Thursday, June 9, 2011

Citigroup Confirms Cyber Attack Upon Bank’s Network

Reserve Bank of India (RBI) has been stressing upon ensuring cyber security for banks in India. RBI has also constituted the working group on information security. As per the recommendations of the working group, RBI has directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Meanwhile, RBI sought the inputs of various stakeholders upon the report of the working group. After analysing the public inputs, the final notification has been recently released by the RBI. The notification mandates complying with the recommendations of RBI in a time bound manner.

However, it seems the recommendations of the working group constituted by RBI have still not been implemented. A “progress report” must be sought from banks of India in this regard by RBI as soon as possible.

RBI has also made the appointment of chief of internal vigilance mandatory for banks in India. RBI has also prescribed cyber security due diligence for banks in India. In fact, cyber due diligence and banking due diligence could have prevented the recent Citibank fraud.

The truth is that banks and financial institutions in India are not serious at all regarding cyber due diligence, cyber crimes, financial frauds and cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds.

As per the latest news, Citigroup Inc said computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders in the latest of a string of cyber attacks on high-profile companies. Citigroup said about 1% of its card customers were affected by the breach, which had been discovered in May during routine monitoring. The names of customers, account numbers and contact information, including email addresses, were viewed during this cyber attack. However, other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

Cyber attacks against banking and financial institutions are very common and frequent. They cannot be eliminated absolutely but efforts must be made to make them as less as possible. Banks and financial institutions of India must consider cyber security very seriously in the larger interest of their customers.

No comments:

Post a Comment