RBI Plans to Ex­tend Cy­ber Au­dit to all Banks

The Economic Times - - Finance & Commodities - Times­group.com


Mumbai: The Re­serve Bank of In­dia is plan­ning to con­duct a cy­ber-au­dit of all banks in the coun­try in­stead of just a few big­ger banks as it did in the past, a pol­icy shift that comes in the wake of an in­crease in cy­ber­at­tacks. The banks which do not have se­cu­rity mea­sures in place as per the RBI stan­dards will be given time to com­ply, fail­ing which the reg­u­la­tor may ini­ti­ate ac­tion, of­fi­cials said.

“We had cre­ated a cy­ber-cell un­der the depart­ment of bank­ing su­per­vi­sion and con­ducted a sep­a­rate IT au­dit of three banks,” an RBI of­fi­cial told ET. “Last year, we in­creased it to 30 banks and this year we are c o ve r i n g e a c h bank for sep­a­rate cy­ber­se­cu­rity and IT au­dit.” RBI is also ex­pected to do a gap anal­y­sis on the ba­sis of the re­ports and ask banks to bridge the gaps. Since last year, the RBI has been car­ry­ing out IT ex­am­i­na­tion of banks sep­a­rately from the reg­u­lar fi­nan­cial ex­am­i­na­tion of banks. Ear­lier, it used to con­duct ran­dom cy­ber au­dits on banks and is­sue re­ports to them for re­me­dial ac­tion.

In 2015-16, as per the RBI data, nearly 16,468 cases re­lated to cy­ber fraud were re­ported, in­clud­ing debit card, credit card and net bank­ing breaches. The num­ber was higher than 13,083 in the pre­vi­ous year, and 9,500 in the year be­fore that. As per the In­dian Com­puter Emer­gency Re­sponse Team (CERT-In) In­dia wit­nessed more than 27,000 cy­ber­se­cu­rity threat in­ci­dents in the first half of 2017. Threats re­ported in­clude phish­ing at­tacks, web­site in­tru­sions and de­face­ments or dam­ages to data as well as ran­somware at­tacks. In 2016, nearly 50,362 in­ci­dents re­lated to cy­ber­se­cu­rity were re­ported while the num­ber was 49,455 in 2015 and 44,679 in 2014. “The cy­ber­se­cu­rity frame­work re­quires banks to re­port any breach within two-three hours even if there is a sus­pi­cious breach,” the of­fi­cial cited above said. “At na­tional level there is CERT-in and now there will also be a Fin-CERT, which will deal with fi­nan­cial sec­tor breaches, and the ini­tial pilot of Fin-CERT will hap­pen from RBI.”

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.