The circular put out by SEBI noted that cyber incidents have been rapidly growing in frequency and sophistication.
The Securities and Exchange Board of India has put out an advisory for SEBI Regulated Entities (REs) regarding cybersecurity best practices to limit cyber threats and phishing attacks. SEBI has asked all REs, including financial sector organisations, stock exchanges, depositories, mutual funds and other financial entities, to provide compliance of the advisory along with their cybersecurity audit report.
The circular put out by SEBI noted that cyber incidents have been rapidly growing in frequency and sophistication. The market regulator has told the regulated entities to implement 12 practices as recommended by the CSIRT-Fin.
SEBI has asked the REs to define roles and responsibilities of the Chief Information Security Officer (CISO) and other senior personnel. The REs have also been told to proactively monitor the cyberspace to identify phishing websites, considering that majority of the cyber infections are primarily introduced via phishing emails, malicious adverts on websites and third-party apps and programs.
The entities have also been asked to carry out security awareness campaigns to create awareness about the need to avoid opening links and attachments in email.
SEBI has also directed the REs to carry out security audit or Vulnerability Assessment and Penetration Testing (VAPT) at regular intervals. The gaps of VAPT have been directed to be resolved as per the timelines prescribed by SEBI. The regulator has also told the REs to follow these five steps as measures for data protection:
The regulated entities have also been directed to maintain a strong log retention policy and password policy in all digital assets and also enable multi factor authentication (MFA) for all users. The advisories issued by CERT-In should be implemented in letter and spirit by the regulated entities, SEBI said in the circular. The REs are also advised to go for ISO certification and due diligence with respect to audit process and tools used for such audit needs to be undertaken.
First Published: Feb 22, 2023 7:38 PM IST
