Summary: Business Leaders’ Forum (BLF), a joint initiative by the Centre for Advanced Financial Research and Learning (CAFRAL) and Reserve Bank Information Technology (ReBIT), began its journey on February 9, 2018, at the Harvard-style ‘Classroom’ at the Taj Land’s End, Mumbai. It had more than 40 participants – CEOs, Board members, business leaders, and senior management representatives of various banks across the country. It provides a platform for an ongoing dialogue among decision makers on the theme of cyber security.
Shri N. S. Vishwanathan – Deputy Governor, RBI emphasised that there cannot be a better time for the Forum to focus more closely on cyber security, given that global policy makers and decision makers are doing the same, and appreciated the initiative of formation of BLF. Shri Alok Joshi, Chairman NTRO, Shri Chandan Sinha, Additional Director, CAFRAL, Shri Krishna Sastry, ED, PwC, Shri N.S. Kannan, ED, ICICI Bank discussed need for better cyber resilience, case studies and best practices to help build a more cyber resilient financial sector. Shri Nandkumar Saravade, CEO ReBIT hosted an interactive session on means and ways forward and Shri Ravikumar, CGM RBI summarized the proceedings. The attendees agreed on a need for a continuous dialogue and platform for such discussions. A quarterly congregation was decided as ideal.
Watch out for the next edition, in the coming quarter! You can reach out to us on firstname.lastname@example.org
Summary: Ministry of Electronics and Information Technology (MeitY) recently completed the public consultation process on the draft data protection framework for India, developed under the chairmanship of Justice Shri B.N. Srikrishna. This webinar will cover some of the key aspects and provisions considered in this data protection framework and discuss some of its implications for the Indian banking sector. It will be delivered by two experts who have been closely involved in this development.
Data Privacy is becoming increasingly important with greater adoption of technology-driven innovation across consumer industry including retail, banking, telecom, and e-commerce. Stronger regulations on data privacy are being enacted all over the globe and create huge accountability for organizations processing personal data. This session will focus on strengthening the awareness on data privacy, its significance for the industry, impact of emerging technologies and recent developments in international regulations. It will also present the regulatory roadmap in India on data privacy, with special emphasis on banking and financial services industry.
Summary: Threat Intelligence is a capability where knowledge about adversaries and their motivations, intentions, and methods is collected, analyzed, and disseminated in ways that helps security and business staff at all levels protect the critical assets of the enterprise. The Data Breach Information Report (DIBR) from Verizon shows a trend where dwell times are increasing. Dwell time is the time between when the infilteration happens and when an attack is perpetrated. The data also suggests that the detection of data breaches is increasingly being found from external sources. Given these trends organizations may want to develop a Threat Intelligence capability to proactive monitor potential threats or attacks pertinent to the organization in order to take appropriate cyber risk mitigation steps. In this webinar we look at an in-dept view on what is Threat Intelligence, how an organization can develop this capability and what resources are available.
Summary: Banking and financial institutions today face several information security related threats. There is a visible surge in cyber-attacks, leading to an increase in issues related to legal, regulatory, and privacy compliance. Distributed Denial of Service (DDoS) attacks, spear phishing, ransomware, and insider threats such as Data theft, datadidling etc., continue to endanger banking and financial institutions. Given the circumstances, an ideal approach is to focus on detecting, recovering from and mitigating cyber security risks across multiple channels. A poorly managed security incident can adversely impact an organization by increasing downtime, escalating the cost of investigation, and attracting legal liability and sanctions besides negative publicity. The lack of proper forensic readiness results in the increase of the cost of investigation, sanctions from courts/regulatory authorities for not being able to collect the digital evidence in a forensically sound manner. The ability to identify, investigate, and mitigate such security incidents, while ensuring legal and regulatory compliance, has thus become an organizational imperative.
Employees are often the weakest link in the security chain of an organization. Despite having strong technical controls, one small negligence from an employee (e.g. clicking on phishing link, downloading a malware from internet etc.) could result in a major impact for the organization.
Embedding a positive security culture amongst the employees is vital for any organization. Building a positive security behavior shall be a key constituent of the awareness strategy for enterprises. Measures adopted towards building a positive security behavior shall strengthen the overall security posture of organizations thereby reducing incidents and enhancing customer confidence.
An effective information security awareness program will help in minimizing the probability of employees falling prey to malicious attacks and information going into wrong hands. Employees shall be made aware of what are the right (Good) and wrong (Bad) security behaviors. They should also be able to identify security threats and vulnerabilities and report security incidents.
Summary: Globally, attacks against SWIFT, ATM’s and cardholder data are specifically targeted to the victim bank. Learn how deception technology works to proactively detect such attacks and improve security response time. You’ll learn: (a) How targeted banking attacks work in the real world. (b) What does the hacker see when deception technology is in place? (c) How banks have implemented deception technology
Summary: Cyber-attacks are increasing in sophistication and for effective mitigation organizations must develop detection, response and recovery capabilities in addition to prevention. The Security Operations Center (SOC) serves as the foundation for incident detection and response. However, recent attacks have raised questions on the efficacy of a SOC. Is it time to move to a next-gen SOC or CSOC (Cyber Security Operations Center)? Unlike conventional security systems that are reactive in nature, CSOC has to take into account proactive monitoring and management capabilities with sophisticated tools for detection, quick response and backed by data and tools for sound analytics. This webinar provides insights into the current challenges being faced and a practitioner's perspective on what it takes to setup a CSOC.
Summary: On October 22nd, 2016, a Brazilian Bank's entire Internet footprint was hijacked by cyber criminals. Many attacks like MitM, Cache poisoning, Tunneling etc are being used actively. In this webinar we will discuss some of the defensive advancements in the space and best practices for good governance of bank's DNS infrastructure.
Summary: The cyber criminal activities pray upon vulnerabilities. One critical attack vector is the unpatched system where exploits are targeted. Recent Ransomware incidents underscore the need for a good patch management strategy. This webinar focussed on an approach to keep this patch management task manageable.
Summary: Emails are one of the easily exploitable attack vector that cyber criminals target. Phishing and Spear-Phishing attacks are common ways through which either the bank employees or bank's customer may be targeted. This webinar focussed on need for a good email governance using DMARC specification with a target of 100% DMARC compliance for the industry.
Note: Participation in webinar or engagement with ReBIT is not an endorsement of specific company, methodology and/or person. ReBIT and its parent company do not endorse any specific organization through these events and publications or otherwise. These webinars, blogs and publications are simply collaborative exercises to promote best practices and improve overall cyber resiliency of the financial sector. The companies and people collaborating with ReBIT are not authorized to use ReBIT's or its parent's brand images. ReBIT recognizes their contributions through appropriate attributions on this website. Permissions to use ReBIT's or its parent's brand identity should be explicitly sought for right purposes.
ReBIT's Operation Excellence Initiative will comprise of series of webinars, publications and newsletters on various topics to help the security practitioners in the financial industry through information sharing on best practices, tools and technologies for implementing these best practices and related case studies. The webinars will be recorded and eventually hosted on ReBIT's website. In addition to the webinars, some initiatives will require further support to enable easy adoption of these best practices by the financial institutions. Here we will work on creating playbooks and focus on collaboration and advisory groups to assist the financial firms in implementation of these best practices.