NEW DELHI: To firewall securities markets from cyber threats, Sebi is looking to further beef up policy framework on this front and plans to appoint an advisor for such security and other IT initiatives.
Sebi has already asked stock exchanges and other institutions to keep a constant vigil on online threats globally and take lessons to put in place necessary safeguards.
WannaCry ransomware: 5 facts to remember, and 5 rumours you should ignore
WannaCry ransomware: 5 facts to remember, and 5 rumours you should ignore
A massive ransomware attack, dubbed WannaCry, which started last week is still wrecking havoc on several computers across the world. Computers systems of companies and organizations like FedEx, Nissan, Hitachi, the Russian Central Bank, Telefonica and the British National Health Service have been affected. In India too, the ransomware has claimed victims including Tirupati temple and some computers at police stations in Andhra Pradesh and West Bengal State Electricity Distribution Company Limited. However, there are also several myths and rumours floating on the internet and various WhatsApp groups related to this ransomware. Here are 5 myths and facts about the ransomware attack.
Myth: Ransomware attacks affect only big companies
One of the biggest myths is that ransomware attacks target only big companies. However, realistically anyone can be at the receiving end of such hacking attacks. Several SMBs and home PC users too have been affected by the recent WannaCry cyberattacks. Also, it is easier to hurt small organizations and home PC users than big giants. Cybercriminals are increasingly getting smarter, so to unencrypt files they ask for an amount which may be significant for the victim, but not impossible to pay.
Myth: It is unsafe to use ATMs post the ransomware attack
One of the biggest myths doing rounds is that it has become dangerous to use ATMs post the WannaCry ransomware hack. There are several such messages floating on various WhatsApp groups, forbidding users from using ATMs. However, experts have debunked this fear. "ATMs usually do not save any financial transaction data. Hence, I do not think that machines will be particularly vulnerable to such malware attacks, which encrypt files," chief executive of an ATM manufacturing company told ET. Majority of ATMs in India operate on Windows XP, these machines also have a firmware that limits their activities to bare basics. Also, the slower speeds at which systems operate is also said to be helpful in preventing the spread of malware, which is usually a big file.
Myth: ATMs shut due WannaCry ransomware
There have been rumours that several ATMs across the country have been shut down due to WannaCry ransomware. However, allaying these fears a Reserve Bank of India (RBI) spokesperson said that there is no impact on ATMs due to ransomware anywhere in the country. He added, "Even if any ATM is not operational, it could be because of no cash or some technical upgradation which happens on regular basis. But (there has been) no small or big impact due to ransomware."
Myth: One cannot recover data hacked by ransomware (except by paying the ransom)
Another big myth related to ransomware is that there is no way to recover data hacked by ransomware. However, there is a simple (or rather easiest way), just head to your last backup and retrieve the data. This means that users who regularly back up their data and ensure that security tools installed on their computers are always up-to-date need not worry about such attacks. Up-to-date backup makes it possible to restore data without paying that ransom.
Myth: Opening of 'Dance of Hillary' video will automatically format your phone
Many of us have received the message about 'Opening of Dance of Hillary video' on WhatsApp. The message warns users against opening this video and claims that it will automatically format their smartphone and steal all financial information stored on them. To emphasize on the authenticity of the claim, the message says that this was announced on BBC radio. However, it is actually an edited version of another old hoax and is not related anywhere to the WannaCry ransomware.
Fact: Rannsomware is holding your files for ransom
As the name suggests, ransomware is a kind of malware that essentially takes over a computer (or a device) and prevents users from accessing the data within the computer until a ransom is paid. The hackers finds all of your files and encrypts them and leaves a message that if you want to decrypt them, then pay. The ransomware encrypts data on the computer using an encryption key that only the attackers know.
Fact: The threat is still not over
Don't be scared, but also don't lower your guard as yet. For, the threat of WannaCry ransomware is still not over. The impact on India of the ransomware has been relatively less. However, according to an Indian Computer Emergency Response Team (CERT-In) official, WannaCry has not “seen its end” as multiple modules can still emerge and cause disruptions.
Fact: Your smartphones face as big a threat as PCs
If you think that it is only your PC which is at risk, you got it wrong. As Sanjay Bahl, director general of the Indian Computer Emergency Response Team (CERT-In), told ET, “The larger operating system is on the mobile, which is Android. We don’t know what will happen if that gets hit. That will be a different ballgame altogether.” He further added that CERT-In is preparing for that eventuality.
Fact: This is the biggest cyberattack worldwide
Yes, WannaCry is one of the biggest cyberattacks in history reported so far. The WannaCry cyberattack is still claiming victims and threatens to create more havoc. The attack has been termed "unprecedented" in its reach, with victims in at least 150 countries across the globe.
Fact: You can prevent WannaCry-like ransomware attacks
Though experts say that there is no perfect solution to stop WannaCry-like ransomware attacks, there are surely ways to prevent them. Users should regularly back up their data and ensure that security updates are installed on their computers as soon as they are released. Users should also be cautious regarding malicious email messages that often masquerade as emails from companies or people you regularly interact with. Also, be wary of attachments from people and sources, you are not sure of.
The Securities and Exchange Board of India (Sebi) will appoint an advisor for cyber security and information technology, who will be responsible for strengthening its regulatory policy framework in this space, according to the latest update with the regulator.
The advisor would monitor implementation of these regulatory policies across securities markets and also help enhance capacity building at Sebi and various market participants with respect to cyber security.
The officer would also develop a stress testing mechanism to mitigate risks arising out of cyber attacks while a framework will be put in place for taking correctives and a prudent response in case of such an emergency at the regulator or market participants.
The advisor would also observe developments in cyber technology and security space and prepare inputs for regulatory policy development. The officer would also formulate IT strategy and identify specific initiatives and a 5-year road map.
Sebi has invited applications from eligible persons for the post of Advisor, Cyber Security and Information Technology, who will need at least 10-15 years of experience in cyber security/IT, audit of IT systems, assessment and implementation of business continuity and disaster recovery programs and development of critical IT systems.
The person should have experience at a fairly senior level as head of a large unit of an IT company or an IT unit of a bank, financial institution or market infrastructure institution. The advisor will be appointed on 'contract and part time basis' for three years.
Sebi, in May, had set up a four-member panel on cyber security to suggest measures to ring fence capital markets from such attacks.
Last month, the regulator said it will undertake a comprehensive review of technology and systems at all market institutions, including exchanges, to safeguard the marketplace from cyber threats and technical glitches.
Sebi had held a meeting with the stock exchanges on July 28 against the backdrop of the recent case of technical glitch at leading bourse NSE, due to which trading had to be halted for over three hours on July 10.
Mobile, Laptop and Desktop Repair,