Munish Mittal, HDFC Bank
Sep 07th 2016

Digital Innovation Strategy

In the wake of the recent malware attacks that took the BFSI space by storm, HDFC incorporated robust measures in application security, which included securing IT systems and infrastructure using secure cryptographic protocols and ciphers. Its internal analysis and studies on vulnerability reports found that 90 percent of total vulnerabilities were due to the use of old encryption protocol and insecure ciphers used by operating systems, application servers, and middleware. The bank removed insecure encryption protocols and thwarted birthday attacks against TLS ciphers with 64-bit block size vulnerability for WannaCry remediation. The team managed scheduling reboot, interfacing with business teams for downtime and ensured 100 percent remediation of all DC servers within seven days. Vulnerability assessment and penetration testing to secure the entire environment cryptographically were also carried out. In its drive to bring in changes to the middleware, configuration file changes to forcefully use latest encryption protocols and ciphers were brought in. Under application changes, HDFC upgraded its IT supporting monitoring tools which use old encryption protocols and ciphers. HDFC’s initiative helped improve SSL/TLS grading on its netbanking page, and this helped the bank maintain the brand on top.