The Reserve Bank of India (RBI) has asked banks to put in place a cyber-security policy without delay. The policy will outline the approach to fight cyber threats, given the level of complications of business and acceptable levels of risk.
According to the RBI, the cyber security policy should be different from the broader IT policy or IS security policy so as to focus solely on the problems arising from cyber threats and find measures to deal with these risks.
Cyber attacks can occur anytime and cannot be anticipated, thus a SOC (Security Operations Centre) should be put up at the earliest. It is also necessary that this SOC constantly monitors and keeps itself updated on the nature of up-and-coming cyber threats.
According to the RBI, recent incidents have displayed the need to thoroughly re-evaluate network security in every bank. Moreover, the RBI has observed that many times links to networks/databases are allowed for a specific time period to facilitate some business or operational constraint. But, these links are not closed, thereby making the network/database defenceless to cyber-attacks.
The RBI also noted the need for banks’ board of directors and top management to be up-to-date on cyber-security related issues.