State Bank of Pakistan (SBP) has released guidelines on prevention against cyber-attacks. By following these guidelines, SBP has informed banks/MFBs/DFIS to improve their cyber security levels round the clock so as to predict, withstand, detect and counter cyber-attacks.
SBP’s guidelines on cyber security provide instructions in the realms of management responsibility and risk ownership, periodic evaluation and monitoring of cyber security controls, regular independent assessment and tests, and industry collaboration as well as contingency planning.
The new guidelines require the Board of Directors of the institutions to regularly evaluate the adequacy of cyber security systems and action plans with regard to emerging cyber threats. The senior management is required to ensure that an organizational plan of action for cyber security management exists in each institution and is regularly reviewed and updated for implementation.
It may be noted here that cyber threats have become a global phenomenon and are continually growing in sophistication and impact, despite the advances in cyber-security technologies and practices. SBP has always proactively strived to provide an enabling regulatory framework in order to cope with new threats.
While the new technologies and their application in banking system has created new opportunities for the efficient and cost-effective delivery of services, these have also posed a number of new threats and risks.
It must be mentioned here that SBP has only issued notifications about the procedure that should be carried out however it has failed to mention any specific security updates/upgrades that should be implemented.
The banks/DFIs/MFBs are required to make necessary arrangements to comply with the instructions latest by December 31, 2016.
The full statement issued by SBP in this regard can be viewed here