Banking and Financial Sector in India are the most regulated compared to other sectors. Vulnerability Assessment and Penetration Testing (VAPT) in BFSI sector today, is more of a ‘compliance’ program, which is conducted because of regulatory or applicable standard mandates. Thus, leaving the enterprises in this sector in a vicious cycle of patching thousands of vulnerabilities emanating from these VAPT programs.
Key Business reasons for the endless VAPT patching cycles in the BFSI sector:
- 40% lesser calendar days in a year because of business-sensitive month and year ends.
- A larger part of the organisation operates with thin bandwidths because of its widespread presence in the entire country (even in remote places)
- ~70% of human resources are on a commission basis and are not salaried employees. Majority of this team is on the field, and their systems are shared and seldom connects to the corporate network
In addition to the above reasons, there are thousands of vulnerabilities which need patching with ~8000 new vulnerabilities being added to the global database list every year. Thus, making any VAPT program in the BFSI sector ineffective resulting in vulnerable endpoints.
The second link of the InfoSec chain – The Humans/People were always vulnerable and often referred as the weakest link. Year 2017 onwards there has been a rise in a series of ransomware attacks like ‘WCry’, ‘Petya’ ‘Maze’ and few others which directly or indirectly targeted this vulnerable link and exploited almost every business segment. In-order to build a robust defense system, a security professional must understand that ransomwares need “Executioner/Human Resource” to yield its nefarious results.
Happiest Mind Technologies “Complete Exploit, Assess & Negate” (CLEAN) program secures digital assets exposed through all the three ‘Web’ ‘Email’ & ‘Physical connectivity’ channels. Unlike traditional VAPT programs, CLEAN addresses the people and technology challenges within the operational constraints of BFSI business and assuring ‘digital safety’ to Information Security guardians of enterprises.
- 8000 vulnerabilities get added every year, yet only 20% of them have exploit codes available and every 2 of 3 vulnerabilities exploited have been with the exploit code
- Vulnerability scoring methods consider ONLY ‘Work Factor’, while attackers also consider the benefits in exploit
- Digital assets over email channel remain open/vulnerable
- Contactless and interactive assessment
- Contactless assessments surface enterprise cyber footprints in cyberspace
- VA at click of mouse, no more large-spaced (quarterly, bi-annual or yearly) assessment frequencies
- Intelligent vulnerability prioritization, 8x improved VA program effectiveness, no more vicious VA cycles
- Covers building defense against phishing, strengthens the weakest link of the chain
- Designed for enterprises with separate email solution for commission-based agents (non-employees)
- Red teaming thru Black Hat certified hackers