New Delhi, Aug 1 (KNN) Banks need to put in place preventive measures such as appropriate controls framework around the systems, reconciliation of transactions in on real / near real time basis, controls over the message creation and transmission, applying timely security patches to the interfaces, if any, close monitoring of transactions and disabling USB, and Internet access on the connected nodes, said R Gandhi, Deputy Governor RBI.

Equally important is the timely detective measures. It is pertinent to prepare ourselves to face such incidents, by having a robust crisis management plan. I am sure the banks are taking earnest steps to comply with the provisions of the circular as soon as possible, said Gandhi while addressing an event organized by industry body Assocham recently.

“Information dissemination is a key facilitator in combating the menace of cyber related incidents. While the Reserve Bank obtains information from banks on cyber incidents, including those which did not fructify into loss of money or information, such information is also shared amongst the banks along with suggestions aimed at best practices”.

The Institute for Development and Research in Banking Technology (IDRBT) also has a system to collate such information and share the generic aspects amongst the CISOs of banks. All these, I am sure will help the banks in further enhancing their cyber security related capabilities, said RBI Deputy Governor.

“The banking sector – similar to other sectors of the Indian economy has always been very responsive to change and has adapted itself very well to meet the challenges which keep emerging frequently. It has also proved that it cannot only adapt well but also quickly so that response times are fast to prevent recurrence of negative incidents. The same fervour, I am sure, will be witnessed in the area of cyber security as well and will leave a mark of confidence in the minds of the customers of banks.”

This will ensure that banks provide for a safe and secure processing environment when the depositor’s money is safe and where all other customers can conduct their banking transactions safely and securely, added Deputy Governor RBI.

“The recent developments in banking as also payment and settlement systems have resulted in enhanced customer comfort and flexibility in terms of timing, location and choice of channels. These, however, also expose the customers as well as banks to risk of cyber-attacks. While the banks have better resilience in terms of risk mitigation structures and ability to absorb the losses and expenses, the customers may not be so privileged”, said Deputy Governor RBI.

The strategy to build preventive and detective defences depends on the specific link in the asset that one is trying to protect. The ecosystem for financial transaction not only includes banks and their customers, but also network service providers, IT infrastructure providers, providers of managed services such as data centres, software developers, providers of security solutions and providers of the end-point device which is used for accessing the financial service, including the ATMs which may or may not be bank-owned / managed devices.
 
The devices which are used to provide the entire ecosystem produce huge quantity of information and activity logs, which contain crucial information which can throw light on potential attacks, even before the attack takes place. However, the humungous quantity of log data renders it impossible to analyse using conventional outlier detections. Conventional techniques result in considerable false alarms and restrict genuine activity, causing inconvenience and also creating mistrust among the users about the security products and techniques, highlighted Gandhi.
 
Therefore, the focus has now been shifting to techniques which are not rule based, but having ability to identify the normal activity patterns and detect the anomalous and potentially harmful activity. Needless to say, these involve machine learning and soft computing techniques. Application of these techniques is expected to generate better hit-rate in terms of identifying threats, without generating high level of false alarms. As each alarm requires response and is resource intensive in terms of time, money and manpower, the ability of the expert systems to distinguish the malicious behaviour from and casual digressions from the normal activity pattern will determine the value of these tools in the security infrastructure, mentioned Gandhi.
 
In addition to the tools, the most important component of the critical infrastructure protection is the skills, experience and alertness of the manpower deployed in this activity. The skill sets required for security are getting diversified from conventional IT 6 skills to investigative skills of criminal investigator, data scientists having ability to deal with huge data requirements and with innovative minds to stay one step ahead of the cyber-criminal. As the strength of overall security is only as much as the strength of its individual components, it is necessary that all the stakeholders have to work hand in hand to address the threat to the information systems.