Technology Risk

Technology has transformed the way business is conducted across the globe. Emerging technology has become an integral part of our everyday life. The closer we are to technology usage, the more we are exposed to new risks created. This dependence comes from the need to manage both processes and information better. The sensitive nature of data exposes it to threats from malware, ransomware, insider threats, risks from outsourcing services, privacy breaches, etc.

The lessons from Uber and Equifax for data breaches emphasize the need for privacy enforcement legislation like the Data Privacy Act, GDPR, etc. A recent study revealed that data breaches in the first six months of 2017 were higher than the total violations for the previous years.

In a competitive and highly connected business landscape, the urgency to leverage a given opportunity has resulted in businesses ignoring potential risks in pursuit of growth. It is essential for organizations to ensure that their technology is tuned to their strategic goals. Organizations should utilize technology as a tool to achieve excellence in business delivery by reducing risk and optimizing returns.

We understand that each business’s requirements are unique. We offer a range of IT services under Technology Risk Advisory and Technology Business Advisory to enable you to concentrate on your core business functions, while we handle your technology concerns. We provide solutions that address a wide range of industries and geographies. Our team of multidisciplinary professionals assists you in identifying and mitigating the ever-changing landscape of emerging threats. We will partner with you to address these risks by recommending mitigating controls and also assist you in implementing them seamlessly.

While physical security is undeniably significant in today’s IT environment, the age of the internet demands careful protection from internal and external threats. Nexdigm offers customized cybersecurity services, equipped to ensure both safety and compliance. You can read more about cybersecurity here.

Cybersecurity

While a hundred percent efficiency is difficult to achieve in any human process, maximizing cybersecurity resilience and bouncing back from an attack with minimal impact is imperative for all businesses. Organizations must invest in quality tools and define standard protection processes to stand firm in the face of an attack.

Our team of cybersecurity experts can help you ensure the following:

Identify and Protect

• IT Governance
• Identification of critical assets
• Access controls
• Physical security
• Network security management
• Security of data
• Hardening of hardware and software
• Application security and testing
• Patch management
• Disposal of systems
• Vulnerability assessment and penetration testing

Detect and Respond

• Monitoring Processes
• External and internal implications
• Detection of attacks on systems and networks
• Alerts and responses to unauthorized/abnormal systems

Remediate and Recover

• Timely restoration of systems
• Loss/destruction instructions being included as on-going learning
• Periodic drills, training, and audits
• Information sharing and transparency

RBI & SEBI Guidelines

The Reserve Bank of India (RBI) and Securities Exchange Board of India (SEBI) Guidelines related to a cybersecurity framework are meant to enable banks and other NBFC’s to formalize and adopt cybersecurity policies along with a cyber crisis management plan.

SEBI has issued a circular to maintain robust cybersecurity and resilience frameworks to protect the integrity of data and breaches against privacy. As a part of the operational risk management, there are requirements for all Mutual Funds (MF) and Asset Management Companies (AMC) to comply with circular SEBI/HO/IMD/DF2/CIR/P/2019/12 effective 1 April 2019. The RBI provided guidelines on Cyber Security Framework vide circular DBS.CO/CSITE/BC.11/33.01.001/2015--16 dated 2 June 2016, where it highlighted the urgent need among banks to put in place a robust cybersecurity/resilience framework to ensure adequate cybersecurity preparedness.

Who are these guidelines applicable?

The guidelines apply to all Mutual Funds and Asset Management Companies regulated by SEBI and all banks regulated by RBI. They apply to all data created, received, or maintained, wherever these data records are and whatever form they are in, in the course of carrying out their designated duties and functions.

Impact of non-compliance

The cybersecurity guidelines, by large, can be mapped to the NIST framework, which was developed with a focus on industries vital to national and economic security.

Banks need to assess their cybersecurity preparedness under the active guidance and oversight of the IT Sub Committee of the Board or the Bank’s Board directly. The Banks also need to report to the Cyber Security and Information Technology Examination (CSITE) Cell of the Department of Banking Supervision, Reserve Bank of India regarding:

• Identified gaps w.r.t. Cybersecurity/Resilience Framework.
• Proposed measures/controls and their expected effectiveness.
• Milestones with timelines for implementing the proposed controls/measures.
• Measurement criteria for assessing their effectiveness, including the risk assessment and risk management methodology followed/recommended by the bank.