Indian banks today operate in an environment where digital adoption has moved far faster than the evolution of security architecture. While customer-facing innovation has accelerated, cybersecurity models in many institutions still depend heavily on perimeter-based defences. That approach is increasingly out of step with today’s threat landscape. Attackers no longer rely only on breaking in from the outside. They exploit the credentials of insiders and trusted internal pathways.
The scale of the problem is evident in national data. According to the Government of India, cybersecurity incidents in India rose from about 10.29 lakh in 2022 to 22.68 lakh in 2024, marking a 120 per cent increase in just two years. This trend has directly impacted banking and financial services.
One ransomware attack in mid-2024 on C-Edge Technologies, a key banking technology service provider, disrupted UPI and ATM services across more than 300 cooperative banks. What stood out was not how attackers entered, but what happened after. Once inside, they moved laterally across interconnected systems because internal networks were flat, implicitly trusted, and largely blind to identity at the point of access.
The real weakness lies inside the network
Most Indian BFSI networks were built on a simple assumption. If traffic is inside the perimeter, it is trusted. That assumption no longer holds in a sector defined by branch-heavy architectures, widely dispersed ATMs, shared infrastructure, and constant third-party access.
When access is granted based on location rather than identity, a single compromised endpoint becomes a launchpad. Attackers do not need advanced techniques when internal movement is unrestricted. Standard credentials and common administrative tools are often enough to escalate access across network systems. Firewalls may remain intact, yet damage continues unchecked behind them.
This model also magnifies insider risk. Insiders already operate within the trusted zone. When access controls are static and broadly defined, insiders, whether malicious, careless, or compromised, can reach systems well beyond their role. This makes insider threats one of the most under-addressed risks in banking security today.
Regulatory direction is clear, but execution matters
The Reserve Bank of India’s cybersecurity direction reflects these realities. The shift towards Zero Trust principles is explicit. Continuous authentication, least privilege access, and micro-segmentation are no longer optional ideas but core expectations.
What this means in practice is often misunderstood. Zero Trust is not achieved by adding another security layer at the edge. Firewalls authenticate entry, but they lose visibility once traffic flows internally. Recent incidents have shown that internal blind spots are where breaches escalate into outages. If Zero Trust is to be effective, enforcement must move inside the network.
Every endpoint in a bank connects through a switch. Teller systems, ATMs, kiosks, vendor laptops, and IP-based devices all pass through this layer before accessing any service. This makes the switching layer the most practical and enforceable point for Zero Trust.
Identity as the new control point
Identity-based Granular Network access control changes where and how controls are applied. Technologies such as IEEE 802.1X control network access by allowing connected devices to join only after authenticating valid credentials. This provides real-time visibility into what is connected and through which permissions.
Downloadable Access Control Lists (dACLs) strengthen this model further. Switches dynamically enforce least-privilege policies based on device identity. Instead of static permissions, access can be tied to user roles and device posture. A branch workstation, an ATM, and a guest device may use the same physical infrastructure, but each can be restricted to a tightly defined set of resources. This directly supports least privilege principles and reduces the impact of compromised credentials.
Micro-segmentation as a containment strategy
Flat internal networks allow breaches to spread silently. Micro-segmentation changes that dynamic. By creating controlled trust boundaries within the network, banks can ensure that a compromise in one area does not cascade across the organisation.
Role-based segmentation allows staff systems, payment infrastructure, and third-party devices to operate in isolated zones. Interactions between these zones can be monitored and controlled. Breaches that might once have become enterprise-wide crises are contained as localised incidents. When abnormal behaviour is detected, access can be restricted immediately without shutting down entire segments.
Audit readiness and operational resilience
Beyond security, this architectural shift delivers clear operational benefits. Identity-based enforcement at the network layer generates detailed access logs showing who connected, when, and to what. This visibility directly supports regulatory audits that increasingly demand evidence of enforced controls rather than documented intent.
Incident response also improves. Cybersecurity teams can isolate affected devices at the port level, reducing downtime while preserving evidence. For geographically distributed banking networks, policies remain consistent while enforcement continues locally even during connectivity disruptions.
Rethinking the foundation of bank security
The lesson from recent incidents and regulatory direction is straightforward. Cybersecurity can no longer be treated as a boundary problem. It is an architectural challenge that starts inside the network.
Perimeter defences in the network will continue to play an important role, but they must be complemented by identity-based granular network access controls, segmentation, and continuous authorisation. As digital banking deepens its reach across India, resilience will depend on how effectively implicit trust is removed from the network and replaced with verification at every point of access. For Indian banks, the future of cybersecurity lies not at the edge, but at the core of the network itself. For BFSI CIOs navigating RBI's mandates, this architectural choice means audit trails are automatic, policy enforcement is distributed and compliance becomes continuous—not a periodic scramble.
