Enabling Cyber Preparedness amongst Banks

Why Banks Should Invest in Security Operation Centres (SOC) and Incident Response Technologies

By: Shrikant Shitole, Managing Director, India, Symantec

Technology adoption and a shift to digital business model, has caused massive re-positioning of the financial services market. It has transitioned from a fundamentally labor-based model to an automated process-driven one. Additionally, as consumer behavior evolves, traditional players are facing new competitors in direct and mobile banking. In the payment market, cash and credit cards are giving way to digital alternatives. On the sidelines of this technology upheaval, cyber-attacks on financial services organizations are becoming increasingly diverse and therefore unpredictable. It is clear that when the severity and frequency of the attacks increase, only a resilient and flexible cyber security model will prepare and protect the financial services industry to survive.

Building a resilient and flexible Next-Gen Cyber Security Framework

Owing to the technological advancements and its implications on the security of the IT skeleton in banks, Reserve Bank of India (RBI) in June 2016 issued an advisory to Indian banks on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds. It necessitated proactive deployment, modification, upgrading and fine tuning their existing policies, procedures and technologies based on new developments and emerging concerns to create a Cyber Security Framework. With an objective of ensuring adequate cyber security preparedness and lasting stability in the Indian banking ecosystem, the RBI has mandated the formulation of a
Cyber Crisis Management Plan (CCMP) which will address the aspects of detection, response, recovery and containment. While banks are deploying multi-level authentication to combat cyber-attacks; this policy is intended to enhance the resilience of the banking system by improving their current defenses, primarily addressing internet-based threats. As per the advisory, cyber security policy should be separate from the broader IT policy so that it can highlight the cyber-threats and the intended measures to address them.

One of RBI’s three annexes situates special emphasis on setting up a fully operational Cyber Security Operation Centre (SOC) which will equip banks to proactively address cyber attacks and possible unknown threats. It will enable effective monitoring and management, along with sophisticated tools for detection and quick response, all backed by analytics.

Requisite Technologies to Secure Banking Infrastructure

Banks today need intelligent, accurate threat detection and proactive notification of emerging threats to ensure sensitive data is protected. Keeping awareness at the forefront, banks should adopt an information centric approach which will enable security experts and advisors to better the environment and deploy suitable solutions. Constant and continuous monitoring of the environment using appropriate and cost effective technology tools, clearly defined policies and procedures based on best practices that are monitored by technically competent and capable manpower is the need of the hour. Compliance with government guidelines on cyber security policy, protecting critical information infrastructure and the Information Technology Act are of paramount importance. It is vital to address the governance, technology, operational, outsourcing and legal issues while setting up the Cyber Security Operations Centre (SOC).

Why SOC would be key

The key responsibility of the SOC that RBI advises, would be monitoring, analyzing and escalating security incidents in real-time. By developing responses to protect, detect, respond and recover, and conduct incident management and forensic analysis, by coordinating with contact groups within the bank as well as external agencies, the SOC will add tremendous value to Indian banks. While banks can work together to establish SOC installations, external integration with security vendors to provide the intelligence, capacity as well as a capability to detect, protect and prepare banks from cyber-threats brings clear advantages to the table. These installations will offer, whether in conjunction with a security provider or other banks, real-time, comprehensive protection from known and emerging threats, enabling them to minimize risk and strengthen their security posture.

Incident Response and Management

The threat landscape is very dynamic and to enhance the resilience of the banking system it is important to improve their current defenses. Given the low barriers to entry, evolving nature, growing velocity, motivation and resourcefulness of cyber-threats, it is imperative for banks to put in place an adaptive Incident Response, Management and Recovery framework to deal with adverse incidents or disruptions. Here, the RBI recommends devising a fully effective incident response program with due approval of the board. Intended to effectively support banks’ cyber-resilience objectives, it should be designed to enable the banks to recover rapidly from cyber-attacks and safely resume critical operations aligned with recovery time objectives while ensuring security of processes and data.

This is where a vendor like Symantec, that is equipped to deliver solutions which aid organizations to proactively address security needs, enable continual security improvement and overall cyber-resiliency come into play. Symantec’s Incident Response Service offerings like Incident Response – Emergency Response Services and Incident Response Retainer Services help customers to resolve incidents, return to normal operations and prevent incident recurrence. The service leverages Symantec’s global intelligence network of approximately 57.6 million attack sensors monitoring threat activity in over 157 countries to provide context and insight into various indicators of compromise, adversaries, campaigns and more.

The RBI Cyber Security Framework has landed at an apt time, giving banks an opportunity to embrace the journey of strengthening their cyber posturing jointly and severally. While many leading banks already have a plan in place, given the sophistication of attacks we see today, building cyber-resilience has become a continuous process. Setting up new infrastructure and protocols such as SOC and incident response, would come with its own challenges pertaining to difficulty in finding experienced staff, time consuming trainings, designing of suitable compensation strategies, implementing communication strategies, supervision, management and so on. Nevertheless, with the circular kick starting a renewed focus on cyber security in the banking sector, if banks retain the flexibility to ascertain and deploy the most advanced technologies, a secure digital banking system in India will not be a far-fetched goal anymore.

Leave a Reply

Your email address will not be published. Required fields are marked *