The Reserve Bank of India (RBI) has asked some banks to brace for heightened threats of cyber attacks and beef up their security to mitigate such risks, according to industry sources.
The RBI alert follows the latest round of Cyber Security and Information Technology Examination (CSITE) by the central bank. The RBI has also provided action points wherever the inspection spotted deficiencies.
The CSITE helps the RBI assess various capabilities of banks, including disaster management readiness, internet and mobile banking platform capabilities, and fraud detection efficiency. The inspection team looks deep into the IT systems of all lenders, identify grey areas and issue action points.
The CSITE is different from the regular annual risk assessment inspection conducted by the central bank. This independent review of cyber security framework began a few years ago as part of its stepped-up vigil.
“The RBI conducts a separate inspection to identify deficiencies in the cyber security capabilities of banks. This time, they met us and have given a list of action points where deficiencies need to be addressed,” said one of the bankers quoted above.
An email sent to the RBI seeking its response on the inspection findings and current assessment remained unanswered till the time of filing this copy.
RBI sounds alarm
On February 9, RBI Deputy Governor T Rabi Sankar had said that the banking sector needs to be prepared for new cyber security risks. "We need to think of customer convenience and other things and we need to provide services," he said at the 19th Banking Technology Conference in Mumbai.
Sankar highlighted that banks may have to completely rebuild their encrypted systems to identify and mitigate the risks of artificial intelligence (AI) abuse. "We also need to understand the problems with AI. And the ability to crunch huge data in a short time, you would have to completely rebuild your encrypted system."
In November last year, the finance ministry had asked state-run banks to review their systems and processes related to their digital operations after the UCO Bank fiasco. According to the sources, the banks have been advised to check their cybersecurity robustness and take measures to strengthen them. The Finance Ministry and RBI have been sensitising banks on this aspect at regular intervals as digitisation accelerates in the financial sector.
Cyber security risks on the rise
The RBI’s caution comes from a spurt in cyber security breaches in the banking system in the recent years. According to a government response in Parliament, India’s banks had reported 248 successful data breaches by hackers and miscreants between June 2018 and March 2022, most of which pertain to card details leakage and theft of business and non-business information. There have been continuing instances of cyber security issues in the following period as well.
Out of the 248 data breaches, 41 were reported by public sector banks, 205 by their private peers, while foreign banks reported two cases. As part of the caution, the RBI has directed banks to strengthen IT risk governance framework which mandates active role of their chief information security officer, besides involvement of the Board and IT committee in ensuring compliance with the required standards.
Kolkata-based UCO Bank had last year reported erroneous credit of Rs 820 crore to account holders of the bank through Immediate Payment Service (IMPS). During November 10-13, the bank had observed, due to technical issues in IMPS, certain transactions initiated by holders of other banks have resulted in credit to the account holders in UCO Bank without actual receipt of money from these banks. The bank blocked the recipients’ accounts and has been able to recover Rs 649 crore out of Rs 820 crore, which is about 79 percent of the amount.
To counter the cyber security risks, the RBI has a separate framework on Cyber Security Framework for Scheduled Commercial Banks (SCBs), whereby the lenders are required to implement cybersecurity and IT controls, among other things, for prevention of data leakage from its systems.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
