While Information Security focuses on protecting confidentiality, integrity, and availability of information, Cyber Security protects cyberspace environment from cyber attacks.
RBI (Reserve Bank of India) “Cyber Security Policy” guides the Banks in India for designing and implementing next generation cyber protection capabilities.
As per RBI, banks should implement basic cyber security controls to improve their security position.
Bank is the controller of personal and confidential details that the Bank receives from a customer. Banks should develop and implement comprehensive measures to ensure the confidentiality, credibility and quality of this data are not compromised and are prevented from any data leak/loss.
Banks have been advised to subscribe to external service providers for anti-phishing / anti-rogue apps services. It allows them to recognize and remove phishing websites / applications which are used for malicious purposes.The best way to defend against phishing threats is mitigation of external and internal phishing threats, TIKAJ offers Anti-Phishing Detection and Mitigation Solution which can help in keeping your organization safe from new threats and attacks.
Banks should perform periodic assessments of vulnerability and pen-testing exercises on all critical systems, especially those facing the Internet. Performing security testing / penetration testing of the systems, applications and network helps in identifying the vulnerabilities and mitigate them.
TIKAJ’s VAPT service helps organizations to conduct in depth analysis of their application in order to remove any potential risk that could be used by the attacker for personal gain.
Warnings or timelines do not accompany cyber-attacks. Banks should ensure continuous surveillance and keep themselves regularly updated on the latest nature of emerging cyber threats.
RBI recommends that banks develop ongoing monitoring to keep abreast of emerging cyber threats.
In Banks having a track record of the activities is important to secure big data and avoid any type of data leaks. TIKAJ’s SIEM solution assists security professional insight and tracks records of their environment.
Cyber Security Awareness
Banks employees, management and customers are their last line of defence. Banks should educate staff, vendors and customers about information security to prevent human errors. Banks should conduct information security awareness and training sessions for all key Bank stakeholders including Board of Directors, Top Management, Third Party Vendors ,Clients, Employees.
With TIKAJ’s PhishGrid, we introduce security awareness in your environment in a more effective way. Our approach is combined with security awareness knowledge base that provides the best possible way to combat phishing threats.
IT Strategy & Policy
Banks need to maintain up-to-date asset inventory for their infrastructure and business applications. Banks should board approved policy to cover areas related to assets used within the environment like hardware, software and networking.
Cyber Risk Assessment
Banks should maintain an updated, and preferably centralized, inventory of authorized/ unauthorized software along with their status updates.
Banks should document and apply baseline security requirements/configurations to all categories of devices throughout the life cycle and carry out reviews periodically.
Network Management & Security
Review and improve security configurations for the network and database. It helps strengthen the structures to mitigate vectors against attack. Banks should maintain an up-to-date/centralized inventory of authorized devices connected to banks network
With the new RBI Cyber security guidelines, banks will move forward with much more security and customers trust. As customers are moving to the internet banking, banks need to up their game in order to stay safe. Read more about the RBI Cyber Security guidelines in detail here
To get help in fulfilling the requirements, feel free to contact us