In response to growing cybersecurity threats to the securities market, Sebi issued an advisory to stock exchanges, depositories, and other regulated entities on Wednesday, requesting that they define the roles and responsibilities of the chief information security officer and other senior personnel.
It also requested that the security policy clearly specify the reporting and compliance requirements.
According to a circular issued by the markets watchdog, Sebi Regulated Entities (REs) have been advised to implement the cybersecurity practises recommended by the Financial Computer Security Incident Response Team (CSIRT-Fin).
The REs have been asked to monitor cyberspace proactively in looking for phishing websites and report them to CSIRT-Fin. According to Sebi, the large number of infections are spread via phishing emails, malicious advertisements on websites, and third-party apps and programmes.
According to the regulator, REs must respond to and recover from a cyber-incident in an efficient and effective manner in order to limit any related financial stability risks. Sebi also stated that operating systems and applications should be regularly patched with the most recent patches. It also stated that the application’s security audit, also known as Vulnerability Analysis and Penetration Testing (VAPT), should be performed on a regular basis.
The regulator has directed REs to implement data protection and data breach prevention measures. Sebi has requested that REs implement a strong log retention policy as well as a robust password mechanism. It also asked them to install web and e-mail filters on the network.
Because of the interconnectedness and interdependence of financial entities in carrying out their functions, the regulator noted that the cyber risk of any given entity is no longer restricted to the entity’s owned or controlled systems, networks, and assets. The circular will go into action as soon.