Versions

 

OM-5.5.22

Conventional bank licensees must conduct periodic assessments of cyber threats. For the purpose of analysing and assessing current cyber threats relevant to the licensee, it should take into account the factors detailed below:

(a) Cyber threat entities including cyber criminals, cyber activists, insider threats;
(b) Methodologies and attack vectors across various technologies including cloud, email, websites, third parties, physical access, or others as relevant;
(c) Changes in the frequency, variety, and severity of cyber threats relevant to the region;
(d) Dark web surveillance to identify any plot for cyber attacks;
(e) Examples of cyber threats from past cyber attacks on the licensee if available; and
(f) Examples of cyber threats from recent cyber attacks on other organisations.
Added: July 2021