Pallavi Agrawal

🚨 ₹4.58 Crore Fraud by Bank Employee – A Wake-Up Call for Internal Controls, Cybersecurity & Ethical AI in Finance A shocking case has emerged from Kota, Rajasthan, where a former ICICI Bank relationship manager, Sakshi Gupta, allegedly defrauded 41 customers over three years, siphoning off ₹4.58 crore from Fixed Deposit accounts—only to lose it all in the stock market. How Did This Happen? Between 2020-2023, the employee exploited systemic weaknesses by: 📍Unauthorized Access – Accessed 110+ customer accounts using her position. 🧮Bypassed Security – Changed linked mobile numbers to block OTP alerts, replacing them with family members' numbers. 🧮 Silent Withdrawals – Used the ‘User FD’ system to withdraw funds without triggering alarms. 🧮OTP Manipulation – Built a method to intercept OTPs without raising suspicion. Despite her scheme, all stolen funds were lost in high-risk stock market bets, proving that greed has no happy ending. 📍Key Failures & Lessons for Professionals 📌Internal Audit Gaps – How did unauthorized transactions go undetected for three years? This highlights critical lapses in real-time monitoring and branch-level oversight. 📌 Cybersecurity Weaknesses – Fraudsters exploit weak authentication controls. Banks must strengthen multi-factor authentication (MFA) and AI-driven anomaly detection. 📌Ethical AI & Automation – Could AI-powered fraud detection have flagged suspicious transactions earlier? Predictive analytics must be part of internal audits. 📌Risk Culture – Employees handling sensitive data must undergo rigorous ethics training. Compliance isn’t just about policies—it’s about ingrained accountability. The Aftermath ✏️ ICICI Bank filed an FIR, settled customer claims, and suspended the employee. ✏️Police arrested the accused on May 31, 2025, after a detailed probe. Moving Forward: A Call to Action ✏️ For Banks – Strengthen internal controls, AI-driven audits, and real-time transaction monitoring. ✏️ For Auditors & Risk Professionals – Evolve compliance frameworks to detect insider threats faster. ✏️ For Customers – Monitor accounts regularly and enable transaction alerts. ✏️For FinTech & Cybersecurity Experts – Build fraud-resistant systems with behavioral biometrics and adaptive authentication. This case isn’t just about fraud—it’s a warning for the financial sector. Trust is fragile, and integrity must be non-negotiable. Let’s work towards a secure, transparent, and ethical financial ecosystem. #InternalAudit #Cybersecurity #AIinFinance #BankFraud #RiskManagement #EthicalBanking #Compliance #FraudDetection #FinTech #StockMarketRisks Would love to hear your thoughts—how can banks and auditors prevent such breaches in the future? 💬👇

53

3 Comments

Sacrificing Cybersecurity Quality for Cost? A Wake-Up Call on CERT-In Empanelled Audits In India, we have over 150 CERT-In empanelled vendors authorized to conduct security audits for government, PSU, BFSI, and critical infrastructure organizations. But here’s the uncomfortable truth: 🔻 Audit quality is deteriorating. 🔻 Reports are becoming templated, generic, and checkbox-driven. 🔻 Junior analysts are being deployed with minimal oversight. Why? The answer lies in a flawed procurement model — the L1 (lowest bidder) trap. 🎯 In the race to win contracts based on price alone, many organizations are forced to cut corners: • Using copy-paste reports • Skipping retesting • Ignoring contextual threat modeling • Focusing on “compliance” over “real risk mitigation” 📉 This is not just a vendor issue — it’s a systemic gap. Who ensures report quality? 👉 While CERT-In occasionally reviews vendor performance, the primary responsibility falls on the auditee (you and me). In critical sectors, regulators like RBI or NCIIPC may review samples, but there’s no consistent, formalized report QA mechanism today. ⸻ 💡 What Needs to Change? ✅ Move from L1 to QCBS (Quality + Cost Based Selection) ✅ Introduce standardized report formats and tool disclosures ✅ Build a feedback loop to rate vendor quality post-audit ✅ Encourage independent second-level reviews for high-risk environments ✅ Incentivize deep audits over fast audits ⸻ Cybersecurity is not a commodity. It’s a strategic national asset. Let’s not let the lowest cost dictate the lowest defense. #CyberSecurity #CERTIn #RiskManagement #CyberAudit #Governance #IndiaSecurity #Infosec #CISO #BFSI #CriticalInfrastructure #QCBS #AuditQuality #L1Trap #Empanelment

