According to the Securities and Exchange Board of India (SEBI) guidelines that was released on August 29, stock exchanges, clearing corporations, depositories and other such market infrastructure institutions (MIIs), have been asked to maintain regularly updated “gold images” of critical systems if they need to be rebuilt and to engage with Dark Web monitoring services to check for any brand abuse or data leak.
A circular titled “Guidelines for MIIs regarding Cyber security and Cyber resilience” was released where it was stated by SEBI about maintaining these “gold images” entails having image “templates” “that include a preconfigured operating system (OS) and associated software applications that can be quickly deployed to rebuild a system, such as a virtual machine or server”.
Due to the increasing interdependence in the market, the guidelines have been released. The circular stated that with the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs had seen significant increase and considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII was no longer limited to the MII’s owned or controlled systems, networks and assets.
Other guidelines out of the total of 28 include maintaining encrypted backups of data offline and regularly testing those backups monthly to ensure confidentiality, integrity and availability. Explore the option of keeping backup hardware in a segregated environment to rebuild systems in the event that MII operations cannot be run from both the primary data center (PDC) and disaster recovery (DRS). and regular business continuity exercises to check the readiness of the organization and effectiveness of existing security measures against ransomware attacks at the ground level.
On domain controllers (DCs), the circular said that DCs are often used by “threat actors” as a “staging point to spread ransomware network-wide”.
Therefore, in order to secure these controllers, MIIs need to ensure that DCs are patched as and when patch is released and it must be reviewed on a quarterly basis; MIIs should make sure that no installation of unnecessary software takes place on DCs, as these can be leveraged to run arbitrary code on the system; MIIs should ensure that access to DCs should be restricted to the administrators group and the users within this group should be given different access stages; MIIs should also ensure that DC host firewalls are configured for preventing direct internet access; and for known Active Directory Domain Controller abuse attacks, MIIs should undertake the penetration testing activity (internal and external). Weaknesses should be rectified on topmost priority.