Finance ministry cautions banks on cybersecurity robustness amid UCO Bank glitch

The finance ministry has asked state-owned banks to check their cybersecurity robustness and further strengthen them, media reports have shown. The banks have been advised to review their digital operations and processes. This cautionary suggestion comes on the heels of the massive breach Kolkata-headquartered UCO Bank wrongly credited ₹820 crores to the account holders through immediate payment service (IMPS). The bank said that this happened because of a technical glitch.

To be sure, IMPS helps in sending and receiving money quickly through internet banking or phone-based apps. It is managed by the National Payment Corporation of India. As of November 16, the bank said that it has managed to recover 79% or ₹649 crore.

The BFSI sector is undergoing rapid digitisation which has benefitted the larger population. A recent report by the World Bank titled ‘G-20 Policy Recommendations for Advancing Financial Inclusion and Productivity Gains Through Digital Public Infrastructures’ aid that the digital public infrastructure has enhanced financial inclusion and delivery of public goods and services.

That said, the corresponding challenges and risks faced by financial institutions amid digitalisation have emerged as a cause of worry. Speaking on the sidelines of Synergia Conclave 2023 during a session on Aligning Technologies to Future Conflicts', National Cybersecurity Coordinator (NCSC) MU Nair said on Sunday that the Indian cyberspace has seen double the number of average global cyber incidents. To this end, ransomware attack payments to the tune of $1.5 billion have been made in the last 10 months, double since 2022.

The NCSC is currently working on updating and replacing the 2013 National Cyber Security Strategy which will emphasise a ‘common but differentiated approach’. This would mean having tailored goals for government organisations, private institutions, academia and other stakeholders, even though the overall cybersecurity objective remains consistent for all stakeholders.

The upcoming National Cyber Security Reference Framework (NCRF), which will replace the 2013 strategy, will act as a document to guide critical sectors such as banking, telecom, power and energy, banking and financial services, transportation, strategic and government enterprises, healthcare companies, among others in areas of internet governance and network management as well as response strategies in the event of cyber-attacks.