RBI Notifies Indian Banks To Step Up Cyber Security Efforts

As a measure against the rising threat of cybercrime, India’s Central Bank, the Reserve Bank of India has asked banks in India to improve their cyber-security measures and take steps to introduce robust cyber security norms.

The RBI issued a notification to all commercial banks earlier this week requiring banks to develop a dedicated cyber-security policy as well as clear strategies to protect themselves from cyber-attacks.

In a statement, RBI said

Banks should immediately put in place a cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk.It is essential to enhance the resilience of the banking system by improving the current defenses in addressing cyber risks.

The notification has stated that the deadline for banks to submit their cyber policy after approval by their respective Boards was September 30, 2016. RBI’s notification stated that numerous cyber-attacks were occurring with regularity specifically in the financial sector as a result of low entry barriers and increasing resourcefulness of cyber-criminals making it necessary for banks to improve their existing defenses and take steps put in a resilient cyber security framework.

CCTV News

One of the major measures suggested in the notification refers to implementation of an Incident Response, Management and Recovery framework which would be equipped to deal with serious incidents as and when they occur. The notification stipulates that the banks must report every incident to the RBI.

The RBI has asked the banks to separate its cyber security policy from the existing IT policies in place and has specified that regular checks for vulnerabilities need to be carried out by the bank as the attacks may occur at anytime and in an unanticipated manner. It said that recent incidents have highlighted the need for such caution and vigilance. The RBI has also asked the banks to ensure that personal information of customers is not disclosed under any condition.

The notification comes in the wake of the recent Bangladesh Bank heist which occurred in February 2016 resulting in $951 million being stolen from Bangladesh’s central bank. The heist was carried out through five transactions which allowed the withdrawal of the amount from a Bangladesh Bank account held at the Federal Reserve Bank of New York using the SWIFT network. The illegal transfers took place after hackers breached the bank’s network and used the bank’s credentials to issue the payment transfers.

---