Reserve Bank of India’s Guidelines on Cyber Security

Increasing Cyber threats & Security concerns

A rapid growth has been observed in the adoption of new security measures and transfers to the digital channels by Indian banks after 2010. It has always been a topic of debate that cybersecurity practices have never been kept in pace with the evolution/adoption of new technologies, because of which quantum of cyber-attacks is increasing every day. The cyber-attacks not only result in the huge financial losses but also erodes the brand value of any organization.

About 70% of India’s internet users make an online transaction on these websites. You can’t even estimate the number of transactions done per day. These transactions are not online limited to online shopping.

Raise of the bar in cyber threats ultimately made Reserve Bank of India (RBI) realize the need of holistic & integrated approach towards cybersecurity, resulting in which a circular from RBI inhibiting the guidelines on cybersecurity came into effect. Rest of the article will emphasize the key points defined in the circular for cybersecurity, which is why all Banks must organize a Cyber Security Drill regularly.

RBI Guidelines

Since compliance-centric approach of banks imposing a critical threat to the security.

RBI defined proper guidelines on measures of cybersecurity approach, a recent survey conducted by https.in

Of the top 10 PSU Bank SSL certificate, is evident that the RBI guidelines are followed.

• Cybersecurity operations center (SOC): RBI understands the need of a secured ecosystem which can ensure proactive information sharing and a flexible framework. Therefore, RBI guidelines clearly state the need for setting up a cybersecurity operations center. As per guidelines- focus on a secured ecosystem from top management and cyber-aware board is expected.
• Architect a strong governance: Any implementation to the cybersecurity requires approval/rejection from board/top level management.
• Circular clearly defines the necessity of board-level awareness and participation to make them sensitive about the current state of cybersecurity and its near future. It will make cybersecurity as important as investigating in business-enabling technologies.
• Securing client data & its usage in financial crimes: RBI has a very clear and strong emphasis on the data security of customers.
• The banks are required to adopt the highest possible preventive measures to secure customer’s data whether it is in motion or freeze state. Guidelines further focus on organizing such programmes where customers can make aware to reduce the incidents of attacks.
• Proactive reporting and collaboration: RBI have recognized the importance of collaboration between different financial institutions which would help them mutually and make them capable in responding to the attacks proactively and quickly.
• Infinite surveillance: A much important need for continuous surveillance and real-time analysis was required as it helps in taking actions faster when attacked from outside. New guidelines would require banks to implement a 24*7 real-time based surveillance.
• These measures not only reduce the impact of loss but also helps in deciding an effective measure to stop such incidences in the future.
• CCMP (Cyber Crisis Management Plan): The RBI circular calls for the establishment of a Cyber Crisis Management Plan to address the full lifecycle of detection, response, containment, and recovery.

Expected direction after following RBI Guidelines

Successful implementation of guidelines would help banks to protect customer’s data, banks would be able to report incidents proactively, continuous surveillance would arm the existing capabilities of cyber security which would eventually lead to an extended ecosystem, Also regularly organizing Cyber

Image Courtesy Google.