Banks, financial institutions should safeguard banking security, says RBI

In view of the cybersecurity risk posed to the banking sector, RBI Executive Director Rohit Jain on Monday asked banks and financial institutions to adequately resource the banking security structure

Press Trust of India Bengaluru
Photo: Bloomberg

Photo: Bloomberg

In view of the cybersecurity risk posed to the banking sector, Reserve Bank of India Executive Director Rohit Jain on Monday asked banks and financial institutions to adequately resource the banking security structure.

He also underlined the need to be prepared for the potential impact of the emergence of cloud computing and Internet of Things (IoT) in banking.

The senior RBI official was delivering a keynote address during a panel discussion on cybersecurity in the run-up to the first G20 Finance Ministers and Central Bank Governors (FMCBG) meeting and Finance and Central Bank Deputies (FCBD) here in Bengaluru from February 22 to 25.

Security by design needs to be embedded as part of banking processes, and security controls should be conceived and implemented, he said.

"Keeping in view the emerging environment and the risks involved, the information security function should be adequately resourced in terms of number of staff, level of expertise, the usage of tools and techniques, as well as adequate investment in IT and ITES," Jain said.

The banks should continuously evaluate the threat profile of their critical information assets, conduct tests for vulnerabilities and ensure their resilience to cybersecurity risks, he added.

Also Read

Act now to bring down inflation, safeguard financial stability: IMF Chief

Amazon secures $8 bn in term loan to safeguard against economic headwinds

Keep BJP out of power to safeguard Constitution, says Sitaram Yechury

Nepal Prez refuses to ratify Citizenship Bill to 'safeguard constitution'

US House Jan 6 panel recommends steps to safeguard electoral integrity

Difference between rise in median MCLR, term deposits crosses 40 bps

Banks' net interest income soars by a record 25.5 pc in Q3: Analysis

BoM tops list of public sector lenders in loan growth, asset quality

Bankers highly optimistic about credit demand across sectors: RBI survey

RBI makes changes in NEFT, RTGS for daily reporting of foreign remittances

There should be due diligence conducted before onboarding new products and technologies. The Information Technology Enabled Services (ITES) security function needs to put in place processes to ensure all changes in applications and across technology stack together, Jain said.

"The emergence of cloud computing and its potential impact on the existing cybersecurity methods is another area which would need to be addressed. Growing adoption of zero-trust security models, which requires strict authentication and authorisation for all network exits is another area which is emerging," Jain pointed out.

According to him, the expansion of IoT too introduces new security challenges.

Jain appealed to the boards and senior management of the banks to take ownership of the emerging risk areas and periodically review the level and direction of cybersecurity risks.

Speaking about the new approaches with respect to assessing the cyber resilience capability of RBI's regulated entities, he said the central bank tried to do some phishing simulation exercises where it sends phishing mails to the banks to see how they handled them.

"Some of the results that we get (from phishing simulation exercises), based on that we question or advise the concerned entities of the need to strengthen the firewalls and build better awareness among their staff with respect to handling such mails," Jain said.

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Topics : RBI Banks

First Published: Feb 20 2023 | 6:30 PM IST

Explore News