With the attempted $951-million Bangladesh Bank heist providing an alarming backdrop, the Reserve Bank of India (RBI) is strongly prodding banks to step up the vigil against cyber crimes, a growing bugbear for consumers. Banks have been specifically directed to put in place a security policy enlisting the strategy to combat such threats, duly approved by their Boards, by September 30, 2016.
Alongside this, banks have been told to set up a Security Operations Centre and beef up the role of the chief information security officer (CISO) within individual banks. Besides, the need to leverage the CISO forum under RBI’s Institute for Development and Research in Banking Technology (IDRBT) for exchanging information among banks and generating quick responses to cyber incidents has been stipulated by the central bank.
In recent months, with the SMAC format (social, mobile, analytics and cloud) driving innovation in the banking sector, the security imperative is even more compelling with regard to preventing data theft and checking financial fraud. The recent spate of cyber attacks have been turning highly sophisticated and the missive to banks now is on using specialised analytical techniques and exploiting vulnerabilities that had hitherto gone unnoticed.
The wake-up call, though, has been the heist in the Bangladeshi central bank. In February 2016, cyberthieves had issued instructions to transfer $951 million out of Bangladesh Bank’s account at the New York Federal Reserve. While most were declined, an amount of $81 million was transferred to a bank in the Philippines, never to be traced again. The theft sent shock waves through the global banking community, both for the amount of money that was swindled and how the heist leveraged the Society for Worldwide Interbank Financial Telecommunication (Swift) system, the backbone of international finance. Gottfried Leibbrandt, chief executive of Belgium-based Swift, had termed the Bangladesh cyberattack “a watershed” for the banking industry.