Page 30 - Banking Finance November 2022
P. 30
ARTICLE
banks and regulators for a robust Cyber Security framework continuous surveillance to monitor and manage cyber
for the banks/FIs. threats.
A minimum baseline cyber security and resilience
Our presence on the internet though increases our efficiency
framework is given to be implemented by the banks.
but makes us vulnerable to cyber threats. Cyberspace is a
A Cyber Crisis Management Plan (CCMP) should be
complex environment which consists of interactions between
immediately evolved which should be a part of the
people, software and services, supported by worldwide
overall Board approved strategy.
distribution of Information and Communication Technology
(ICT) devices and networks. The Cyberspace is vulnerable to Banks should share information on cyber-security
a wide variety of incidents, whether intentional or incidents with RBI.
accidental, manmade or natural, and the data exchanged
Banks to bring Cyber-security awareness among
in the cyberspace can be exploited for nefarious purposes.
stakeholders / Top Management / Board.
Cyber-attacks that target the infrastructure of the Bank can
effectively reduce available resources and undermine the
Cyber Security Policy is applicable to all cyber facing
confidence of stakeholders in Bank's supporting structures.
Information and IT assets (networks, computers, Mobile
Devices, peripherals, databases, data centres, applications,
As per RBI, all the Banks to put in place a robust cyber- etc.)
security policy elucidating the strategy containing an
appropriate approach to combat cyber threats given the
The cyber-threat landscape has evolved from individual
level of complexity of business and acceptable levels of risk,
hackers to highly organized groups and advanced cyber
which shall be duly approved by their Board.
criminal syndicates. Cyber attacks now a days are more
targeted and sophisticated than ever before. New powerful
Further, RBI has also advised that Cyber Security Policy to
malware is capable of stealing confidential data and
be distinct from the broader IT policy / IS Security Policy of
disabling network infrastructure.
a bank. Few broad measures advised by RBI for the Banks
are:
Why Cyber Security frameworks for the
Banks to have a Board approved Cyber-Security Policy
which is distinct from the broader IT policy / IS Security Banks?
Policy of a bank. To protect information and information infrastructure
in internet/cyberspace, build capabilities to prevent and
Banks to establish cyber risks in real time through SOC
(Security Operations Centre) and make arrangement for respond to cyber threats, reduce vulnerabilities and
minimize damage from cyber incidents through a
combination of institutional structures, people,
processes, technology, and cooperation.
To safeguard the cyber facing Information
Infrastructure of the Bank various types of cyber threats
including, but not limited to Denial of Service (DoS),
Distributed Denial of Services (DDoS), ransomware /
cryptoware, destructive malware, business email frauds
including spam, phishing, etc.
To respond, resolve and recover from cyber incidents
and attacks through timely information sharing,
collaboration and action.
To establish a framework to enable a safe and vibrant
cyber space.
30 | 2022 | NOVEMBER | BANKING FINANCE
