In a move to bolster the cybersecurity and cyber resilience framework for Market Infrastructure Institutions (MIIs) including Stock Exchanges, clearing corporations, and depositories, the Securities and Exchange Board of India (SEBI) unveiled new guidelines. The dynamic shifts in India‘s securities markets have elevated the interconnectedness among MIIs, prompting SEBI to emphasize a comprehensive cyber risk strategy.
Enhanced Cybersecurity Measures for MIIs
SEBI‘s guidelines reflect the growing recognition of the expanded cyber risks faced by MIIs. The changes encompass several key areas aimed at fortifying cybersecurity and ensuring market integrity:
Offline Data Backups and Testing
MIIs will now be required to maintain encrypted offline backups of their data. These backups must undergo regular testing on a quarterly basis to ensure the confidentiality, integrity, and availability of critical information.
Spare Hardware for Disaster Recovery
To ensure effective disaster recovery, MIIs are advised to consider the availability of spare hardware in isolated environments. This practice would facilitate the rebuilding of systems if initiating operations from both the Primary Data Centre (PDC) and Disaster Recovery Site (DRS) becomes unfeasible.
Business Continuity Drills
Regular business continuity drills are recommended to assess organizational readiness and the efficacy of existing security controls in addressing potential ransomware attacks. Such drills would enhance preparedness at ground level.
Vulnerability Scanning and Attack Mitigation
Regular vulnerability scanning is stipulated, with a focus on identifying and addressing vulnerabilities, particularly those in internet-facing devices. This approach aims to minimize the potential attack surface and strengthen overall cybersecurity posture.
User Awareness and Training
MIIs are required to establish a comprehensive cybersecurity user awareness and training program. This program should guide employees on identifying and reporting suspicious activities, contributing to a heightened vigilance against potential threats.
Multi-Factor Authentication (MFA)
Recognizing the systemic importance of MIIs in the smooth operation of the securities market, SEBI mandates the use of Multi-Factor Authentication for all services. This additional layer of security aims to thwart unauthorized access attempts.
SEBI’s proactive steps to enhance cybersecurity for MIIs underscore their significance in maintaining the stability and trustworthiness of India’s securities market. By addressing emerging cyber risks and bolstering cyber resilience, SEBI’s guidelines contribute to the overall integrity of the financial ecosystem.
As the threat landscape evolves, these guidelines are poised to play a crucial role in safeguarding critical financial infrastructure against cyber threats, contributing to the sustained growth and resilience of the Indian securities market.
Disclaimer: The information provided here is for educational purposes only and should not be considered financial advice. Always conduct thorough research and consider consulting a financial professional before engaging in algorithmic trading.