RBI's new cybersecurity guidelines are pushing India's 1,574 urban cooperative banks to bring digital services up to snuff
- The Reserve Bank of India (RBI) has announced that it will be putting in new cybersecurity guidelines for urban cooperative banks (UCBs) by 31 December 2019.
- The central bank said that it wants to bring UCBs at par with commercial banks.
- A graded approach has been proposed where the level of security measures will vary according to a bank's digital depth, product offerings, and other factors.
“This would bolster cybersecurity preparedness and ensure that the UCBs offering a range of payment services and higher information technology (IT) penetration are brought at par with commercial banks in addressing cybersecurity threats,” stated the Reserve Bank of India ( RBI) in a monetary policy committee review today.
Banking is becoming more 'boundary-less' in the era of digitisation and as more data is shared online, the number of threats is growing as well.
The central bank already introduced baseline controls back in October, last year. Details of the new guidelines will be announced on 31 December 2019.
More digital products mean more security guidelines
RBI's new 'comprehensive cybersecurity framework' has been proposed as a graded approach. This means that security measures will vary according to a UCB's digital depth, interconnectedness with other payment systems, digital products offered and overall cybersecurity risk.
As the nature, variety, and scale of digital offerings increases, more stringent security measures will have to be put in place.
Proposed cybersecurity measures
Even though the RBI didn't go into details about its new security measures for UCBs, it did disclose that future regulations will include implementing bank-specific email domains.
The easiest way for hackers to obtain sensitive data about a user is through phishing emails. They send out emails with misleading links to lure victims to giving away passwords and bank details. Bank specific email domains allow users to tell the difference between a bank's official site and fraudulent sites.
A dedicated URL will give users the option to rely on their own avenues of accessing a bank's online payment service — rather than accidentally share their account information on a phishing site.
The new measures will also include the periodic security assessment of public-facing websites and applications.
Earlier this year, Group-IB — based out of Singapore — reported that credit card numbers of nearly 1.3 million Indian bank customers were being sold on the dark web. And, according to the most recent data from the Data Security Council of India (DSCI), India is a prominent target for cyber attacks. Between 2016 to 2018, India was the second most affected country by cybersecurity threats.
Periodic security assessment of UCB's website and apps will catch new threats and plug previously undetected loopholes.
Other proposed regulations include strengthening the cybersecurity incident reporting mechanism, strengthening of the governance framework and setting up a Security Operations Center.
Top highlights from RBI Governor Shaktikanta Das' speech after the credit policy review