Synopsis: The Reserve Bank of India (RBI) has issued an advisory to banks nationwide, urging them to enhance their cybersecurity measures in response to credible intelligence reports of potential cyberattacks. Banks are instructed to increase surveillance, monitor critical payment systems like SWIFT, RTGS, NEFT, and UPI, and strengthen defences against threats such as DDoS attacks.
Banks have been instructed to enhance their surveillance to protect against cyber threats, monitor critical payment systems, and strengthen defences against DDoS attacks.
Banks on high alert!! The Reserve Bank of India (RBI) has warned banks nationwide to stay vigilant against potential cyberattacks following credible intelligence reports.
Banks must now actively monitor their systems 24/7 to detect any threats.
In an advisory issued on June 24, the RBI stated, "In light of credible threat intelligence received regarding potential cyberattacks, regulated entities are advised to implement enhanced surveillance and resilience capabilities to guard against these threats."
According to an ET report, the RBI's communication came before a social media post suggested that LulzSec, a group notorious for several high-profile attacks, was targeting Indian banks.
Previously thought to be inactive, the group has reportedly resurfaced.
Banks are required to continuously monitor network activities and server logs to identify any malicious intrusions.
Additionally, they must keep a close watch on critical payment systems, including SWIFT (the messaging system for international fund transfers), card networks (facilitating card payments), and domestic real-time fund transfer frameworks such as RTGS, NEFT, and UPI.
The RBI has reminded banks to implement standard controls to safeguard against threats such as DDoS (distributed denial of service) attacks.
These attacks involve hackers launching a coordinated assault on a bank's systems, overwhelming them with a flood of queries that hinder the processing of legitimate customer requests and transactions on the website and online services.
Besides DDoS protection, banks must impose restrictions on remote logins and access to critical systems.
They must also conduct thorough scans of all information systems to detect viruses and malware and ensure that the latest patches are installed after necessary testing.
The RBI's recent Financial Stability Report highlights the alarming rise in cyber intrusions and digital attacks targeting the financial sector.
Over the past two decades, these incidents have resulted in staggering losses amounting to $20 billion.
The central bank has noted that cyberattacks tend to increase during times of political and economic instability, such as geopolitical tensions, leading to disruptive consequences.
An industry official told the financial daily, "About a year ago, a similar communication was issued by the regulator and CERT-In (the Computer Emergency Response Team under the ministry of electronics). Typically, when there is some hint of a possible cyberattack, banks simultaneously test the efficacy of their continuity and contingency plans. It's the same this time."
The regulatory communication emphasizes the importance of banks having robust offline backup and recovery strategies in place and testing their effectiveness.
The official further stated, "Given the numerous instances of attacks, some of which may go unreported, authorities and institutions can't take intelligence input lightly."
In conclusion, the RBI has issued a strong warning to banks across India to heighten their cybersecurity measures in response to credible intelligence about potential cyberattacks.
Banks are required to enhance their surveillance, monitor critical payment systems, and strengthen defences against threats like DDoS attacks.
This advisory underscores the increasing threat of cyber intrusions, especially during times of political and economic instability.
The RBI's call for rigorous system monitoring, robust backup strategies, and effective contingency plans highlights the urgent need for banks to remain vigilant and proactive in safeguarding against cyber threats.