15

A heartfelt plea to the AICPA... Please police SOC 2 reports better. You have an amazing process / product / offering - SOC 2 reports. These reports are one of the jewels of the compliance industry. These reports allow companies to explain their organization's cybersecurity program to the world while having a credible party (CPA firms) attest that the information in the report has been validated. However, in the last several years, low end audits have become much more cost effective. Were there bad SOC 2s 10 years ago? I'm sure. But they were not prolific. Now, with automation tools, it is easy to crank out many SOC 2s will minimal human oversight. Some of these reports are so obviously bad that any cybersecurity professional can point to them and call them out. What will be the consequence if things continue along this path? The popularity of SOC2s will diminish and another standards body / organization will take over. As this is happening the reputation of CPAs will be tarnished at least to some degree. What is the remedy? There are several possibilities. Some thoughts: 1) Pseudo-randomly assign which auditing firm evaluates other auditing firms reports. Today, I believe that you get to select who your auditor is. 2) Have CPA firms report statistics to the AICPA. If firms have hundreds of SOC 2s and zero exceptions then there is a good chance that they are not applying rigorous standards to the evaluation. (That is an example. Based on the data, I suspect it would be easy to figure out who the outliers for quality are.) Then, audit those firms that don't pass. 3) Create an AI evaluator for SOC 2 reports and have an organization submit a sample to the tool. Any auditing firm that does not meet a threshold is subject to a more rigorous audit. I bet those in this space could come up with other creative solutions that would not be administratively burdensome for the vast majority of firms that do a great job. I'm with Ayoub Fandi that blaming the automation vendors is foolish. They may be the proximate reason that low quality audits are front and center but they are just operating within the confines of the system. What say you, AICPA? #fciso

68

43 Comments

NOTE: I am writing this as a cybersecurity professional, not a representative of any organization with which I am affiliated. Those who have worked with me know that I am by nature not an alarmist. But I feel obligated to say - Houston, I think we have a problem. I am seeing a worrisome statistical increase in the number of successful #ransomware attacks tied to #zeroday malware. The focus seems to be on #Manufacturing, #Retail and #FinCen. Are you seeing this as well? Though this increase may be co-incidental, I am concerned that recent pull backs in public funding of threat and vulnerability intelligence may have been an enabling factor or alternatively could become an amplifying issue. I urge everyone reading this to engage with public sector entities to enforce how critical funding of cyber defenses - like threat and vulnerability data sharing - is to our collective cyber defense.

475

67 Comments

🚨 CERT-In Releases Technical Guidelines on SBOM, QBOM, CBOM, AIBOM & HBOM The Indian Computer Emergency Response Team (CERT-In) has released Version 2.0 of its technical guidelines on the Software Bill of Materials (SBOM), now significantly expanded to cover five critical domains: 1. SBOM – A detailed list of all software components, including third-party elements, used in a software product. It helps identify and mitigate vulnerabilities within the codebase. 2. QBOM – Focuses on components related to quantum computing and quantum-safe cryptography. It inventories quantum algorithms and security frameworks, aiding organizations in preparing for and adopting post-quantum cryptographic (PQC) solutions. 3. CBOM – An inventory of all cryptographic assets such as algorithms, encryption keys, and security protocols used within an organization. It helps in ensuring transparency and up-to-date security measures. 4. AIBOM – A comprehensive list of all components used in the development, training, and deployment of AI models, including hardware (e.g., GPUs), software frameworks, and datasets. AIBOMs are becoming essential for ensuring security, transparency, compliance, and risk management in AI systems. All organizations involved in AI-driven development and services are advised to include AIBOM requirements in all AI-related procurements and solutions. 5. HBOM – A list of all physical components, such as servers, networking gear, and storage devices that make up a hardware system. It helps in tracking, auditing, and managing hardware-related risks. These guidelines are especially relevant for government bodies, public sector units, essential services organizations, and entities involved in software exports and software services. It is aimed at: 1. Software Consumers – Organizations that purchase and use software to support operations. 2. Software Developers – Entities that build and maintain custom software solutions. 3. System Integrators / Software Resellers – Organizations that distribute software products and provide related services. By adopting these guidelines, organizations can bolster security, accelerate incident response, identify and patch vulnerabilities more efficiently, mitigate supply chain risks, ensure regulatory compliance, and enhance overall operational resilience. This is an essential step in building more secure, transparent, and future-ready digital ecosystems. 👉 Link to the full guidelines is in the comments. #ai #india #aigovernance #cybersecurity [This post is for educational purposes only and does not constitute legal advice. The views expressed herein are personal and not reflective of any institution or company. Likes or interactions with this content do not imply endorsements.]

