Transforming challenges into opportunities is key to evolving risk management for modern threats
There is an increasing need to reconsider and revolutionise the approach to risk management. To achieve this, it is essential to alter how we assess risks. Pilferage, such as theft of iron or other raw materials, remains a common issue across various industries. However, conventional risk assessments often undervalue such risks, as these assets are not always classified as critical. Yet, the fact that these stolen goods often find their way back into the supply chain of the same industry points to the organised nature of these crimes and a deeper systemic flaw. It becomes imperative to adopt a holistic risk management approach to address and mitigate risks comprehensively. Tackling smaller issues can pave the way to dismantle broader and more complex nexuses of wrongdoing.
An overlooked aspect during risk assessments is the characterisation of movable assets, particularly human resources, which are inherently vulnerable to unethical practices, manipulation, or a lack of awareness. While individuals are often held accountable for wilful breaches, it seems unjust to penalise them when they fall victim to fraud, especially when tactics such as social engineering are employed.
Arrival Of Digital Currency: UPI & Seamless Transformation
One of the most significant advancements of the digital era is the proliferation of digital currency, particularly in India. The Unified Payments Interface (UPI) has been instrumental in this transformation, reshaping the way financial transactions are conducted. UPI has simplified real-time payments and continues to gain widespread adoption due to its user-friendly nature, interoperability between banks, and multi-application linking. The popularity of UPI is so pervasive that even beggars on the streets of Delhi now use scanners to receive payments, highlighting how deeply ingrained digital payments have become in everyday life. Both rural and urban populations have embraced UPI because of its ease of use.
UPI’s smooth adoption is a testament to India’s robust and adaptable digital infrastructure, bolstered by a tech-savvy populace eager to adopt new technologies. The 2016 demonetisation of high-value currency notes and the government’s push for a cashless economy served as catalysts for the rapid growth of digital payments in the country.
Financial Fraud Pivot: UPI Becomes New Battlefield
With the rise of UPI and other digital payment systems, the nature of financial fraud has also evolved. Traditional fraud methods, such as cheque kiting and credit card skimming, are giving way to sophisticated techniques that exploit vulnerabilities in electronic payment platforms. Frauds involving UPI have become a major concern as cybercriminals target its widespread usage.
Phishing scams, for instance, involve fraudsters impersonating bank officials or service providers, tricking users into revealing their UPI PINs or OTPs. In a common social engineering attack, fraudsters convince victims to approve fraudulent transactions under false pretences. Once the victim complies, cybercriminals may go as far as gaining control over the victim’s mobile number through SIM swapping to facilitate further fraud.
The increasing frequency of UPI-related fraud underscores the urgent need for stringent cybersecurity infrastructure and regular awareness campaigns for users. While UPI transactions are generally secure thanks to two-factor authentication and encryption, users must remain vigilant and aware of potential risks. The emergence of financial fraud in the digital age highlights the importance of continually evolving risk management strategies to address these modern threats.
Decline Of Face-To-Face Meetings: Video Call Growth & Network Security
Financial transactions are not the only area undergoing a radical shift. The way people communicate has also changed dramatically. The COVID-19 pandemic accelerated the transition to remote work, virtual meetings, and video conferencing platforms, replacing traditional face-to-face interactions. Video calls have now become the norm in many sectors, offering businesses a more economical and efficient way to conduct meetings.
However, as communications shifted to the digital realm, new vulnerabilities emerged. The increased reliance on video conferencing platforms has made them attractive targets for malicious actors who exploit weaknesses in video conferencing software and unsecured networks. Ensuring network security has become more critical than ever before.
To mitigate these risks, it is vital to implement robust cybersecurity measures such as encryption, multi-factor authentication, and regular software updates. Equally important is educating employees about best practices for secure communication, such as using virtual private networks (VPNs) and avoiding public Wi-Fi networks, to prevent data breaches and unauthorised access.
In a widely reported incident in 2024, a finance worker was tricked into transferring USD 25 million to fraudsters using deepfake technology. The criminals posed as the Chief Financial Officer of a multinational company and authorised the transaction during a video call. To address such threats, DridhG Security International Pvt. Ltd. has developed an indigenous deepfake detector—DHEERAJ (Deepfake Handling Engine for Expert Recognition and Authentication of Judgements). This innovative tool can detect deepfakes in real-time during video calls and can also be utilised in preventing fraud during online examinations and corporate interviews. Video conferencing undoubtedly offers immense value by reducing travel expenses and enabling scalable communication processes, but securing these digital interactions must remain a priority, especially as sensitive information is increasingly handled through virtual platforms.
Impact Of Digital Transformation On Technical Surveillance Countermeasures (TSCM)
Traditionally, businesses and government agencies relied on technical surveillance countermeasures (TSCM) to protect against espionage and unauthorised eavesdropping. These measures involved detecting and mitigating passive listening devices or ‘bugs’ placed in physical spaces. However, with the rise of digital communications, the demand for TSCM services has seen a decline. Today, companies are more reliant on encrypted digital communication platforms, reducing the need for traditional bug sweeps and physical surveillance countermeasures. This shift is particularly evident in industries that have embraced full digitalisation and remote work. While the drop in TSCM usage may suggest a decreased threat of physical surveillance, it is crucial to recognise that the risks have simply migrated to the digital realm. Threats such as cyber espionage, hacktivism, data breaches, and electronic eavesdropping have replaced traditional physical risks. Consequently, businesses must shift their focus from detecting physical surveillance devices to monitoring for malware activity and securing communication channels. This change in risk management practices illustrates the need for businesses to adopt solutions that address both digital and physical risks. Organisations must ensure that their digital and physical perimeters are safeguarded from unauthorised access at all times.
Vision For Next Evolution Of Risk Management In Financial Services
The digital age has fundamentally transformed risk management practices. Many risks faced by organisations today are new and different from those encountered in the past. The widespread adoption of UPI and digital payments has revolutionised financial transactions, but it has also introduced new types of fraud. The shift towards video conferencing and remote communication has underscored the critical importance of network security, while the declining reliance on face-to-face meetings and traditional TSCM highlights the evolving nature of surveillance threats.
To protect against these emerging risks, businesses must adopt a proactive approach. This includes investing in cybersecurity infrastructure, educating employees about security best practices, and staying informed about the latest technological developments and risk management strategies.
In an interconnected world, the ability to respond swiftly and effectively to new threats will form the foundation of security resilience for businesses, governments, and individuals alike. As we continue to navigate the digital era, it is essential to recognise that risk management must evolve alongside technology. Risk consultants and security professionals must work tirelessly to enhance their capabilities and address the complex, modern-day risks that are here to stay.
Author: Garima Goswamy, Co-Founder and CEO, DridhG Security International Pvt. Ltd.