The central bank has asked the banks and financial institutions to implement precautionary measures to minimise the possible threat on their cyber security infrastructure.
The central bank has made it mandatory for the banks and financial institutions (BFIs) to conduct an audit of their information and technology (IT) system regularly after the recent ATM hacking exposed significant security vulnerabilities in the banking system. Almost two weeks ago, the Chinese hackers withdrew millions through ATMs of different banks through malware attack.
Issuing a three-point directive to bank and financial institutions (BFIs) to address and manage internal and external risks in use of information technology (IT) today, the central bank has also instructed BFIs to carry out regular monitoring and reporting of their systems and share information of any incident or attack to the respective agencies.
Stating that there have been attempts to infiltrate the systems of banks and financial institutions from unauthorised people or places by placing fake order or correspondences, the central bank directed BFIs to regularly audit their IT system and promptly address the IT and security flaws that are detected. It has also directed BFIs to adopt best international practices in the IT and security system at their respective firms. The central bank has also directed the BFIs to prepare preventive, detective and responsive IT security strategies and implement them as soon as possible.
The central bank has also asked to take necessary measures to minimise external risks such as spam, phishing and spoofing, among others that could result in the loss and theft of data. “The BFIs must standardise technologies related to perimeter defence, access control, encryption, anti-virus and firewall to cope up with possible risks regarding cyber attack, malware virus and ransomware at BFI’s website, mobile applications, authenticated social networks and the entire information and technology system,” the directive reads, adding that the BFIs should also raise awareness among office bearers on IT and security issues.
Malware – a type of software – is used to infiltrate and damage the entire network system. Likewise, ransomware variants encrypt the files on the affected computer making the files inaccessible to the concerned authority. The hackers mainly use the software to block access to a computer system or computer files until a sum of money is paid.
The central bank's directives to take precautionary moves comes in the wake of recent ATM heist in Kathmandu, where a group of hackers has stolen over Rs 18.9 million by hacking the payment switch of Nepal Electronic Payment System (NEPS) through use of cloned debit and credit cards of 17 member banks of the NEPS that use Visa system, according to preliminary findings of the central bank. “Likewise, Rs 1.05 million Indian Currency (IC) was stolen in India from six commercial banks of Nepal on the same day, according to the findings.
Earlier today, the central bank also summoned chief executive officers of banks and financial institutions to discuss about security measures to check cyber attack or threats to their IT system. During the meeting, central bank Governor Dr Chiranjibi Nepal instructed the chief executives to keep vigil over their systems, particularly during the festive season as the banks and financial institutions will have longer holidays in those days.
The central bank has also lowered the maximum limit for cash withdrawal using debit card from last Thursday as part of security measures, though the hackers will anyway use malware to withdraw any amount as they did last Saturday.
The central bank has made it mandatory for the banks and financial institutions (BFIs) to conduct an audit of their information and technology (IT) system regularly after the recent ATM hacking exposed significant security vulnerabilities in the banking system. Almost two weeks ago, the Chinese hackers withdrew millions through ATMs of different banks through malware attack.
Issuing a three-point directive to bank and financial institutions (BFIs) to address and manage internal and external risks in use of information technology (IT) today, the central bank has also instructed BFIs to carry out regular monitoring and reporting of their systems and share information of any incident or attack to the respective agencies.
Stating that there have been attempts to infiltrate the systems of banks and financial institutions from unauthorised people or places by placing fake order or correspondences, the central bank directed BFIs to regularly audit their IT system and promptly address the IT and security flaws that are detected. It has also directed BFIs to adopt best international practices in the IT and security system at their respective firms. The central bank has also directed the BFIs to prepare preventive, detective and responsive IT security strategies and implement them as soon as possible.
The central bank has also asked to take necessary measures to minimise external risks such as spam, phishing and spoofing, among others that could result in the loss and theft of data. “The BFIs must standardise technologies related to perimeter defence, access control, encryption, anti-virus and firewall to cope up with possible risks regarding cyber attack, malware virus and ransomware at BFI’s website, mobile applications, authenticated social networks and the entire information and technology system,” the directive reads, adding that the BFIs should also raise awareness among office bearers on IT and security issues.
Malware – a type of software – is used to infiltrate and damage the entire network system. Likewise, ransomware variants encrypt the files on the affected computer making the files inaccessible to the concerned authority. The hackers mainly use the software to block access to a computer system or computer files until a sum of money is paid.
The central bank's directives to take precautionary moves comes in the wake of recent ATM heist in Kathmandu, where a group of hackers has stolen over Rs 18.9 million by hacking the payment switch of Nepal Electronic Payment System (NEPS) through use of cloned debit and credit cards of 17 member banks of the NEPS that use Visa system, according to preliminary findings of the central bank. “Likewise, Rs 1.05 million Indian Currency (IC) was stolen in India from six commercial banks of Nepal on the same day, according to the findings.
Earlier today, the central bank also summoned chief executive officers of banks and financial institutions to discuss about security measures to check cyber attack or threats to their IT system. During the meeting, central bank Governor Dr Chiranjibi Nepal instructed the chief executives to keep vigil over their systems, particularly during the festive season as the banks and financial institutions will have longer holidays in those days.
The central bank has also lowered the maximum limit for cash withdrawal using debit card from last Thursday as part of security measures, though the hackers will anyway use malware to withdraw any amount as they did last Saturday.
No comments:
Post a Comment