• Cybersecurity threatens business continuity
and is now more a business issue than a information technology issue
• At Citigroup, about 360,000 customer accounts
were compromised and the bank has been forced to reissue 218,000 new cards
•Under Basel II norms, banks with better
cybersecurity preparedness will need less capital
• Helps in compliance
•There has been a working committee
recommendation made to make cyber security audit mandatory by appropriate
amendment in the listing requirements under the Companies Act
Reserve Bank of india has already mandated that the banks have a board approved cyber security policy and cyber security policy be distinct from information security policy
• Makes implementing policies easier
• Employees gain information uniquely relevant
to current bank risks and management concerns
• Builds confidence in the market
• Employees are able to better explain security
features
• Reduces cyber insurance premiums
• Fertile ground for creating new cybersecurity
professionals who are scarce in the industry
• Help
future employees remain aware of the
implications of digital activities they undertake
•According
to the PwC survey little less than half (46%) of the respondents said that
current employees expose their organization to security incidents.
• Confidently
handle customer queries on security
•Various
banking firms are spending millions of dollars for educating customers about
adhering to the security principles. Trained employees can ascertain the
effectiveness from the first touch point
• Understand
processes and policies regarding cybersecurity
•Nearly
34% respondents held former employees responsible for security incidents. This
indicates that the companies need to establish greater rigor in their exit
related processes and make sure that all accounts and access of the users are
deactivated upon separation
• Helping
in detection and response against any threat in a timely manner
•Ponemon,
leading research company in privacy and security, recently calculated the
effectiveness of anti-phishing training programs. The least effective training
program still had a seven-fold return on investment
•Democratize
knowledge on cybersecurity so that some employees do not misuse their superior
knowledge
Suggestions:
To start with, it should be mandatory for the banking and financial markets professionals to go through an initial training in cyber security. It should be part of the on-boarding process. Also, they should be tasked with propagating this knowledge to the customers. The problem is that with so many touch-points, it's like leaving a gate open for an intruder, it proper checks and balances are not put in place.
There should be awareness workshops for the higher management teams in the banks.
At a more technical level, a rigorous, skill based training for the IT professionals should be put in place. Holistic frameworks propagated by institutions such as National Institute of Standards and Technology (NIST) should be put in practice. Cyber security should have all the areas such as initiate, protect, detect, respond and recover covered.
The magnitude of potential threat is too large to be ignored. RBI has been very proactive in its directives but its for the banks to follow.
Suggestions:
To start with, it should be mandatory for the banking and financial markets professionals to go through an initial training in cyber security. It should be part of the on-boarding process. Also, they should be tasked with propagating this knowledge to the customers. The problem is that with so many touch-points, it's like leaving a gate open for an intruder, it proper checks and balances are not put in place.
There should be awareness workshops for the higher management teams in the banks.
At a more technical level, a rigorous, skill based training for the IT professionals should be put in place. Holistic frameworks propagated by institutions such as National Institute of Standards and Technology (NIST) should be put in practice. Cyber security should have all the areas such as initiate, protect, detect, respond and recover covered.
The magnitude of potential threat is too large to be ignored. RBI has been very proactive in its directives but its for the banks to follow.
No comments:
Post a Comment