Sandeep is a cybersecurity professional with 9+ years of experience bringing together the best security experts to simplify the complicated cybersecurity problem. As the Founder and CTO of SecureLayer7, from the beginning of 2013, Sandeep built its vision, strategy, and direction. As a bootstrapped startup, Sandeep has worked towards building a stable and reliable cybersecurity firm with remarkable growth.
The Indian BFSI segment has been one of the fastest-growing segments in the country, fuelled by fast-paced technology adoptions and supportive government policies. The Industrial 4.0 revolution that integrates smart technology tools with day to day business operations leveraging AI, ML, and cloud computing etc., making essential functions accessible at the touch of a smart screen, has evolved rapidly. These innovations, integrated with a massive rise in fintech, are helping create a cashless economy for India. As per a report by RedSeer Consulting, India’s Digital Payments Market was valued at INR 2,162 trillion in 2019-20 and is expected to grow three-fold, to reach INR 7,092 Trillion by 2025. Further, the current 160 million unique mobile payment users are set to multiply 5 times, to reach 800 million, by 2025.
However, with the increased digitisation, the rise in cases of cybersecurity breaches, have exposed several vulnerabilities. The security breach at the State Bank of India in 2019, for example, exposed the bank account numbers and bank balance information for its 422 million customers! Similar attacks of varying scales have also taken place across various public and private banks in the country, in the past few years. Globally, the BFSI sector has been witnessing a rise in cyber-attacks where skilled hackers can carry out well-planned breaches, heists, invasions, data thefts, malware and phishing attacks, etc., resulting in major financial loss and distress. As per a report by the Reserve Bank of India (RBI), around 60,000 cyber frauds took place in the banking sector alone, including the Scheduled Commercial Banks (SCB), during the fiscal year of 2018-19, and resulted in a loss of INR 67, 432 Cr. for the last fiscal. According to a report by CISO, in 2018, the Indian BFSI segment clocked an average B+ OSINT Security score and was ranked 50 in Security maturity and 42 in breach readiness. Some vital platforms which are most vulnerable and need a cyber-security assessment and action, include:
- Solutions by Fintech Start-ups: Over the past few years, a number of technology startups specialising in the financial segment have emerged, disrupting the way we make purchases. From app-based wallets and adhaar/ UPI linked instant transactions to single-window e-commerce apps, fintech startups need to be mindful of the threats and invest in creating a robust data security framework for the apps. This is generally ignored as these may be bootstrapped startups and generally avoid hefty investment needed for a more than basic digitally secure ecosystem. This needs to be addressed by collaboration with cybersecurity firms that provide customised and value-driven services, as against the big-budget packages.
- ATM Security: These have been very common and involve a combination of a physical breach – where fingerprints and card details are stolen by imprinting the contact point of the machine, and software breaches. As per a report by Positive Technologies, up to 69% of all ATM’s are vulnerable to cyber-attacks. Interestingly, ATM attacks have been getting complex and more sophisticated since the first ATM Malware attack of 2018, and it is expected to continue being a looming threat. ATM security assessment, an important exercise, is a recommended mode of addressing these vulnerabilities.
- Mobile Apps and Integration: As per a report by Avaya India, 26% of Indian customers regularly avail digital banking services through the bank website and mobile app. With the increased use age of smartphones and the consumer-friendly mobile app version for one-tap transactions, mobile and digital banking are set to further enhance the vulnerability of the platform. Banks need to pay special attention to these platforms when it comes to cybersecurity.
- Social Engineering: Data has become the new currency now, and financial data is even more valuable. While innovative and complicated cyber crimes are on the rise, especially for newer platforms, the age-old methods of phishing, network scanning, viral code, website defacements and intrusion and the conventional malware also continue to grow, mostly unchecked. These require a consistent effort to monitor using advanced detection technology processes to ensure there are no major or minor compromises.
While all of the above are important steps to be taken by BFSI players, including banks, service providers, fintech players and their technical support staff, a significant aspect of secure transactions is also consumer awareness. With automated messaging alerting consumers to not share their OTP or CVV numbers over a call or to use secure servers when making financial transactions, most banks, and financial institutes are taking basic steps towards educating their customers. However, a strategic, technology expert-led awareness campaign can play a significant role in educating masses about the effective and secure use of digital platforms for financial transactions, which is the need of the hour as an increasing number of people are now operating from home, through barely secure servers.
More about Sandeep Kamble
Sandeep is focused on leading, directing, and executing client-facing engagements that include SecureLayer7’s cybersecurity service offerings. Since SecureLayer7’s founding, Sandeep has created strategies that prioritise and focus on customers and employees. This has become the company’s key strategy, which has led to customer satisfaction reviews reflected in the NPS (Net Promoter Score) of 89%. Under Sandeep’s leadership, SecureLayer7 has successfully increased the delivering value to the customer, which resulted in the 180% growth in the business from the last four years. The company has earned some major accreditations such as CERT-In, ISO 27001.
In 2019, Sandeep founded and introduced two products to the cybersecurity industry. The first one, BugDazz, a Pentest as a service and the second one, AuthSafe, for fighting with online frauds. Before founding SecureLayer7, Sandeep worked as an independent Bug-Bounty Hunter. He reported multiple vulnerabilities to Google, Facebook, Dropbox, Twitter, Paypal, and many others.
Sandeep has completed a disruptive strategy course from Harvard Business School and holds an Engineering Degree in Information Technology from JNEC at Aurangabad, MH, India.