Indian
Cyber Security has been ignored for many years by the previous
Governments making Indian computer systems and critical
infrastructures vulnerable to sophisticated cyber attacks. One of the
critical infrastructures is banking sector of India that has
miserable cyber security infrastructure. The Cyber
Security Trends and Developments in India (PDF) have proved this
point very well.
We have no dedicated cyber
security laws in India and this is creating numerous troubles for
various stakeholders. The banking sector of India is also neglecting
cyber security in the absence of stern and effective cyber security
regulatory norms in India. Some basic level guidelines and
recommendations have been issued by Reserve Bank of India (RBI) but
they are far from satisfactory and being effective. These include
Internet
banking guidelines, formation of a RBI
Working Group on Information Security, Electronic Banking,
Technology Risk Management and Cyber Frauds, RBI Recommendation on
Information
Security and its implementation in India, etc.
RBI has also mandated establishment of Steering
Committees on Information Security by Banks in India and
appointment
of Chief Information Officers (CIOs) for all banks in India.
However, banks in India have failed to comply with the
directions of RBI so far and even RBI has allowed them to take this
liberty. In effect, this means that there is neither a legal
framework nor any compulsion to ensure cyber security of banks in
India. Naturally, the online banking system of India is not
at all cyber secure and banks in India are not following cyber
security due diligence and cyber
law due diligence (PDF) at all.
Sophisticated malware are targeting banking industry around the
world. For instance, Malware Dump Memory Grabber has been targeting
Indian banks and POS Terminals. Similarly, the Gameover
Zeus or GOZ botnet is also capable of stealing sensitive banking
and financial information and details. Recently, the US Justice
Department even charged
a Russian national for creation of Gameover Zeus (GOZ) Botnet.
India is considering wide scale adoption of mobile banking,
Internet banking and other online banking and financial transactions
methods. However, India has not considered the issues of mobile
banking cyber security, internet
banking cyber security, legal
aspects of Internet banking, cyber
security of e-governance services, etc.
There is no doubt that Indian online
banking transactions are vulnerable to cyber attacks. The
cyber security for banking and financial sectors of India must be
ensured
as soon as possible. Online payment market of India and e-commerce
and online business legal compliances have further
increased the requirements of banking cyber security in India.
Similarly, cyber due diligence for Paypal
and online payment transferors of India must also be ensured by
these stakeholders. The sooner this is done the better it would be
for the larger interest of banking sector of India.