RBI's Deputy Governor's 5 Commandments of Cyber Security
Experts say, that if a third world war were to happen, it would be bloodless and completely cyber. The online world is more active, than the offline one, which means, so is the information online.
We are at a critical phase in the world today, which is characterized by rapid advances in the use of information technology, where the misuse of the facilities result in erosion of public confidence and major financial losses. Be it in business of financial sector or government or outsourced sectors, information technology is used in every sphere of life. Notice it or not, but an activity as small as switching the light on or off is today executed by the use of information technology.
Addressing the need to protect this world that we have created online, Deputy Governor of RBI, R. Gandhi talked about targeted attacks in the cyber space at the 9th Annual Cyber Security Summit that concluded recently. He said, "Network devices are now the new concepts, while internet and mobile computing have made life easier, it comes with the impending risk lying among cyber security. The financial system, which is at the centre of economic activity, is an easy target not only because it is one of the largest users of information technology, but also because financial crime is an easy access to money. This also makes it important that cyber security is given its due place.
Recent developments in banking in the payment gateway system have resulted to an enhanced experiences and flexibility in terms of timing, location and other details. These, however, expose the customers, as well as the bank, to cyber attacks. While the banks have better resources in terms of disaster management and the ability to absorb the losses, the customers may not be that privileged. They also lack the resources to distinguish a genuine bank caller from a fraud, thus end-up losing a lot.
Gandhi shares that these cyber criminals have different faces. There are organized criminals, who are looking to attack the institution(s) due to cyber added funds. And then there are those who steal confidential data and not money, which may also include customer related information. Therefore, it becomes mandatory to make cyber security a priority and for that Gandhi explained 5 commandments for startups, banks and all businesses that can help them their online assets.
Thou shall know your customer
All must be aware of the requirements relating to knowing your customer (KYC). Suffice to say, it is essential to know about the customer in detail or the owner shall face consequences, which would be negative for our business objectives.
Thou shall know your employee
Most of the cyber frauds in the past have shown the tendency of an insider, notably an employee of the targeted organization, having a role in it; direct or indirect! There is an abject need for an organization to not only perform a security check of its employees at the time of recruitment, but continuously monitor their behavior, trends in operations, use of organizational resources and interaction with peers and subordinates. Today, IT tools provide a lot of information on employee behavior and pattern. It is very essential that an organization gives adequate importance to these aspects.
Thou shall keep your IT systems up to date and free of all risky components…
…such as viruses, spams, malwares, spoofing etc. Today there are centralized IT system facilities, which can ensure that the updates are implemented centrally and also monitored continuously with good effect.
Thou shall provide for maximum IT governance
The broad requirement in this area relates to the need for ensuring good IT practices, such as, Maker and Checker for financial transaction processing and the 4-Eyes principle for the IT based operations. Also, regular monitoring of systems and operational logs, conducting regular and periodically well-defined IT system audit, followed by suitable actions and a distinctively inexpensive security office that would continuously monitor the quality of IT systems, will prove to be effective measures that can help in long run.
Thou shall ensure continuous cyber security awareness
The world of cyber space is changing very fast and what is current now, can become obsolete the very next day. If continuous cyber security is to be ensured, then continuous process of awareness building, education, reinforcement, test and trials and more predictions are a must.