RBI Cyber Security Framework
The ever-changing digital payment landscape has caused customary banks and budgetary establishments to embrace the most recent advances to improve client experience and lessen operational use. These have expanded the attack surface of the bank, requiring the requirement for ceaseless security from advanced cyber threats.
- Continuous Surveillance and Risk Analytics
IT managers and the decision makers don’t have a perspective view of the constantly changing security posture of the bank; on account of the number of siloed security products.
- Vulnerable Endpoints and Critical Assets
Banks have countless inheritance and unpatched frameworks making them powerless against malware/ransomware assaults.
- Proactive Security
Banks are encouraged to embrace proactive cybersecurity measures – a move from the current responsive techniques to shield basic resources from obscure and refined dangers like zero-day malware, progressed tenacious dangers and assaults that are not classified in the anti-virus/anti-malware signature definitions.
Utilization of Information Technology by banks has developed quickly and is presently a significant piece of the operational strategy of banks. The number, frequency and effect of cyber incidents/attacks have expanded complex in the ongoing past, more so on account of money related segment including banks.
Hence there is a critical need to set up a robust cyber security/resilience framework at UCBs to guarantee satisfactory security of their assets on a continuous basis. It has become the fundamental to update the security of the UCBs from cyber threats by improving the present defences in addressing cyber risks.
All UCBs should promptly set up a Cyber Security policy, properly affirmed by their Board/Administrator, giving a framework and the strategy containing an approach to deal with cyber threats relying on the level of complexity of business and levels of hazards.
The Cyber Security Policy ought to be distinct from the IT/IS policy of the UCB with the goal that it features the cyber threats and the measures to address/minimize them. While evaluating the inherent risks, UCBs should keep in view the technologies received, delivering channels, digital products being offered, internal and external dangers and so on., and rate each of these risks as Low, Medium, High and Very High.
The IT architecture/framework which includes network, server, database and application, end client systems, and so forth., should deal with safety measures consistently and this must be assessed by the Board or IT Sub-advisory of the Board periodically.
A Government of India association, CERT-In (Computer Emergency Response Team – India, a Government element) has been taking significant activities in reinforcing Cyber Security by giving proactive services and guidelines, threat intelligence and assessment of preparedness of different divisions in various segments, including the financial areas.
UCBs, as proprietors of customer delicate data, should take suitable steps in saving the Confidentiality, Integrity and Availability of the equivalent, regardless of whether the information is stored/in transit inside themselves or with the outsider vendors; the classification of such custodial information should not be undermined in any circumstance.