21 December 2020
NB.DOS.HO.CSITE.NO/3187/CS-01 /2020-21
EC No. 332 / DoS - 55 /2020
The Chairman/MD/CEO
All Regional Rural Banks
All State Co-operative Banks
All District Central Co-operative Banks
Dear Sir
Cyber Security Framework in Banks- Reporting of Near Misses
In order to enhance the resilience of cooperative banks and RRBs in improving their defence against cyber risks, NABARD had issued a comprehensive circular on cyber security framework dated 16 March 2018. NABARD had further issued circular dated 6 February 2020 for classifying banks from Level I to Level IV depending upon their digital depth and interconnectedness and putting in place necessary controls in tune with their level and exposure to cyber risks.
2. So far, banks have been reporting cyber incidents, which are actual breaches in the system through various cyber threats like ransomware, phishing attacks, hacking, exploitation of existing vulnerability etc. Banks have been reporting these incidents in the prescribed format (Annexure 3) as envisaged in our circular dated 16 March 2018.
3. However, a need has been felt to capture information relating to cyber incidents which are Near Misses. “Near Miss” may be defined as failed attempt of fraudulent transactions which were prevented, suspicious activity that was detected or calculation errors which were discovered. Although Near Misses have not resulted in any loss/ damage, they are important to prevent future incidents.
4. Capturing data on Near Misses/failed attempts provide insights into emerging threat patterns, vulnerabilities and lacunae within legal frameworks. From a supervisor's point of view, this will provide system wide benefits as receiving reports of near misses facilitates adoption of safeguards and development of counter-measures to emerging threat vectors.
5. In order to enable reporting of near misses, the existing reporting format has been revised to cover reporting for both actual breaches and failed attempts/Near Misses. As this is an incident based reporting, in case of occurrence of breaches /Near Misses in your bank, you may submit the return by mail till submission module in ENSURE portal is enabled. A copy of revised Annexure 3, as indicated above, is enclosed.
6. A copy of this circular may be placed before the Board of Directors of the Bank in its ensuing meeting
Please acknowledge receipt to our Regional Office.
Yours faithfully
sd/-
(K. S. Raghupathi)
Chief General Manager
Encl: As above