The Reserve Bank of India has again flagged cyber risks faced by banks and said it would continue to do surprise drills and inspections to ensure that they have systems in place to deal with any threats to payment systems and network security. 

RBI has been performing focused IT examinations of the banks to evaluate their cyber risk management systems and procedures,” the regulator said in its latest edition of the financial stability report. “While the assessment is factored in the overall risk profile of a bank under risk-based supervision, certain specific areas like payment systems and network security are proposed to be subjected to more intensive scrutiny during the year.”

Following an increase in cyber attacks, the RBI earlier this year decided to expand the scope of its cyber audits to all banks against just 30 last year. The regulator does a gap analysis on the basis of the audit reports and asks banks to bridge any gaps in actual and desired performance. The banks which do not have security measures in place as per the RBI’s standards get some time to comply with those. But if they again failed to meet the standards, the regulator could initiate action against.

In February, the RBI set up an inter-disciplinary standing committee to review the threats inherent in the existing and emerging technologies on an ongoing basis, and suggest policy interventions to strengthen cyber security and resilience.

As per the Indian Computer Emergency Response Team (CERT-In), India witnessed more than 27,000 cyber-security threat incidents in the first half of 2017. These include phishing attacks, website intrusions and defacement or damage to data as well as ransomware attacks. In 2016, 50,362 incidents related to cyber security were reported while the number was 49,455 in 2015 and 44,679 in 2014.

Source : Economic Times India