17

1 Comment

SEBI just fired a warning shot at NSDL—compliance lapses + cyber gaps aren’t small stuff. If NSDL wants to stay ahead of the game, here’s what they must do: • Publish a root cause analysis on the IPO visibility mess • Commission an external cybersecurity audit • Share a public remediation timeline • Link leadership bonuses to real compliance KPIs Ticking boxes won’t cut it anymore. https://lnkd.in/d6zdf8Yc

29

1 Comment

Deepfakes Have Crossed the Line From Awareness Issue to Operational Threat This is no longer hypothetical. We are now seeing: 🎯 Fake candidates making it through interviews 🧑‍💻 Deepfake personas receiving job offers 💰 Payroll fraud via synthetic employees 🧠 Nation-state tradecraft (including DPRK-linked operations) abusing hiring pipelines This isn’t “phishing evolved.” This is identity compromise at scale. And here’s the critical takeaway: You cannot bolt deepfake defense onto security awareness or phishing training. That mindset is already outdated. 🚨 Why This Requires a Dedicated Program Deepfakes attack trust, not systems. They exploit: Human hiring workflows Remote-first onboarding Identity verification gaps Cognitive overload and speed incentives Traditional controls assume: ❌ A human adversary ❌ Static identity signals ❌ Detectable intent Deepfakes break all three. That’s why the response must be: ✅ Dedicated ✅ Staffed ✅ Planned ✅ Budgeted Not a slide in awareness training. Not a checkbox in phishing simulations. A full deepfake defense program needs to include: Identity verification workflows Behavioral anomaly detection LLM-powered impersonation detection Policy + HR + Security alignment Executive ownership and funding 🧠 The Hard Truth This challenge is unlike anything we’ve seen before. And the technology will only: 📈 Improve 📈 Scale 📈 Become cheaper and more accessible Organizations that wait for “best practices” will be reacting after damage is done. Deepfake defense is now: 🔹 A security program 🔹 A risk management function 🔹 A board-level conversation

25

5 Comments

Meet Sameer Kulkarni, author of "Establishing Security Operations Center", your comprehensive guide to setting up and managing a Security Operations Center in a world of evolving cyber threats. Sameer is a seasoned professional with a wealth of experience, currently serving as a senior vice president for IT, cloud, and cybersecurity at Decimal Point Analytics. With a background as an aeronautical engineer in the Indian Air Force, he brings decades of expertise in managing communication, IT infrastructure, and data centers. He is an ISO 27001 lead auditor and a fellow member of IETE, with a focus on governance, risk, compliance, and emerging technologies like AI, cloud computing, and cybersecurity. This book systematically covers the entire lifecycle of a SOC, beginning with cybersecurity fundamentals and the profound implications of cyber incidents. You'll learn to build a SOC from the ground up, understand the essential roles and tools, and see real-life examples from the industry. By the end of this book, you will possess a holistic understanding of SOC operations, equipped with the knowledge to strategically plan, implement, and continuously enhance your organization's cybersecurity posture, confidently navigating the complexities of modern digital defense. This is a must-read for professionals interested in managing SOCs, from Level 1 responders to senior analysts and executives looking to build scalable, resilient defenses. 📘 Available now on BPB and Amazon. Grab your copy today! ✨ https://lnkd.in/gfNXeBkp https://lnkd.in/gGWR3NRC #SOC #SecurityOperationsCenter #Cybersecurity #CyberThreats #IncidentResponse #ThreatHunting #SIEM #ITSecurity #DigitalDefense #BPBPublications #BPBonline #NewRelease #TechBooks

139

17 Comments

You might be feeling frustrated by the endless struggle of getting Sigma detection rules to work seamlessly in your open-source SIEM stack. It probably feels like every new rule demands manual conversions, special configs, and a ton of guesswork. It can be exhausting--and I’ve definitely been there. In this walkthrough I introduce how we can incorporate Velociraptor DFIR to solve our Sigma challenge. I share how I set up automated scans, tackled noisy detections, and fed alerts into my incident-response workflow (CoPilot). https://lnkd.in/gX5-X_mN

