Strengthening Cybersecurity: SEBI's New Guidelines for Stock Exchanges

Market regulator SEBI has released new guidelines aimed at enhancing the cybersecurity framework for various Market Infrastructure Institutions (MIIs) such as Stock Exchanges, clearing corporations, and depositories. These guidelines, announced on Tuesday, signify a proactive move by SEBI to address the evolving landscape of the Indian Securities markets.

The increased interdependence among MIIs due to changing market dynamics has prompted SEBI to recognize that the cyber risk associated with any given MII extends beyond its owned or controlled systems, networks, and assets. In response, SEBI, in consultation with MIIs and based on the recommendations of the High Powered Steering Committee on Cyber Security, has taken the decision to bolster the existing cyber resilience and security measures.

The newly introduced guidelines encompass several key measures. MIIs will be required to maintain encrypted offline backups of data, subject to regular testing on a quarterly basis. This step aims to ensure the utmost confidentiality, integrity, and availability of critical information. To further enhance operational preparedness, MIIs are advised to explore the feasibility of maintaining spare hardware within isolated environments. This provision would enable them to reconstruct systems in scenarios where commencing operations from both the Primary Data Centre (PDC) and Disaster Recovery Site (DRS) might not be viable.

SEBI places a strong emphasis on business continuity in the face of emerging threats, such as ransomware attacks. As part of these guidelines, MIIs are mandated to conduct frequent business continuity drills. These exercises serve to assess the organization's readiness and the efficacy of security controls at a practical level.

Vulnerability management also features prominently in the new guidelines. MIIs are directed to regularly conduct vulnerability scans to detect and address potential weaknesses, particularly on internet-facing devices. This strategy is designed to curtail the potential attack surface, reducing the avenues for cyber intrusions. In parallel, MIIs are instructed to institute a comprehensive cybersecurity user awareness and training program. This initiative will educate personnel on recognizing and reporting suspicious activities.

Recognizing the systemic importance of MIIs as the bedrock of a functioning securities market, SEBI has stipulated the adoption of Multi-Factor Authentication (MFA) for all services. This additional layer of security enhances the protection of sensitive operations.

SEBI's release of these guidelines represents a strategic move to fortify the cybersecurity stance of MIIs. By responding to the evolving threat landscape and encouraging proactive cybersecurity measures, SEBI aims to ensure the continued stability and integrity of the Indian securities market.

From Likes to Regulations: The Rise of Finfluencers and SEBI's Role

Oil Market Faces Steep Decline Amid Escalating Recession Concerns

 

Related News

Join NewsTrack Whatsapp group