edited by: Namit Singh Sengar
Last Update: February 23, 2023, 16:19 IST
SEBI RE has been advised to implement these cyber security practices recommended by CSIRT-FIN (Representational image: Shutterstock / File)
REs have been asked to actively monitor cyberspace to identify phishing websites and report the same to CSIRT-FIN.
Amid rising cyber security threats to the securities market, the Securities and Exchange Board of India India SEBI on Wednesday issued an advisory to stock exchanges, depositories and other regulated entities asking them to define the roles and responsibilities of chief information security officers and other senior personnel.
“An efficient and effective response and recovery to a cyber-incident by regulated entities (REs) is essential to limit any associated financial stability risk. To ensure this, the Financial Computer Security Incident Response Team (CSIRT-FIN) has made important recommendations in its report sent to SEBI.
It asked them to clearly specify the reporting and compliance requirements in the security policy.
SEBI RE has been advised to implement these cyber security practices as recommended by CSIRT-FIN.
REs have been asked to actively monitor cyberspace to identify phishing websites and report the same to CSIRT-FIN.
Read also: Forensic audit of mutual funds, AMCs soon; Check out all the details about SEBI’s latest tender
According to World The Economic Forum’s Global Cyber Security Outlook 2023 Geopolitical events of the past year have significantly influenced cyber strategy and strategic cyber security operations around the world. Efforts are being made to strengthen internal policies and procedures as well as enhance the effectiveness of cyber security controls with third parties. This suggests that organizational responses to cyber risk being undertaken now will have a positive long-term impact.
In cyber security, attackers have a structural advantage: they only need to find one exploitable weakness in an organization. This means that attackers have less ground to cover than a defender and attackers can often adapt faster than organizations can defend or recover.
Sebi said most of the infections are mainly introduced through phishing emails, malicious advertisements on websites and through third-party apps and programs.
Accordingly, thoughtfully designed security awareness campaigns that emphasize avoiding clicking on links and attachments in e-mail can constitute an important pillar of defense.
“Given the sophistication and persistence of a threat, along with the high degree of coordination among risk factors, it is important to recognize that many traditional approaches to risk management and governance that have worked in the past are insufficient to address widespread or rapid change. Can’t be agile. In an environment of threat and the pace of technological change that is redefining public and private enterprise,” SEBI said.
The regulator said that an efficient and effective response and recovery to a cyber-incident by REs is essential to limit any associated financial stability risk.
Also SEBI said that the operating system and applications should be updated with the latest patches on a regular basis. It further said that security audit or vulnerability assessment and penetration testing (VAPT) of the application should be conducted on a regular basis.
The regulator has asked REs to take data security and data breach measures. SEBI has asked REs to put in place a robust log retention policy with a robust password mechanism. Also, it asked them to deploy web and e-mail filters on the network.
Given the interconnectedness and interdependence of financial institutions to perform their functions, the cyber risk of any entity is no longer limited to systems, networks and assets owned or controlled by the entity, the regulator said.
(With PTI inputs)
read all latest business news Here