Indian banks ordered a ban on staff using internet in office except for essential banking services, while the leader, State Bank of India, has installed new software and ordered branches to follow instructions to prevent Wannacry malware from crippling operations.
Bankers were barred from accessing various websites, including Gmail and Yahoo. Those in non-sensitive departments were also told not to visit social media sites like Facebook and Twitter. The use of internet was permitted only for clearing operations and necessary businesses.
"This is to be taken most seriously. Please ensure these are percolated to the last mile up to every employee having access to the network, including staff working in offices/departments/TCs/call centres, etc," Union Bank of India chairman Arun Tiwary said in a message to departmental heads.
The Indian Banks' Association warned its members to take precaution in a way that would protect the individual banks as well as the system from the attack, which is threatening to stall businesses. "We have advised banks to take utmost precaution in light of the reports of a global cyber attack.
This advisory is just precautionary in nature and we are confident that banks are well equipped to deal with any challenges that come," said an IBA official. He cannot be named because he is not allowed to speak to media.
Banks, in general, use dedicated computers to access internet so that their core banking solutions remain immune to outside threats, but these dedicated machines are now being used with restrictions, senior officials of three state-run banks said.
"We are being extremely vigilant because of this new threat. Though we have found nothing extraordinary in our systems so far, our IT teams are on high alert because of this heightened threat," said the chief operating officer at a private sector bank.
The malware spreads by exploiting vulnerable systems running on Windows operating system. The Indian Computer Emergency Response Team has issued advisory for prevention of this threat. "So far, there is nothing damaging coming out of India, but there is considerable risk for the large databases of KYC and Aadhaar, which banks will have to be careful about," said Ashvin Parekh, an independent banking consultant.
In October last year, a malwarerelated security breach had forced SBI to block six-lakh debit cards as a precaution after it was alerted by card network companies such as Mastercard and Visa.
"Digital transactions in financial services have grown at a rapid pace in India, but investment in security is not commensurate with the risk the transactions pose," said Piyush Singh, managing director, financial services - Asia Pacific, Accenture.
"Banks in India will not only have to look at investment in technology infrastructure, but also operations management and contagion of risks posed by technology."
Source :The Economic Times