Banks prone to cyber attacks, says RBI Deputy Governor

The recent attempt of cyber theft in the offshore account of a state-owned lender has brought to fore the need for vigil over sensitive remittance services, Reserve Bank Deputy Governor R Gandhi said on Friday.

Last week, Union Bank of India had informed that it had averted successfully an attempt of cyber theft in its US dollar Nostro account--the offshore account--and also there was not any financial bearing as the attack was foiled.

"I would like to redraw your attention to the recent cyber incident at one of our banks. Apparently there has been no monetary loss in the recent incident. But it is too early to conclude what and how of the incident at this juncture; however, the need for vigil over the sensitive systems like remittances is once again brought to the fore, with particular focus on configuration of the systems and the human aspects in managing the systems," Gandhi said at the annual summit 'Cyber & Network Security'.

Gandhi said there is a need for banks to timely detect such incidences, adding a robust crisis management plan is pertinent.

"If continued cyber vigil is to be ensured then a continuous process of awareness building, education, re-enforcement, tests, trials and upgradation is a must. It is this area which we generally tend to be rather lax and which is exploited by cyber-baiters," he said.

Appropriate controls framework, reconciliation of transactions in real time basis, timely security patches to the IT interfaces and close monitoring of transactions are among the preventive measures to insulate from cyber attacks, he added.

Stressing that banks need to scale up the cyber security preparedness to meet the emerging threats, Gandhi said the RBI has been proactive, as well as engages in consultation and congruence in the security framework in the banking system.

He said right from the early days when RBI provided guidance on computerisation, it has been conscious of the role that IT plays in meeting the emerging customer needs and the opportunities and challenges of using technology, including cyber related aspects.

Gandhi said the recent RBI guidelines on Cyber Security Framework in banks are aimed at a focused attention to cyber threats and framework for mitigating the threats and to protect the information assets.

He said information dissemination is a key in combating the cyber threat incidents and said the banks also share information about cyber attacks along with suggestions on best practices.

The Institute for Development and Research in Banking Technology also has a system to collate such information and share the generic aspects amongst the chief information security officer of banks, he said.

"All these, I am sure will help the banks in further enhancing their cyber security related capabilities.