About Us
Technology Risk
Technology has transformed the way business is conducted across the globe. Emerging technology has become an integral part of our everyday life. The closer we are to technology usage, the more we are exposed to new risks. This dependence comes from the need to manage both processes and information better. The sensitive nature of data exposes it to threats from malware, ransomware, insider threats, risks from outsourcing services, privacy breaches, etc.
The lessons from Uber and Equifax for data breaches emphasize the need for privacy enforcement legislation like the Data Privacy Act, GDPR, etc. A recent study revealed that data breaches in the first six months of 2017 were higher than the total violations for the previous years.
In a competitive and highly connected business landscape, the urgency to leverage a given opportunity has resulted in businesses ignoring potential risks in pursuit of growth. It is essential for organizations to ensure that their technology is tuned to their strategic goals. Organizations should utilize technology as a tool to achieve excellence in business delivery by reducing risks and optimizing returns.
We understand that each business's requirements are unique. We offer a range of IT services under Technology Risk Advisory and Technology Advisory to enable you to concentrate on your core business functions while we handle your technology concerns. We provide solutions that address a wide range of industries and geographies. Our team of multidisciplinary professionals assist you in identifying and mitigating emerging threats. We partner with you to address these risks by recommending mitigating controls and assisting you in implementing them seamlessly.
While physical security is undeniably significant in today's IT environment, the age of the internet demands careful protection from internal and external threats. Nexdigm offers customized cyber security services, equipped to ensure both safety and compliance.
Cyber security
While a hundred percent efficiency is difficult to achieve in any human process, maximizing cyber security resilience and bouncing back from an attack with minimal impact is imperative for all businesses. Organizations must invest in quality tools and define standard protection processes to stand firm in the face of an attack.
Our team of cyber security experts can help you ensure the following:
Identify and Protect
- IT Governance
- Identification of critical assets
- Access controls
- Physical security
- Network security management
- Security of data
- Hardening of hardware and software
- Application security and testing
- Patch management
- Disposal of systems
- Vulnerability assessment and penetration testing
Detect and Respond
- Monitoring Processes
- External and internal implications
- Detection of attacks on systems and networks
- Alerts and responses to unauthorized/abnormal systems
Remediate and Recover
- Timely restoration of systems
- Loss/destruction instructions being included as ongoing learning
- Periodic drills, training, and audits
- Information sharing and transparency
RBI & SEBI Guidelines
The Reserve Bank of India (RBI) and Securities Exchange Board of India (SEBI) Guidelines related to a cyber security framework enable banks and other NBFC's to formalize and adopt cyber security policies along with a cyber crisis management plan.
SEBI has issued a circular to maintain robust cyber security and resilience frameworks to protect the integrity of data and breaches against privacy. As a part of operational risk management, there are requirements for all Mutual Funds (MF) and Asset Management Companies (AMC) to comply with circular SEBI/HO/IMD/DF2/CIR/P/2019/12 effective 1 April 2019. The RBI provided guidelines on a Cyber Security Framework vide circular DBS.CO/CSITE/BC.11/33.01.001/2015--16 dated 2 June 2016, where it highlighted urgent need for banks to put in place a robust cyber security/resilience framework to ensure adequate cyber security preparedness.
Who do these guidelines apply to?
The guidelines apply to all MFs and AMCs regulated by SEBI and all banks regulated by RBI. They apply to all data created, received, or maintained, wherever these data records arise from and whatever form they are in, in the course of carrying out their designated duties and functions.
Impact of non-compliance
The cyber security guidelines, by large, can be mapped to the NIST framework, which was developed with a focus on industries vital to national and economic security.
Banks need to assess their cyber security preparedness under the active guidance and oversight of the IT Sub Committee of the Board or the Bank's Board directly. The Banks also need to report to the Cyber Security and Information Technology Examination (CSITE) Cell of the Department of Banking Supervision, Reserve Bank of India regarding:
- Identified gaps w.r.t. Cyber security/Resilience Framework.
- Proposed measures/controls and their expected effectiveness.
- Milestones with timelines for implementing the proposed controls/measures.
- Measurement criteria for assessing their effectiveness, including the risk assessment and risk management methodology followed/recommended by the bank.