What SEBI is doing to protect stock exchanges from cyberattacks

Securities and Exchange Board of India (SEBI), the country’s capital markets regulator, has devised a plan to expand the scope of its cybersecurity initiatives.

The watchdog will look into the operational modalities of implementing these plans for Market Infrastructure Institutions (MIIs) - stock exchanges, depositories and clearing corporations.

In its annual report for 2017-18, SEBI has acknowledged the threat posed by technological developments to the country’s capital markets and the rise of cyber threats in the financial space across the world. 

In the same report, the regulator has laid down a detailed framework with regard to cybersecurity that stock exchanges, clearing corporations and depositories are required to adopt.

It said a high-powered steering committee on cybersecurity was constituted and chaired by a whole-time member of SEBI. A cybersecurity cell was also formed to actively address relevant issues.

According to the report, SEBI made a list of cyber attack vectors — means by which hackers can gain access to a computer — which it later shared with the MIIs to help them deal with the risks.

To further enhance its safeguards to protect MIIs, SEBI had advised them to put in place controls based on its list of cyber threat vectors and cyberattack scenarios.

The regulator has also advised MIIs to conduct a comprehensive review of cybersecurity every six months. 

In a related development, digital payments authority National Payments Corporation of India (NPCI) has issued an advisory note asking banks to take measures to protect themselves against fraud.

The caution comes a week after hackers siphoned off $13.5 million from Pune-based Cosmos Cooperative Bank through simultaneous withdrawals across 28 countries.