Sebi's cybersecurity advisory for stock exchanges, regulated entities| Details - Hindustan Times
close_game
close_game

Sebi's cybersecurity advisory for stock exchanges, regulated entities| Details

PTI | | Posted by Singh Rahul Sunilkumar
Feb 22, 2023 09:07 PM IST

Sebi noted that majority of the infections are primarily introduced through phishing e-mails, malicious adverts on websites, and third-party apps and programmes.

Amid increasing cybersecurity threats to the securities market, Sebi on Wednesday issued an advisory for stock exchanges, depositories and other regulated entities asking them to define roles and responsibilities of chief information security officer and other senior personnel.

Sebi said an efficient and effective response to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks.(PTI File Photo)
Sebi said an efficient and effective response to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks.(PTI File Photo)

Also, it asked them to clearly specify the reporting and compliance requirements in the security policy. (ALSO READ: Cybersecurity strategy proposes measures for data breaches)

Unlock exclusive access to the latest news on India's general elections, only on the HT App. Download Now! Download Now!

Sebi Regulated Entities (REs) have been advised to implement these cybersecurity practices as recommended by Financial Computer Security Incident Response Team (CSIRT-Fin), according to a circular issued by the markets watchdog.

The REs have been asked to proactively monitor the cyberspace to identify phishing websites and report the same to CSIRT-Fin.

Sebi noted that majority of the infections are primarily introduced through phishing e-mails, malicious adverts on websites, and third-party apps and programmes.

Accordingly, thoughtfully designed security awareness campaigns that stress the avoidance of clicking on links and attachments in e-mail, can establish an important pillar of defence.

"Given the sophistication and persistence of the threat with a high level of coordination among threat actors, it is important to recognise that many traditional approaches to risk management and governance that worked in the past may not be comprehensive or agile enough to address the rapid changes in the threat environment and the pace of technological change that is redefining public and private enterprise," Sebi said. (ALSO READ: On Adani row, Sebi says it's committed to ensuring market integrity)

The regulator said that an efficient and effective response to and recovery from a cyber-incident by REs are essential to limit any related financial stability risks.

Also, Sebi said that operating systems and applications should be updated with the latest patches on a regular basis. It further said that security audit or Vulnerability Assessment and Penetration Testing (VAPT) of the application should be conducted at regular basis.

The regulator has asked REs to take measures for data protection and data breach.

Sebi has asked REs to implement strong log retention policy along with robust password mechanism. Also, it asked them to deploy web and e-mail filters on the network.

The regulator noted that the interconnectedness and interdependency of the financial entities to carry out their functions, the cyber risk of any given entity is no longer limited to the entity's owned or controlled systems, networks and assets.

The circular will come into force with immediate effect.

Catch every big hit, every wicket with Crick-it, a one stop destination for Live Scores, Match Stats, Quizzes, Polls & much moreExplore now!
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Wednesday, May 22, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On