Banks to audit cyber security every 6 months

As India moves rapidly to digital banking, the Centre has asked public sector banks to conduct half-yearly cyber security audits to save customers using internet banking from cyber threats and data breaches.

“The lenders have also been asked to implement auditors’ recommendations strictly,” a top official told DH, adding, the diktat is “patch early, patch often”.

They have been asked to work on alerts and advisories issued by the Reserve Bank of India on priority, the official said.

The move is expected to instill people’s confidence in banking, shaken by the recent data breaches including in the second largest state-owned lender — Punjab National Bank.

Early this year, a Bengaluru-Singapore based cyber security company had reported that it had seen passwords, credit and debit card details of close to 10,000 PNB clients. The revelation came at a time when PNB was battling one of the worst banking frauds in India, involving diamond jeweller Nirav Modi. The details of the cyber audit were discussed at the recent review of PSU banks undertaken by Finance Minister Arun Jaitley during which the lenders were also asked to properly enforce password policies which allowed them to go in for two-layered passwords that are difficult for criminals to sniff out.

The lenders have also been asked to conduct vulnerability assessment of servers of business computers frequently and exercise practice of ‘white-listed applications’, a concept which allows only pre-approved and specified programmes to run on computers and help block malware, the official said.

Meanwhile, the Reserve Bank of India has said that further enhancing levels of protection against cyber security risk is its foremost agenda in 2018-19. RBI had earlier asked banks to immediately put in place a cyber security policy to combat cyber threats.

The government’s main focus is now on preventing cyber crimes as India moves to digital banking on a faster pace, said the official.