist of $101

Cover Story / CyberSeCurity

the digital revolution may have

made life eaSier for CitizenS,

but it haS alSo thrown up new

ChallengeS for organiSationS.

deSpite Spending billionS, are

indian CompanieS geared up

to battle thiS Cyberwar?