views
Amid increasing cybersecurity threats to the securities market, the Securities and Exchange Board of India (Sebi) on Wednesday issued an advisory for stock exchanges, depositories and other regulated entities asking them to define roles and responsibilities of chief information security officer and other senior personnel.
“An efficient and effective response to and recovery from a cyber-incident by Regulated Entities (REs) are essential to limit any related financial stability risks. For ensuring the same, the Financial Computer Security Incident Response Team (CSIRT-Fin) has provided important recommendations in its report sent to SEBI,” the advisory stated.
It asked them to clearly specify the reporting and compliance requirements in the security policy.
Sebi REs have been advised to implement these cybersecurity practices as recommended by CSIRT-Fin.
The REs have been asked to proactively monitor the cyberspace to identify phishing websites and report the same to CSIRT-Fin.
Also Read: Forensic Audit Of Mutual Funds, AMCs Soon; Check All Details About Sebi’s Latest Tender
According to World Economic Forum’s Global Cybersecurity Outlook 2023, The geopolitical events of the past year have significantly influenced cyber strategy and tactical cybersecurity operations across the globe. Efforts are being made to strengthen internal policies and processes as well as to increase the effectiveness of cybersecurity controls with third parties. This suggests that organisational responses to cyber risk being undertaken now will have a positive long-term impact.
In cybersecurity, attackers have a structural advantage: they need to find only one exploitable weakness across an organisation. This means attackers have less ground to cover than a defender and the attacker can often adapt faster than organisations can defend or recover.
Sebi noted that the majority of the infections are primarily introduced through phishing emails, malicious adverts on websites, and third-party apps and programmes.
Accordingly, thoughtfully designed security awareness campaigns that stress the avoidance of clicking on links and attachments in e-mail, can establish an important pillar of defense.
“Given the sophistication and persistence of the threat with a high level of coordination among threat actors, it is important to recognise that many traditional approaches to risk management and governance that worked in the past may not be comprehensive or agile enough to address the rapid changes in the threat environment and the pace of technological change that is redefining public and private enterprise,” Sebi said.
The regulator said that an efficient and effective response to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks.
Also, Sebi said that operating systems and applications should be updated with the latest patches on a regular basis. It further said that security audit or Vulnerability Assessment and Penetration Testing (VAPT) of the application should be conducted on a regular basis.
The regulator has asked REs to take measures for data protection and data breach. Sebi has asked REs to implement a strong log retention policy along with a robust password mechanism. Also, it asked them to deploy web and e-mail filters on the network.
The regulator noted that the interconnectedness and interdependence of the financial entities to carry out their functions, the cyber risk of any given entity is no longer limited to the entity’s owned or controlled systems, networks and assets.
(With PTI inputs)
Read all the Latest Business News here
Comments
0 comment