In the new era of new technology it’s essential to jave the best security for the data loss. The first place to have the best cyber security framework is in the banks. Information technology (IT) is now part of bank’s operational strategies, essential for both them and their customers. In June 2016, the Reserve Bank of India (RBI) sent to CEOs of Indian banks an important circular, the Cyber Security Framework in Banks.
Sean Duca Vice President and Regional Chief Security Officer, Asia-Pacific, Palo Alto Networks and Danielle Kriz, Senior Director of Global Policy, Palo Alto Networks pointed out the 3 important Takeaways from it. In the article they mentioned that according to documents banks have an urgent need to put in place a robust cybersecurity/resilience framework and ensure adequate cybersecurity preparedness on a continual basis. Issuing cybersecurity guidance is not new for RBI, which issued a similar document in 2011.
The RBI guidance consists of the overall/introductory framework and guidance and three annexes:
1) An indicative set of baseline cyber security and resilience requirements.
2) Information on setting up and operationalising a cyber security operation centre (C-SOC).
3) A template for reporting cyber incidents to the RBI.
Today’s digital way of life puts immense pressure on the financial services industry. Individuals, institutions and governments demand an unprecedented level of access to their financial assets and information. Clients must trust that their financial assets and information are safe yet also readily available. This trust is best built and maintained with a breach prevention-based mindset for cybersecurity.
First, the guidance instructs banks to involve their boards of directors and other senior management in cybersecurity. Boards must approve their banks’ cybersecurity policies and strategies and, more generally, they need to be brought up to speed on potential cybersecurity impacts, including their banks’ preparedness, and the need to manage cyber risks. At the same time, the guidance notes that managing cyber risk requires awareness and commitment among staff at all levels. We agree wholeheartedly. Executives can no longer delegate the whole cybersecurity agenda to the IT division. Because the value of a bank’s brand can be directly affected by security incidents, security needs to become an integral part of the company strategy at the highest possible level, actionable at every branch and corporate site and supported by greater employee awareness. Through our recent book, Navigating the Digital Age, and our online community, SecurityRoundtable.org, Palo Alto Networks seeks to share best practices, use cases and expert advice to guide executives on managing cybersecurity risks.
Second, the guidance directs Indian banks to take a risk management approach to cybersecurity. RBI notes that the size, IT systems, technological complexity, stakeholders, and other factors vary from bank to bank, and thus banks must identify their own inherent risks and needed controls to adopt an appropriate cybersecurity approach. We agree. No “one size” cybersecurity solution will fit all banks. However, there are some best practices that will improve overall cybersecurity hygiene.
Third, the guidance emphasises prevention. For example, the guidance says that banks should not allow unauthorised access to networks and databases, should take necessary preventive and corrective measures, and should endeavor to stay ahead of the adversary. We agree. Given that banks everywhere are constantly under siege from cyber attackers, a prevention-minded philosophy to cybersecurity is needed. Detection and remediation are too little and far too late to properly protect the financial assets and information of banks’ clients. This is where the SOCs called for by RBI will be extremely helpful. Per the guidance, a bank’s SOC should “keep itself regularly updated on the latest nature of emerging cyber threats” and be “well-prepared to face emerging cyber threats such as zero-day attacks”. However, SOCs are just part of the solution. Including cybersecurity in the overall network or enterprise architecture will also contribute to a preventive posture. Palo Alto Networks is focused on preventing successful cyberattacks and can be part of such a layered defense approach.