The recent spate of cyber-attacks on banks in India has left everyone worried. For those who haven’t kept count, Pune-based Cosmos Bank recently saw a massive security breach where Rs 94 crore was siphoned off. In a similar incident, about $2 million was stolen from City Union Bank through a cyber-attack. The Union Bank of India also fell prey to a hacking attempt and lost around $171 million, though they managed to recover it.
Taking cognizance of the growing need for banks to secure themselves against this onslaught of cyber-attacks, the Reserve Bank of India (RBI) recently issued a circular calling for a robust cybersecurity/resilience framework for Urban Cooperative Banks (UCBs) to ensure proper security.
The circular also contains an annexure which has details on an indicative, but not exhaustive basic cybersecurity framework which is to be implemented by all UCBs. All the UCBS are advised to frame a policy on cybersecurity immediately. After framing of the policy, UCBs are advised to implement basic Cyber Security Controls as indicated in Annex I and report the same to respective Regional Offices of Department of Co-operative Bank Supervision on or before March 31, 2019.
Some of the controls mentioned in this annexure are:
- Inventory Management of Business IT Assets
As per the annexure, this point emphasizes the maintenance of a business IT Asset inventory register with the minimum following fields: IT Assets, systems where customer data is storied, criticality of IT assets, classification of data based on sensitivity, management and protection of data within/outside the UCB network, etc.
How Seqrite can help: Seqrite’s Endpoint Security solution offers Asset Management as an integral cybersecurity feature. This feature monitors the software and hardware configurations of the concerned endpoints; thereby assisting administrators and IT managers look closely at the organization’s underlining hierarchy. Asset management identifies the systems and software modules that need to be patched for updates while rendering selective application control, restricted accessibility, file activity monitor and other forms of protective measures. Additionally, Seqrite’s Endpoint Security offers Asset Management for analyzing the hardware and software modifications at the endpoints while implementing changes. In addition to this, Seqrite Encryption Manager (SEM) protects corporate data residing on endpoints with strong encryption algorithms such as AES, RC6, SERPENT and TWOFISH. It even encrypts the contents on removable devices such as Pen Drives, USB Drives and makes it accessible only to the authorized users.
- Preventing access of unauthorized software
In brief, this point calls for a mechanism to be put in place whereby installation of software/applications on systems in the bank can be controlled and unauthorized software/applications can be blocked/prevented.
How Seqrite can help: Seqrite Endpoint Security (EPS) offers Application Control which allows enforcing control over the use of unauthorized applications within the network. Advanced Device Control allows enforcing policies regarding the use of storage devices, mobile and portable devices, wireless devices, network interfaces connected to endpoints. Asset Management gives total visibility of hardware and software running on endpoints and also helps to track software /hardware changes happening on endpoints.
- Network Management and Security
This point calls for proper configuration and assessment of network devices with password management, control of wireless local area networks, access points.
How Seqrite can help: Seqrite’s Unified Threat Management (UTM) solution offers a one-stop solution for network visibility and can be considered by UCBs. UTM reduces security complexities by integrating key IT security features in one integrated network security product. The platform brings network security, management, backup and recovery of UTM data and many other critical network services together under a single unified umbrella, tailored to suit the complexity of emerging threat scenarios.
- Anti-Virus, Patch Management and Firewall
The annexure also calls for systems and processes to be in place to identify, track, manage and monitor the status of patches to servers, operating system and application system. An updated anti-virus protection solution is also recommended along with firewall configurations set to their highest setting.
How Seqrite can help: Seqrite’s Unified Threat Management solution concentrates on offering a host of security solutions without the organizations having to rely on multiple service providers. Unified Threat Management is a holistic service that comes forth with the features like content filtering, VPN, firewall and anti-virus protection clubbed under a single dashboard. A UTM firewall boasts of a network intrusion prevention system or the IPS which in turn prevents hackers from attacking servers and unpatched PCs thus keeping severe threats like ransomware at bay. Apart from that, it offers secure and private remote access to the employees even when they are outside the company premises. Lastly, Unified Threat Management equips an organization to automatically update its security schema, anti-virus definitions, and other associated features. Seqrite EPS also offers a centralized patch management feature to patch vulnerabilities of applications. Other advanced features such as Anti Ransomware offers protection from ransomware attacks and automatically takes back-up of files. Seqrite Data Loss Prevention (DLP) prevents data loss by monitoring confidential and user defined data shared through removable drives, network or various applications.
Seqrite’s range of innovative, powerful solutions including Endpoint Security (EPS), Seqrite Encryption Manager, and Unified Threat Management (UTM) make it a good investment for Primary Urban Cooperative Banks (UCBs) to fortify their security investment and comply with the RBI’s circular, thus ensuring a safer, smoother experience for customers and employees alike.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more