With increasing incidence of digital frauds and malware attacks in financial transactions, banks are now queuing up for cyber drills to check their preparedness to tackle such problems.
“There has been a perceptible increase in interest among banks to undergo mock cyber drills,” AS Ramasastry, Director, Institute for Development and Research in Banking Technology (IDRBT), an arm of the Reserve Bank of India, told Business Line.
The Hyderabad-based institute is now working on a ‘mission mode’ on various fronts of cyber security, and is conducting mock drills for banks on request.
“Banks are participating in big numbers in this exercise,” he said.
Though the individual details of participating banks cannot be shared for obvious reasons, the drills are being conducted almost every quarter in synchronisation with the Chief Information Security Officers’ Forum of banks.
As part of the drill, an apex tech team of IDRBT will ‘infest’ a bank’s platform with a specially designed malware to see its response, by ensuring that this will not hamper regular financial transactions in any manner.
“The idea is not to test them for any regulatory purpose, but to caution them on their alertness,” said Ramasastry.
The RBI has also been focussing on ensuring better preparedness on the part of banks to tackle cyber threats. It has asked banks to put in place a board-approved cyber security policy in its guidelines in 2016 itself. Last year, it also issued a separate cyber security framework for Urban Co-operative Banks.
Post-demonetisation, there has been a phenomenal push towards digital mode of payment across the country. While increasing adoption of digital payment technology would bring in several benefits to the economy, we need to be conscious of the security aspects as well, according to the RBI. In the last two years, it has also been taking up a detailed IT examination of almost all banks.
It is in this context that IDRBT, as a tech-driven arm of RBI, has been focussing on cyber security aspects.
G-7 countries recently came out with ‘Fundamental Elements of Cyber Security for the Financial Sector’, which covers cybersecurity strategy and framework, governance, risk and control assessment, monitoring, response, recovery and information sharing, among others.
The Bank of England (BoE) has implemented CBEST, a new framework for testing cyber security vulnerabilities, particularly in respect of core financial sector entities.
Hong Kong Monetary Authority has announced the launch of Cybersecurity Fortification Initiative (CFI), a comprehensive initiative that aimsto raise the cybersecurity of banks.
Source: The Hindu