Banks band together to defend against threats to IT security

Wednesday, 2 July 2014 00:00 - - {{hitsCtrl.values.hits}}

By Shabiya Ali Ahlam After an apparent six-year wait, the financial services industry has finally joined forces to defend itself collectively against threats to IT security. The initiative saw the launch of ‘Bank CSIRT’ (Computer Security Incident Response Team), which aims at safeguarding banks and financial institutions from cyber attacks and online financial frauds. Hosted by LankaClear, Sri Lanka’s national payment infrastructure provider, the platform that was initiated in 2008 is managed under the guidance of the Central Bank (CB) along with the support of Sri Lanka CERT|CC (Computer Emergency Readiness Team| Coordination Centre) and the Sri Lanka Banks Association (SLBA).

While currently there is no platform for formal collaborations between institutions to pool critical information and knowledge for greater synergies in fighting threats and attacks, the newly-launched information security program will help implement processes to continuously assess security risks allowing immediate response with stronger controls. The system was formulated due to the importance of such a platform in the industry having grown greatly in the recent decades due to factors such as regulatory requirements mandating information protection, growth of electronic banking and increasing number of individuals with access to enterprise data. Bank CSIRT, which is a pioneering initiative for the financial sector, was launched at an event held at the Central Bank graced by President’s Secretary Lalith Weeratunga as Chief Guest, CB Governor Ajith Nivard Cabraal, Information Communication Technology of Sri Lanka (ICTA) Chairman Professor P. W. Epasinghe, Sri Lanka CERT CEO Lal Dias, LankaClear CEO/GM Sunimal Weerasooriya, and CEOs, CIOs and senior officials of the CB, banks and finance companies. The system, accessible through the Bank CSRIT website, was launched by Weeratunga, where he sent out the first informational alert to all member banks. Having five key functionalities, the Bank CSIRT aims to formulate and implement baseline security standards, share fraud, cybercrime and threat intelligence information, issue vulnerability, advisory and information alerts, registration of third party service providers and incident response. Addressing the top officials of the banking and finance community, CB Governor Cabraal noted that with IT threats being higher than before due to extreme connectivity, high protection was essential. “We have to protect ourselves and ensure that information systems integrity is maintained. That I think is one of the greatest difficulties we have, but we have to face up to it and ensure it is done. The banking sector is a cornerstone of the economy and for integrity to be maintained, we need to ensure the procedures are in place. For this the CB has been able to coordinate an effort to ensure integrity is maintained and we hope that with Bank CSIRT, the country’s financial system will be made stable and safe,” he told audience. Observing that the system could not be launched at a better time with the increase of phishing attacks – an attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication – Weeratunga pointed out that the Government had been doing a lot of work in this arena in the recent past and has taken a step forward by establishing the Sri Lanka CERT|CC in 2006 and implementing the Cyber Crime Act of 2007. Touching on more recent developments, he shared that last month the Cabinet nod was given for Sri Lanka to sigh the Convention on Cyber Crime, which would help the nation to be in line with international statutes and frameworks while allowing it to have access to systems and networks of other countries. On the same lines of the Bank CSIRT, the Sri Lanka CERT|CC has also devised a concept of setting up similar systems for the military, education and internet services sector.