Relaxed security, data protection controls during WFH increased cyberattacks on banks: RBI

The banking industry became a “target of choice” for cyberattacks during the Covid-19 lockdown, according to a report released by the Reserve Bank of India on Friday.

In the Financial Stability Report (FSR), the regulator attributed the spike to the relaxation of cybersecurity and data protection controls to facilitate remote working for bank employees amid the Covid-19 lockdown. 

The RBI, along with the Indian Computer Emergency Response Team (CERT-In), issued more than ten advisories and alerts to regulated entities since March to ensure best practices and prevent cyber threats, it said.

“... CERT-In is tracking latest cyberthreats, analysing threat intelligence from multiple sources and issuing advisories and automated alerts to the chief information security officers (CISOs) encompassing relevant details so that the financial entities may develop a set of effective practices for responding to and recovery from cyber incidents, while enhancing their respective cyber resilience,” the report said. CERT-In has also carried out 13 workshops and exercises for the financial sector so far to deal with cyberattacks, it added.

Separately, the RBI announced in the report that it has made an initial contribution of Rs 250 crore towards the Payments Infrastructure Development Fund (PIDF) to subsidise the deployment of point of sale (PoS) acceptance infrastructure to encourage digital payments. Card issuing banks and card networks in the country will also contribute to the fund, the report added.

The PIDF, announced as part of the vision document for 2019-21 released last year, is meant to increase physical and digital modes of acceptance infrastructure across tier 3 to tier 6 cities. 

Recently, a committee constituted by the RBI to review Quick Response (QR) code transactions and encourage digital payments, said that implementing a nominal MDR fee for such transactions will incentivise merchants to use it more.