Banks May Not Be Reporting Cyber Attacks, According To The Reserve Bank

03/06/2016 6:30 PM IST | Updated 15/07/2016 8:27 AM IST
NEW! HIGHLIGHT AND SHARE
Highlight text to share via Facebook and Twitter
ASSOCIATED PRESS
In this picture taken on March 5, 2015, a map of the United States displayed on a computer screen shows cyber attacks in real time at the headquarters of Bitdefender, a leading Romanian cyber security company, in Bucharest, Romania. Romania, the eastern European country, known more for economic disarray than technological prowess, has become one of the leading nations in Europe in the fight against hacking. The reason: the country’s own battle against Internet renegades and a legacy of computing excellence stemming from Communist dictator Nicolae Ceausescu’s regime. (AP Photo/Octav Ganea, Mediafax) ROMANIA OUT

Banks have been “hesitant” to share incidents of cyber attacks and need to promptly report all cyber attacks, the Reserve Bank of India (RBI) has said.

According to an RBI note, the number, frequency and impact of cyber attacks have increased “manifold” recently in the financial sector, especially at banks.

RBI has asked banks to urgently roll out cyber security policies. The decision comes in the wake of a spate of recent high profile cyber attacks that targeted the global money transfer network Swift, resulting in thefts of millions of dollars from banks in Bangladesh, Vietnam and Ecuador.

Banking services are rapidly moving to smartphones and digital devices leaving many banks vulnerable to such attacks. RBI has asked banks to urgently boost their current security measures and put in place formal cyber security frameworks to defend against any disruptions and attacks. According to the RBI note, banks should immediately:

1) Introduce cyber security policies that are distinct from their broader IT policies.

2) All banks must set up an SOC (Security Operations Centre), whose job would be to constantly monitor emerging cyber threats.

3) They should ensure their IT architecture is designed to facilitate the necessary security measures.

4) Ensure customer privacy: All banks must immediately strengthen their networks and databases to ensure customer confidentiality and private information is not compromised regardless whether the banks use a third party.

5) They must also adopt a cyber crisis management plan to address various forms of electronic financial fraud such as malware, spam, e-mail phishing, spear phishing, whaling, vishing frauds, and identity frauds.

6) They must come up with cyber security preparedness indicators to regularly assess the level of cyber risk and preparedness.

Banks have until the end of July to report their cyber security measures and any identified gaps to the Department of Banking Supervision.

Like Us On Facebook |
Follow Us On Twitter |
Contact HuffPost India

Also see on HuffPost:

7 Tips for Managing Work Stress When You Get Home

More On This Topic