Overview The Multi State Cooperative Societies Act of 2002 was enacted to consolidate and amend...
With a view to enhance the cyber security posture of the Urban Co-operative Banking sector, the Reserve Bank of India issued a detailed communication titled technology vision for Cyber security for Urban Co-operative Banks (UCBs). It introduced for UCBs to get prepared for evolving IT and cyber threat environment.
In recent years, there has been an increase in the number of cyber related incidents and cyber attacks in the financial sector, including UCBs. The impact of these cyber attacks and incidents have caused the need to be prepared for preventing, detecting, and recovering from such attacks.
The purpose for this is to ensure that the UCBs with great IT penetration, all payment services would be at par with other banks having better cyber security infrastructure and practices. As per RBI the cyber security landscape is expected to evolve with wider adoption of digital banking channels thereby necessitating the UCBs to manage the risks effectively.
The implementation of the approach mentioned in the technology vision document, released by the RBI, is expected to strengthen the cyber resilience of the UCBs.
The document shall achieve its objective through a five pillared strategic approach. Enhancing cyber security posture of the Urban Co-operative Banks against cyber threat through GUARD approach.
Now that we have understood its extended form lets understand what would be the action points as visualized by RBI?
As provided in the Comprehensive cyber security framework for UCBs, the board of directors shall be responsible eventually for UCBs information security and shall play a critical role to ensure an effective IT and IS governance.
UCBs should create their own technology vision document that outlines their plans to securely incorporate IT solutions to their business.
UCBs can consider creating a reserve/fund to implement IT/cyber security projects. In phase I, an approach paper can be brought out by NAFCUB and federations of UCB and in phase II, the funds can be created.
UCBs to ensure that IT infrastructure is not exposed to risk with obsolete hardware/software, will attempt to invest and upgrade their IT inventory with the facilities of IT and supporting infrastructure. Moreover the UCBs are required to implement a comprehensive process for software licence management. They will also address the risk effectively by having a business continuity plan for all processes and ensure that it is well communicated rehearsed and reviewed periodically.
The Urban Co-operative Banks are advised to report all unusual cyber security incidents to RBI immediately, besides other concerned authorities. An effective offsite supervision of UCBs shall be set up in order to monitor UCBs compliance regarding cyber security guidelines for up to date understanding of cyber security posture of the UCBs sector.
It may be noted that for all co-operative banks uniform cyber security hygiene document shall be issued and it shall be reviewed at periodic intervals.
UCBs can explore the possibility of establishing forum at the state/regional level where key individuals from various banks may interact and integrate on cyber security features on a periodic basis.
Cost effective technologies such as cloud based services can be utilized to implement IT solutions and cyber security controls.
Technical skill shall be imparted to the UCBs to manage IT and cyber security. Awareness/ certification programmes shall be developed and customized to functions of stakeholders in UCBs.
The mission statement incorporated the following action points for turning the visualization into real action:
Read our article:Co-operative Bank License in India
This uniform up gradation of cyber security system among UCBs shall result in the formation of forum at the state level to act as a platform for UCBs in benchmarking their practices with peers, exploring the strength and weakness in facing cyber threats.