RBI Cybersecurity Framework

Check out the cybersecurity requirements for Indian banks and how you can enhance RBI compliance with Endpoint Protector


Since 2010, Banks in India have swiftly adopted newer technologies and digital channels, with the underlying objective of increasing footprints and revenues. Customer preferences have also shifted towards digital platforms. Along with this, a rapid growth has been observed in the adoption of new security measures during the past decade.

About the Framework

The Reserve Bank of India (RBI) has released a new Cyber Security Framework on June 2, 2016, in which states that scheduled commercial banks (private, foreign and nationalized banks listed in the schedule of RBI Act, 1934) must proactively create or modify their policies, procedures and technologies based on new security developments and concerns. As per RBI, use of information technology and their constituents has grown rapidly and is now an integral part of banks' operational strategies; hence the need for a board-approved cyber-security policy.

The cybersecurity guidelines issued by the RBI reflect the changing threat landscape financial institutions in India face and serve as a reminder of the need for robust cyber threat detection and response. The central banking institution released extensive IT security guidelines in 2011, but it felt compelled to update its guidance partly because the original advisory didn’t sufficiently address the need for post-breach capabilities.

As the RBI points out, the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. The aim of the Framework is to strengthen cybersecurity initiatives and cybersecurity preparedness of banks in India, as well as to facilitate proactive response and management of cyber incidents.

The Framework is written from the perspective that a breach has already happened or it will occur, thus moving from solely focusing on preventive tools to detection, containment, and response; it calls for a range of techniques and policies to help banks in India operate securely in an evolving threat landscape. The guidance consists of an introductory framework and guidance and three annexes:

  1. An indicative set of baseline cybersecurity and resilience requirements.
  2. Information on setting up and operationalizing a cybersecurity operation center (C-SOC).
  3. A template for reporting cyber incidents to the RBI.

Key Takeaways for Banks

Banks are advised to adopt proactive cybersecurity measures - a shift from the current reactive strategies - to defend against sophisticated threats like zero-day malware and advanced persistent threats.
A cybersecurity policy should be defined and adopted along with a cybersecurity strategy and an assessment of cyber threats and risks. This should be distinct from the broader IT policy / IS security policy of a bank.
Security Operations Centre (SOC) needs to be set up at the earliest (if not already in place) for proactive monitoring using sophisticated tools for detection, quick response and backed by tools for data analytics.
Arrangements need to be made for continuous surveillance and real-time analysis as it helps in taking actions faster when attacked from outside. The new guideline requires banks to implement a 24/7 real-time based surveillance.
A Cyber Crisis Management Plan should be immediately evolved and should be a part of the overall Board approved strategy in order to address the full lifecycle of detection, response, containment, and recovery in case of a cyber incident.
Cybersecurity preparedness indicators need to be defined to assess and measure the level of risk/preparedness. These indicators should be used for comprehensive testing through independent compliance checks and audits.
Supervisory reporting framework to be set to collect both summary level information as well as details on information security incidents.
All unusual cybersecurity incidents should be reported to the RBI as per format given in the annexes.
Cybersecurity awareness and training sessions need to be conducted for all relevant stakeholders of the bank.

How Endpoint Protector Accelerates Compliance?

Endpoint Protector is an award-winning Data Loss Prevention (DLP) solution suitable for businesses of all sizes. Our product can protect confidential company data throughout the entire network, regardless of whether the computers are Windows, macOS or Linux-based.

We help banks address multiple security challenges arising out of RBI’s regulatory requirements.

Protecting Customer Information

  • According to the Framework, banks are held responsible for securing customer information even when it is with the customer or a third-party vendor.
  • With Endpoint Protector company-wide policies can be set to prevent sensitive customer data from being transferred over the web.
  • These policies are often predefined, especially when it comes to personally identifiable information (PII) that has to be protected under most data protection regulations.
  • Banks have the possibility of defining their own policies based on data that they specifically collect, or is considered sensitive in the context of their particular industry.

Removable Media

  • The RBI requires banks to define and implement a policy for restriction and secure use of removable media on various types of devices and secure erasure of data on such media after use. Media types and information that could be transferred/copied to/from such devices should also be limited.
  • With Endpoint Protector removable devices such as USB storage devices, printers and ports like WiFi, Bluetooth can be monitored and managed.
  • In the Content Aware Protection module filters can be enabled based on file type, predefined content, custom dictionaries, Regular Expressions etc. Filters based on predefined content block documents containing sensitive information like credit card numbers (CCNs), social security numbers (SSNs) and other personally identifiable information (PII).
  • The Content Aware Protection module complements the Device Control solution, thus transfers to removable media can be limited for certain documents and file types.

Advanced Real-time Threat Defence and Management

  • RBI proposes banks to implement whitelisting of internet websites/systems as well as secure web gateways with the capability to deep scan network packets including secure traffic passing through the web/internet gateway.
  • With Endpoint Protector it is possible to create custom defined lists of web addresses. Access to domains and URLs from these lists will be denied. The Deep Packet Inspection feature* allows network traffic inspection at an endpoint level and offers thus a detailed content examination of file transfers.
    * This feature currently is available for macOS only.

Data Leak Prevention Strategy

  • The RBI prescribes a data leak prevention strategy for banks, which should include data in motion and data at rest, as well as data processed in endpoint devices, in order to help safeguarding sensitive business and customer information.
  • Endpoint Protector’s Device Control module offers a number of tools that allow organizations to control or block unauthorized devices. Besides blocking transfers of confidential data to removable media, it also prevents malware proliferation, which is a leading cause of data corruption and data loss
  • The Content Aware Protection module enables the definition of more in-depth filters to determine whether information should be permitted to leave endpoints through portable storage devices, e-mails, web applications, cloud storage solutions, and other means.
  • The eDiscovery module for data at rest scans and identifies the confidential information in organizations’ endpoints and allows Administrators to take remediation actions like encrypting or deleting the data.

User Access Control/Management

  • Banks should provide secure access to their assets from within and outside their network by protecting data at rest and in-transit.
  • RBI recommends banks to provide access rights on a need to know basis and for a specific duration when it is required, instead of administrative rights on end-user workstations/PCs/laptops.
  • With Endpoint Protector’s Offline Temporary Password feature temporary access to a specific device or more devices can be given for a limited period of time. This allows employees, if needed, to safely access devices and transfer documents.

Main Advantages of Endpoint Protector

Quick and easy deployment
up and running in minutes
Cross-platform solution
available for Windows, macOS and Linux
Intuitive user-friendly interface
with a short learning curve
Modular approach
mix and match the right tools for specific needs
Granular policies and settings
to meet the needs of every department
Lightweight agent
with a minimum footprint on the client

Build your data protection strategy with

Get started today!
We are always happy to answer your questions, advise on features and use-cases or direct you to our local representative.
Data privacy is very important to us.
Details provided, will only be used for the purpose they were intended for. Read more about our commitment and Privacy Policy.
Endpoint Protector Sales

Get your latest dose of
News and Insights about

Request Demo
* Your privacy is important to us. Check out our Privacy Policy for more information.