Sebi warns on cyber attacks

Chairman says need a framework to protect firms as well as individuals

The Securities and Exchange Board of India (Sebi) has highlighted the need for cyber security norms in the securities market, amid an exponential increase in online trading.

U K Sinha, chairman, Sebi, on Wednesday said the securities markets were highly vulnerable to cyber attacks and a framework was needed to protect firms and individuals. He was speaking at an event jointly organised by Sebi, BSE and EY, on cyber security and resilience. Cyber attacks launched by malicious entities within or outside the country, against financial services entities are aimed at conducting financial fraud or for disrupting the financial system.

“These attacks are getting more sophisticated and the vulnerability of securities’ markets is increasing. Across the world, securities markets are very vulnerable to such attacks,” Sinha said. He said adoption of technology by these attackers seems to suggest involvement of nation-states, in some cases.

“These are done by people who have access to the best of technology and resources, and some are state-sponsored. It has a huge impact on larger systems, society and nations,” he said.

These attacks are not just restricted to the financial services sector but is spread across all sectors of the economy, he added. “I am told manipulation of stock exchanges is the new modus operandi used by terrorist groups to raise funds for their operations,” said Vidyasagar Rao, governor, Maharashtra, who was also present at the event.

He quoted a report stating that the number of cyber crimes in India could likely touch 300,000 in 2015, almost double the number seen in 2014. Rao also cautioned corporates and spoke about the need for putting in place adequate systems for protection against cyber-crimes.

Experts on cyber-security said that India, tied with South Korea, tops the list of countries most vulnerable to cyber attacks. They said that only 20 per cent of Indian websites were impenetrable to spyware and other types of malware as against the global average of 50 per cent.

Industry participants said that the growth of online and mobile trading calls for higher regulation of these activities. They said that information sharing, akin to what happens in the banking industry, could be key to the development of a robust cyber-security system.

“While Sebi has been proactive in protecting data, what we would now like from the regulator would be a system in place for sharing information of what has happened. Setting up something like a special interest group that will have collective knowledge of such attacks that can be shared among participants to help them prepare,” said Kamlesh Rao, chief executive officer, Kotak Securities.