A renowned BFSI Cyber security and E-governance expert, having spent more than two decades in ICT & Cyber security in India, South East Asia and Middle East, GB Shaikh has been an active speaker in various Cyber security, E-governance forums and part of some national cyber security projects. He has recently designed & executed Banks Core banking security on SDN community Cloud for small to medium sized banks with Real time threat detection and Threat Response Automation on the fly to bring Zero Second Threat detection.

Prior to Digital Revaluation BFSI(Banking & Financial Sector Industry) vertical security confined to traditional security mechanism like physical security, Fire protection, Cash Transport security so on so forth. Post digital revolution, besides physical security of banks & financial institutions, Digital Security has occupied a prominent role and yet till early 90’s banks & financial institutions did not embrace Core Banking Automation in a big way, however with advent of World Wide Web and Brand band revolution, banks & financial institutions have exposed their customer facing applications like Internet Banking, which made banks & financial institutions at greater risk for below threats:

1. Financial Frauds
2. Phishing Attacks
3. DDOS threats for Applications
4. Malware Threats

BFSI sector neither had the best matured security practices nor was a comprehensive Regulatory Security compliance frame work in place. As the Digital revolution has hit every aspect of Human civilization, massive adoption of digital technologies by Banks and financial institutions in India and regulators like SEBI, RBI have drafted banks & financial Institutions Cyber security Frame work, Policies and guidelines inline with IT ACT 2000 enacted by Indian Parliament.

RBI infact took the lead role in putting an enforceable Cyber security policy as part of their Audit Compliance and New Financial institutions Licensing regime which resulted in mandatory adoption of cyber security practices in Banks and Allied financial institutions at a rapid pace. As technology innovation led to the paradigm shift from Internet Banking to Mobile banking which resulted in exponential risks to banks & financial institutions digital assets such as core banking applications etc, Mobile Banking brought its own set of threats as below:

• Mobile malware
• OTP Frauds
• Mobile Impersonation
• Mobile Application frauds

In view of the above technology disruptions led to opening up of unlimited threat vectors for hackers to create havoc in banking eco system, early 2000, RBI heavily adopted the security practices from ISO, ISACA etc standards and went on to audit the adherence to the same bi-annually. However Those Standards could not cope up with rapid changes in threat landscape and resulted in huge security Gaps in Banking
financial industry.

In order to atone the Security GAPS in banking industry brought the entire security practices under microscopic preview of Regulator in India. As a result of this, RBI appointed G. Gopalakrishna Committee in 2011 to come up with pragmatic Cyber security Guidelines for Banking and financial Industry which later become the cyber security Bible for Indian Banking & Financial industry. GopalaKrishna Committee recommendations have brought stringent Technology, IT Security Governance, Security compliance regime which brought about a sea-change the way regulator used to look at Banks & financial institutions security compliances. Infract Empowered with GopalaKrishna Committee Cyber security guidelines, RBI started examining the Banks & financial institutions Cyber security practices & measures with microscope.

Indian Banks & financial institutions will have to follow below mentioned broader security practices:
1. Banks should have Board approved cyber security Policy and communicated to RBI’s Cyber Security and Information Technology Examination (CSITE) Cell.
2. Cyber Security Policy to be distinct from the broader IT policy / IS Security Policy of a bank.
3. Arrangement for continuous surveillance & Banks should proactively initiate the process of setting up of and operationalizing a Security Operations Centre (SOC) to monitor and manage cyber risks in real time.
4. IT architecture should be conducive to security.
5. Comprehensively address network and database security.
6. Ensuring Protection of customer information particularly personally Identifiable information.
7. Develop & Operationalize Cyber Crisis Management Plan to effectively handle Incident response.
8. Development Cyber security preparedness indicators to measure the cyber security preparedness progress periodically.

9. Sharing of information on cyber-security incidents with RBI.

NextPage >>