Reserve Bank of India (RBI) has been taking many pro
active steps to strengthen cyber security for banking sector of
India. Despite its best intentions, cyber security in banks is still
a distant dream. Banks in India are too slow to adopt and use cyber
security mechanisms for banking related business.
Whether it is phishing or social engineering, bank
customers are continuously loosing money to cyber fraudsters. There
is an urgent need on the part of Indian Government and RBI to spread
information and awareness about cyber
law and cyber
security among various stakeholders.
India is treading on the digital highway and very
soon most of the public services would be delivered through use of
information and communication technologies (ICT). This is clear from
the enthusiastic implementation of Digital India project that needs
some fine tuning
to get the best results. Nevertheless there is no escape from the
reality that Digital India would be the face of Indian economy and
culture very soon.
With this increased and omnipresent digital culture,
cyber crimes and cyber security breaches would be the norm in future.
This is the reason why the Delhi Police has decided to launch a
mobile application that would help in filing of online
FIR for economic frauds and cyber crimes. Now the RBI has also
showed its commitment to fight against cyber crimes and financial
frauds by declaring that an information technology driven subsidiary
would be established by it to deal with cyber nuisances.
This IT subsidiary of RBI would also deal with cyber security and
related issues with a special focus upon banking related technology
issues. The IT subsidiary of RBI would also evaluate the technical
capabilities of banks that is almost missing as on date.
We at Perry4Law
Organisation (P4LO) welcome this move of RBI and extend our full
techno legal support and expertise in this regard. As per the cyber
security trends of India 2015 by P4LO cyber security related
issues must be taken care of by various stakeholders including banks
in India. Although RBI has announced many effective cyber security
related initiatives for banks in India yet cyber
security for banks in India is still not in good shape. Some of
the initiatives already undertaken by RBI in this direction include
formulation and implementation of Internet
banking guidelines, formation of a RBI
Working Group on Information Security, Electronic Banking,
Technology Risk Management and Cyber Frauds, RBI Recommendation on
Information
Security and its implementation in India, etc.
RBI has also prescribed establishment of Steering
Committees on Information Security by Banks in India and
appointment
of Chief Information Officers (CIOs) for all banks in India.
However, banks in India have failed to comply with the
directions of RBI so far. As on date there is neither a legal
framework nor any compulsion to ensure cyber security of banks in
India. This gives little incentive to the banks to ensure cyber
security of online banking system of India. On top of it, banks in
India are not following cyber
security due diligence and cyber
law due diligence (PDF) despite RBI’s directions.
If we take the example of western countries,
sophisticated malware are targeting banks of these countries. These
countries are heavily relying upon ICT for their functioning and this
makes them vulnerable to cyber crimes and cyber attacks. India has
not faced this heat so far because till now India did not adopt
technology to that extent. However, after the adoption of Digital
India, cyber security and cyber crimes investigation would become
major issues for not only the law enforcement agencies but also banks
of India. RBI seems to be aware of this reality and has taken a good
step by deciding to establish an IT subsidiary that would take care
of all these issues. However, we at P4LO believe that this IT
subsidiary of RBI should not be a mere paper tiger but must actually
work towards establishing a robust and resilient cyber security
environment for banks of India.
Sophisticated botnet and malware like Dump Memory
Grabber has been targeting
Indian banks and POS Terminals. Similarly, the Gameover
Zeus or GOZ botnet is also capable of stealing sensitive banking
and financial information and details. Recently, the US Justice
Department even charged a
Russian national for creation of Gameover Zeus (GOZ) Botnet.
In these circumstances we must consider the proposal
of India to adopt and use mobile banking, Internet banking and other
online banking and financial transactions methods. So far India and
RBI has not considered the issues of mobile
banking cyber security, internet
banking cyber security, legal
aspects of Internet banking, cyber
security of e-governance services, etc. In these circumstances,
Indian online
banking transactions are vulnerable to cyber attacks.
The cyber security for banking and financial sectors
of India must be ensured
as soon as possible. Online payment market of India and e-commerce
and online business legal compliances have further
increased the requirements of banking cyber security in India.
Similarly, cyber due diligence for Paypal
and online payment transferors of India must also be ensured by
these stakeholders. These are some of the suggestions that P4LO has
shared with Indian Government and RBI through this platform. More
detailed suggestions would also be shared by P4LO at appropriate
stage and platform.
No comments:
Post a Comment
Please see https://cybersecurityofindia.blogspot.com/p/advertise.html for advertisement procedure.
Note: Only a member of this blog may post a comment.