Download
1 / 7
70 likes | 85 Views
Discover the evolving cyber threat landscape in India's banking and financial industry and learn how to become RBI compliant to effectively manage cyber risks. Increased regulations and RBI directives are essential to protect against cyber attacks and ensure the security of customer data.
E N D
Overcoming the Cybersecurity Threats of India’s Banking & Financial Industry
Contents The Evolving Cyber Threat Landscape needs Increased Regulations Increased Regulatory Requirements RBI Directives – Are you RBI Compliant? Three Pronged Approach to Managing Cyber Risks and being RBI Compliant India Contacts
The Evolving Cyber Threat Landscape needs Increased Regulations Disruptive Innovations in the Banking and Financial sector are not only bringing about newer opportunities but are also paving in new threats. Digitization has changed the Banking eco-system from the traditional banking models. With the advent of Omni channel Banking, consumers now interact across Multiple Channels, newer technologies are playing its part and there is high penetration of mobile, internet and smartphones across consumers.This is changing consumer behavior, including buying behavior, with social networking, word of mouth, peer reviewing of products, and online research becoming the norm. Digital payments are becoming significant in India, and the evidence of the digital disruption is mounting in financial Industry which is leading to more profound open areas for Cyber attacks. According to a recent Cyber Security study by analysts, Banking & Financial Institutions are operating on boundary-less and unregulated ecosystems and thus are more vulnerable to be exploited by the ever evolving Cyber Threats. Incidents like Account Takeovers, Vishing, Fraudulent monetary transfers, ATM Skimming, Mobile Banking Exploitation using malwares are prevalent and are only evolving with the cyber criminals getting more innovative the attacks are only going to get bigger. Banking & Financial Institutions now need to ensure they follow the compliance and mandates from regulations within their industry, the adherence to the regulations is essential for the security of their business and to keep up with cyber-crimes.
Increased Regulatory Requirements RBI Directives or guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, define the fundamental information security requirements which all Banks need to follow. In addition to the above guidelines, there are multiple regulatory requirements related to Internet Banking, Payment Systems, Mobile Banking, IT Outsourcing, etc., which may be applicable to a particular bank depending on the context of the organization and the nature of its operations in India. To proactively manage the vulnerabilities that could be exploited by hackers, patches and updates have to be rolled out .However, as the compromise often involves internal systems, such steps may not necessarily solve all the problems for an organization. the Reserve Bank of India (RBI) has released a set of guidelines to manage the risks associated with cyberattacks. RBI’s circular last year covered several notable suggestions, ranging from arrangements for continuous surveillance, creation of a cyber security policy that is distinct from the broader IT policy and an immediate assessment of gaps in preparedness to be reported to the regulator. To diminish future risks and fortify safety mechanisms, institutions using global payment services should conduct a complete security review of their IT infrastructure. Lastly, a proactive forensic analysis of all the systems may be beneficial to ascertain if there has already been a breach or compromise. Banking in India is governed through various legal and regulatory requirements issued by the Government of India and the banking regulator – Reserve Bank of India (RBI). Periodically, RBI issues various circulars and guidelines on various aspects of Banking. The regulations may also vary depending on the type of bank e.g., Scheduled Commercial Bank, NBFC, Regional Rural Bank, Authorized Dealer Banks, etc. :
RBI Directives – Are you RBI Compliant? • Implement centralized authentication and authorization system or accessing and administering applications, operating systems, databases, network and security devices/systems, point of connectivity (local/remote, etc.) including enforcement of strong password policy, two-factor/multi-factor authentication depending on risk assessment and following the principle of least privileges and separation of duties. • Implement appropriate (e.g. centralized) systems and controls to allow, manage, log and monitor privileged/superuser/administrative access to critical systems (Servers/OS/DB, applications, network devices etc.). • Provide secure access to the bank’s assets/services from within/outside bank’s network by protecting data/information at rest (e.g. using encryption, if supported by the device) and in-transit (e.g. using technologies such as VPN or other secure web protocols, etc.) • Disallow administrative rights on end-user workstations/PCs/laptops and provide access rights on a need to know basis and for specific duration when it is required following an established process. • Carefully protect customer access credentials such as logon user ID, authentication information and tokens, access profiles, etc. against leakage/attacks. • Manage and analyze audit logs in a systematic manner so as to detect, understand or recover from an attack. • Enough care is to be taken to capture audit logs pertaining to user actions in a system. Such arrangements should facilitate forensic auditing, if need be.
Three Pronged Approach to Managing Cyber Risks and being RBI Compliant Banking & Financial firms have traditionally focused their investments on becoming secure. However, this approach is no longer adequate in the face of the rapidly changing threat landscape. Put simply, financial services companies should consider building cyber risk management programs in coherence with the RBI guidelines to have the ability of being secure, aware and proactive at taking decisive actions to curb these threats. An effective cyber risk management solution would broadly have three capabilities: Identity Governance & Administration, User Activity Monitoring, Access Management & Authentication with analytics being run at the core which can then talk to Identity Management, Access Management, Privileged Account Management, File Integrity Monitoring and SIEM to provide rich data for the Subject matter Experts to work with. This situation will help the organizations to better be prepared for the digital revolution and the issues that come along with them. Identity Access Security • Governance • Provisioning • Privileged Identity • Self Service • Social Registration • Unified Identity • Roles • Analytics • Risk Based Access • SSO • Privileged Access • Federation • Multi-Factor • Mobile • Social Access • Analytics • SIEM • File Integrity • Privileged Monitoring • Configuration Monitoring • Change Monitoring • Analytics
For Face to Face Meeting or Workshop on Overcoming Cybersecurity Threats of India’s Banking & Financial Industry contact us - Email: -Rachana.Karanth@microfocus.com Phone: +91 080 4002 2063 www.microfocus.com India Offices: Bangalore Laurel', Block 'D', 65/2 Bagmane Tech Park, C.V. Raman Nagar, Byrasandra Post Bangalore - 560093 New Delhi Unit No 03 & 04 1st Floor, Salcon Ras Vilas District Center Saket New Delhi - 110017 Mumbai Leela Galleria, 1st Floor, Andheri Kurla Road, Andheri, (East) Mumbai - 400059
