“We have witnessed an attempt to defraud a bank by abusing the SWIFT messaging system which thankfully could be salvaged post event without any apparent monetary loss.”
A top Reserve Bank of India official had waved the red flag, a year back, regarding the SWIFT messaging system. SWIFT was used in a fraud amounting to Rs 11,000 crore at a Punjab National Bank branch that benefited billionaire diamond jeweler Nirav Modi.
Former RBI deputy governor SS Mundra, while speaking at a seminar on financial crimes management on January 30, 2017, said: “In recent times, we have seen several high profile cyber-incidents both in India as well as globally. You will remember the Bangladesh Bank incident which rattled banks/central banks and forced us to look more closely at cyber security risks. There is an increasing trend in incidents pertaining to theft of personal information, abuse of ATMs and Distributed Denial of Service (DDoS) attacks on various banks.”
He then said: “We have already witnessed an attempt to defraud a bank by abusing the SWIFT messaging system which thankfully could be salvaged post event without any apparent monetary loss. We also continue to receive information on several other cyber incidents- be it ransomware attack, ATM / Debit card incident or unauthorised access to bank servers. Phishing / Vishing also continue to haunt bank customers with such attacks becoming more and more sophisticated.”
Mundra noted that technology adoption by banks and other financial entities has increased manifold in the recent years and today if a bank is not present in the digital world it would be well-nigh impossible for it to compete in the market. As technology evolves from being an enabler and differentiator to being at the core of the banks’ operations, associated issues of security need to be addressed comprehensively.
“In October 2016, G-7 countries came out with what is called as ‘Fundamental Elements of Cyber Security for the Financial Sector’, which covers cybersecurity strategy and framework, governance, risk and control assessment, monitoring, response, recovery, information sharing and continuous learning as key elements.
“The Committee on Payments and Market Infrastructures (CPMI), BIS and the International Organization of Securities Commissions (IOSCO) have issued Guidance on cyber resilience for financial market infrastructures (FMIs) which also emphasises on the importance for authorities to cooperate to support broader financial stability objectives. The Bank of England (BoE) has implemented “CBEST”, a new framework for testing cyber security vulnerabilities, particularly in respect of core financial sector entities. Hong Kong Monetary Authority has announced the launch of a “Cybersecurity Fortification Initiative” (CFI), a comprehensive initiative aiming to raise the level of cybersecurity of banks,” he added.
The top RBI official went on to say that closer home, RBI issued a circular on Cyber Security Framework in Banks on June 2, 2016 mandating cyber security preparedness.
“A specialised cell (C-SITE) has been created within the supervision department of RBI to conduct detailed IT examination of banks’ cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures. More than 30 major banks are slated to be covered under detailed IT examination during 2016-17 and all banks by 2017-18. RBI’s IT subsidiary (the Reserve Bank Information Technology (ReBIT) Pvt Ltd has also become operational with a mandate to focus on issues around IT systems and cyber security (including related research) of the financial sector and to also assist in the audit and assessment of the entities regulated by the Reserve Bank.”
Read: SS Mundra’s full speech
here