Despite high internet usage and smartphone penetration, India has lagged behind in implementing cybersecurity best practices. This includes the security of websites and government databases. The negative effects of this has been held off by the lack of intent for individuals to exploit the weaknesses.
However, the field is quickly changing, with India becoming one of the fastest growing markets for cybersecurity and cybersecurity projects. This also comes at a time of heightened attention on cybersecurity globally, with G7 countries addressing it head-on.
Keeping this in mind, the Indian government has increased focus on cybersecurity, especially in the financial sector. Most prominent of this is the infamous data localization norms enforced by the Reserve Bank of India. More benign measures are also being undertaken, such as conducting drills on banks for cybersecurity awareness.
Cybersecurity Drills On Banks
Indian banks are witnessing a higher incidence of digital frauds in a rising age of online payments. This also puts the responsibility in the hands of the banks, forcing them to step up their game and protect their funds.
The Institute for Development and Research in Banking Technology (IDRBT) has been integral in providing banks with the tools they need for the next evolution in cyber-banking. Set up in 2013, this Centre for Excellence in Cybersecurity related tasks provides banks with cybersecurity services such as digital forensics, tools, expertise and more.
This institute is an arm of RBI, and is currently working on what they refer to as a “mission mode”. This initiative is set to give banks a crash course on how to deal with malware in their system.
A representative from the institute stated that banks were ‘participating in big numbers’ for this exercise. The exercise involves bank systems being infected by a malicious software created by the IDRBT. The virus is engineered in such a way as to not create any disruption in normal payment flows.
The purpose of this exercise is to check the alertness of banks when it comes to such circumstances. In case any malware is accidentally introduced to a bank’s network, it is important to identify the virus before it causes harm or further access to critical systems.
A Global Focus On Cybersecurity
The G7 recently published a report on the financial elements of cybersecurity for companies operating in BFSI sector. Recognizing the sensitive nature of the data in financial players, the report was meant to increase attention on various cyber risks and how to protect against them.
Apart from mentioning how to set up a basic cybersecurity strategy and framework, the report also spoke about governance of such systems. In addition to this, risk and control assessment, monitoring, recovery and response were also elaborated upon.
This move is indicative of a growing concern among the world’s most developed countries. Owing to the wide prevalence of cyber-attacks on governmental and financial institutions worldwide, security needs to be tight at every step.
India, being one of the extended members of the G7 in the form of the G8+5, has also increased its focus on the field. While the RBI has been advocating a more protectionist stance for cybersecurity awareness for a few years now, changes are now being implemented.
Cybersecurity Policy For An Evolving Nation
The NDA government has long been placing a priority on digital payments, opening up multiple avenues of attack for hackers and the like. With the rise of connected technologies such as UPI, it is now more important than ever before to enforce a strict framework for cybersecurity in the country.
The RBI recommends that banks and other financial institutions must primarily identify the risks in their existing frameworks before making the next move. In addition to this, other factors such as board oversight, policies, processes and more must be adopted for use in the digital age.
The circular also stressed upon the importance of cybersecurity and cyber-risk frameworks. Moreover, it was also mentioned that banks maintain continuous surveillance of both online and offline access to bank systems.
Vulnerabilities must also be tested on a regular basis to ensure that there is no way for attackers to access the system without authorization.
This move came in 2016 after over 30 cyber attacks were reported on Indian financial institutions in the past few years. There was also an attack on a bank known as Cosmos Bank which caused the loss of $13.5 million from the bank accounts.
The shifting attitude towards cybersecurity is sure to beef up the efforts of the government to prevent similar events from occurring. Cybersecurity remains one of the biggest priorities for the country at a time when India is also making a push towards a cashless economy, underpinned by a high number of online transactions.
