Banks have been “hesitant” to share incidents of cyber attacks and need to promptly report all cyber attacks, the Reserve Bank of India (RBI) has said.
According to an RBI note, the number, frequency and impact of cyber attacks have increased “manifold” recently in the financial sector, especially at banks.
RBI has asked banks to urgently roll out cyber security policies. The decision comes in the wake of a spate of recent high profile cyber attacks that targeted the global money transfer network Swift, resulting in thefts of millions of dollars from banks in Bangladesh, Vietnam and Ecuador.
Banking services are rapidly moving to smartphones and digital devices leaving many banks vulnerable to such attacks. RBI has asked banks to urgently boost their current security measures and put in place formal cyber security frameworks to defend against any disruptions and attacks. According to the RBI note, banks should immediately:
1) Introduce cyber security policies that are distinct from their broader IT policies.
2) All banks must set up an SOC (Security Operations Centre), whose job would be to constantly monitor emerging cyber threats.
3) They should ensure their IT architecture is designed to facilitate the necessary security measures.
4) Ensure customer privacy: All banks must immediately strengthen their networks and databases to ensure customer confidentiality and private information is not compromised regardless whether the banks use a third party.
5) They must also adopt a cyber crisis management plan to address various forms of electronic financial fraud such as malware, spam, e-mail phishing, spear phishing, whaling, vishing frauds, and identity frauds.
6) They must come up with cyber security preparedness indicators to regularly assess the level of cyber risk and preparedness.
Banks have until the end of July to report their cyber security measures and any identified gaps to the Department of Banking Supervision.
Also see on HuffPost: