NRB directs BFIs to curb cyber risks

Kathmandu, September 11: Nepal Rastra Bank (NRB) has directed the bank and financial institutions (BFIs) to adopt three measures to ward off the possible cyber attack in their IT system.

Such direction came in the wake of recent ATM heist in Kathmandu in which a group of hackers stolen over Rs 18.9 million by hacking the payment switch of Nepal Electronic Payment System (NEPS).

Issuing a circular yesterday, the central bank instructed them to strengthen their technical capacities like perimeter defense, access control, encryption, antivirus, and firewall, update them regularly, and verify the genuineness of their system adopted for payment order and other service deliveries.

Such measures are expected to help curb the risks of data loss and theft, and denial of services caused from cyber attack, malware virus and ransomware along with other external threats like spam, phishing and spoofing through the website, mobile application, official social media networks and IT system.

“The BFIs should carry out regular monitoring and reporting of their systems and share information of any incident or attack to the respective agencies. This is because there have been attempts to infiltrate the systems of banks from unauthorized people or places by placing fake order or correspondences, ” reads the circular.

The BFIs are also directed to prepare Preventive, Detective and Responsive IT Security Strategy and carry out a security audit of IT systems regularly in line with the international best practices, and also proactively work for raising awareness and capacity development of their users and staffers.