90

3 Comments

Privacy Enhancing Technologies (PETs) for BFSI in India (DPDPA Focus) - First Post I'm excited to launch a series focusing on PETs and their crucial role in the BFSI sector in light of the DPDPA, 2023. The DPDPA brings significant obligations for data fiduciaries in handling personal data. For BFSI sector, which deals with highly sensitive financial information of millions, compliance is not just a regulatory necessity but a matter of trust and reputation. In this series we will explore how PETs can empower BFSI entities. The DPDPA emphasizes principles like purpose limitation, data minimization, and storage limitation. It also grants individuals rights like the right to access, correction, and erasure. Implementing these principles while leveraging data for crucial functions like fraud detection, risk assessment, personalized services, and regulatory reporting can be challenging. This is where PETs come into play. These technologies offer innovative ways to process and analyze data without directly accessing or revealing the underlying personal information. Think of techniques that allow computation on encrypted data, anonymize datasets for analysis, or enable secure multi-party collaboration without sharing raw data. EU Being a Pioneer Lets Have A Glimpse into PETs in EU's BFSI. The European BFSI sector, operating under the robust framework of the GDPR, has already begun exploring and implementing PETs to address similar data privacy challenges. Few examples are as under:- Homomorphic Encryption for Fraud Detection:- EU banks are exploring homomorphic encryption to allow collaborative analysis of potentially fraudulent transactions. Differential Privacy for Regulatory Reporting:- Financial institutions in the EU are investigating differential privacy to generate anonymized statistical reports for regulatory bodies Secure Multi-Party Computation for Risk Assessment:-SMPC is being explored to enable joint risk assessments by multiple financial entities. Federated Learning for Credit Scoring:- Pilot projects are underway in the EU to use federated learning for building more robust and privacy-preserving credit scoring models Over the coming posts, we will delve into specific PETs relevant to the BFSI in India. We will explore the following:- Homomorphic Encryption:- Performing computations on encrypted data. Differential Privacy:- Adding statistical noise to datasets to protect individual privacy during analysis. Federated Learning:- Training machine learning models on decentralized data without centralizing it. Secure Multi-Party Computation (SMPC):- Enabling multiple parties to jointly compute a function over their private inputs while keeping those inputs secret. Zero-Knowledge Proofs:- Verifying information without revealing the information itself. #DataPrivacy #Cybersecurity #India #DPDPA #BFSI #PrivacyEnhancingTechnologies #PETs #Fintech #Regulation #Innovation #LinkedInSeries #EU #GDPR

63

13 Comments

What the DFIR analyst does during an IR engagement (not only equal to a firefighter or detective) is not the same as what the management should do in handling an incident or what the GRC should do in managing an incident. Why do some experts write a playbook to combine every aspect of DFIR for the technical team to follow? Why does the procurement write a tender to ask a service provider certified with CISM/CISSP or equipped with digital forensic tools to do the IR tasks like this?

69

CMMC Level 2 Assessment Objective: Wireless Access Authorization PRACTICE: Organizations must authorize wireless access prior to allowing such connections. ASSESSMENT: Guidelines from management form the basis for the requirements that must be met prior to authorizing a wireless connection. These guidelines may include the following: Types of devices, such as corporate or privately owned equipment Configuration requirements of the devices Authorization requirements before granting such connections Be prepared! Your assessor could ask to 🔍 EXAMINE procedures addressing wireless access implementation and usage (including restrictions). 🗣 INTERVIEW personnel with responsibilities for managing wireless access connections. 📝 TEST wireless access management capability for the system. (CMMC Assessment Guide: Level 2 Version 2.13, page 50) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

60

1 Comment

Hot Take! Who Should Own Privacy Compliance Under DPDPA – Legal, Infosec, or a Dedicated Privacy Office? 🔐⚖️🛡️ As Indian organizations or should I say Data Fiduciaries gear up to align with the Digital Personal Data Protection Act (DPDPA), a major question is quietly creating internal ripples: Who should actually own privacy compliance? ➡️ Should it be tucked under the Legal function? ➡️ Should it fall within the CISO’s sprawling InfoSec empire? ➡️ Or… is it time to establish a truly independent Data Protection Office? 👀 Controversial Opinion (but I stand by it): Privacy shouldn’t be a side hustle for either Legal or Security. We need a dedicated Data Protection Office led by a DPO, with the right resources and mandate to drive real compliance. This team should own: * Data Protection Impact Assessments (DPIAs) * Managing Data Principal rights * Maintaining ROPAs * Consent lifecycle management * Data retention & deletion mechanisms * Policy frameworks and awareness 💼 Meanwhile, Legal should support with contract reviews, DPAs, and regulatory interpretations. 🛡️ And Infosec? They should contribute to risk assessments, technical controls, and give security sign-offs but not be burdened with owning the entire privacy program. 👉 With this kind of structure…clear roles, strong collaboration, but distinct ownership.. implementing and sustaining a privacy program under DPDPA becomes more manageable and effective. 🔥 So, what’s your take? Will privacy in India become just another compliance checkbox for Legal or InfoSec? Or is it time we build a privacy tower of our own? #DPDPA #Privacy #DataProtection #IndiaPrivacyLaw #DPO #Infosec #Legal #Compliance #DigitalIndia #DSCI #IAPP

90

12 Comments