Market infrastructure institutions (MIIs), such as stock exchanges, clearing corporations and depositories, have been asked to maintain regularly updated “gold images” of critical systems if they need to be rebuilt and to engage with Dark Web monitoring services to check for any brand abuse or data leak, according to the guidelines released by the Securities and Exchange Board of India (SEBI) on August 29.
In a circular titled “Guidelines for MIIs regarding Cyber security and Cyber resilience”, Sebi stated maintaining these “gold images” entails having image “templates” “that include a preconfigured operating system (OS) and associated software applications that can be quickly deployed to rebuild a system, such as a virtual machine or server”.
Also read: SEBI’s proposed fee collection portal for advisors evokes mixed response
The guidelines have been released because of the increasing interdependency in the market. “With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase. Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII’s owned or controlled systems, networks and assets,” said the circular.
The other guidelines among the total of 28 include maintaining offline, encrypted backups of data and regularly testing these backups on a quarterly basis to ensure confidentiality, integrity and availability; exploring the possibility of retaining spare hardware in an isolated environment to rebuild systems in the event starting MII’s operations from both Primary Data Centre (PDC) and Disaster Recovery Site (DRS) are not feasible; and undertaking regular business continuity drills to check the readiness of the organization and effectiveness of existing security controls at the ground level to deal with the ransomware attacks.
On domain controllers (DCs), which is a server that is used to authenticate users to allow access, the circular said that DCs are often used by “threat actors” as a “staging point to spread ransomware network-wide”.
Therefore, to secure these controllers, MIIs should ensure that DCs are patched as and when patch is released and it must be reviewed on a quarterly basis; MIIs should ensure that no unnecessary software is installed on DCs, as these can be leveraged to run arbitrary code on the system; MIIs should ensure that access to DCs should be restricted to the administrators group and the users within this group should be given different stages of access; MIIs should ensure that DC host firewalls are configured to prevent direct internet access; and MIIs should undertake the penetration testing activity (internal and external) for known Active Directory Domain Controller abuse attacks. Weaknesses should be remediated on topmost priority.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
