A new six-hour reporting schedule for reporting cyber incidents, CIO News, ET CIO


By Sachin Yadav, Alok Bhavsar and Nachiketa Sharma

With the advent of various technologies and increasing levels of sophistication of cyber incidents today, staying on top of, let alone staying ahead of, cyber threats can sometimes seem impossible. COVID-19 has created new challenges for businesses as they adapt to working from home, which has become the “new normal”. Business cybersecurity is a major concern today and a cyber incident can quickly and easily escalate into a business crisis. This can lead to high profile media attention, financial loss, operational disruption, increased regulatory scrutiny and/or damage to customer loyalty and investor confidence. Therefore, organizations need to keep up to date and know how to handle/deal with cyber incidents tactfully, while taking a proactive approach to help minimize the impact of such incidents.

Instead of a traditional reactive approach, using a hybrid approach is the need of the hour. A hybrid approach incorporates mechanisms to proactively detect cybersecurity incidents/risks in order to respond and remediate and can reduce the possibility of future recurrences. Such a proactive incident response and preparedness plan can help organizations discover and contain threats much earlier, while reducing costs.

Computer Emergency Response Team India (CERT-IN), India’s national nodal agency for responding to computer security incidents, has recently released a set of guidelines for service providers, intermediaries, data centers, corporations, and government organizations to augment and strengthen the country’s cybersecurity efforts. The directive is important because it stipulates shared responsibilities among all shareholders and punitive measures in the event of non-compliance. It significantly expands the range of cyber incidents that must be reported to 20 categories, including website defacement, unauthorized social media access, data breach, data leaks. Here are some important features of the directive:

  1. Synchronize the clocks of information and communication technology (ICT) systems.
  2. Report cyber incidents to CERT-IN within six hours of the discovery of the incident or notification of the incident.
  3. Act or provide information or assist CERT-IN, towards possible cybersecurity mitigation actions and increased awareness.
  4. Designate a point of contact to interface with CERT-IN.
  5. Activate logs of all ICT systems and retain them in Indian jurisdiction for a continuous period of 180 days and share them as required/ordered.
  6. Data centers, virtual private server (VPS) providers, cloud service providers and virtual private network service (VPN service) must retain subscriber/customer details for five years or more as required by the law (after cancellation or withdrawal).
  7. Virtual asset service providers, virtual asset exchange providers, and custodial wallet providers must retain Know Your Customer (KYC) financial transaction information and records for five years.

A dedicated cyber incident response team for effective preventive and post-incident actions could therefore be extremely beneficial. This team can manage, mitigate and guide an organization during these times and ensure that all necessary actions and checks are carried out in a compliant manner. Based on Deloitte’s experience in helping organizations prevent cyberattacks/protect valuable assets, investigate cybersecurity incidents and support global organizations, here are some best practices that could help organizations prepare for any cyberincident :

  • Prepare a solid incident response plan, a detailed step-by-step manual, and standard operating procedures on how to respond effectively in the event of an unforeseen cyber incident.
  • Build a team of first-incident responders who can act within the first four golden hours after the incident takes place. This can ensure rapid “attack” containment and information recovery, followed by collection of appropriate artifacts to perform root cause analysis.
  • Identify the consequences (financial, operational, reputational) of a cyber incident and the stakeholders who could be affected.
  • Regularly perform a forensic readiness assessment of critical applications/infrastructure, to understand if all relevant information and data is captured, retained, restored, when an incident investigation is triggered. It will also help in complying with cybersecurity guidelines issued by various regulators, such as RBI, IRDA, SEBI.
  • Promote a culture focused on cybersecurity within an organization by organizing regular training sessions for employees, stakeholders and the third-party ecosystem to help them recognize cyber threats.
  • Regularly test your incident response plan with your employees to ensure that the response team is ready and that the plan is complete and practical.
  • Consider opting for cyber insurance coverage and compulsorily enable logs of all systems and keep them safe for a continuous period of 180 days. In the event that the business is financial in nature, the guideline suggests that all transactional logs and information should be retained for at least five years.
  • Designate a point of contact to interface with CERT-IN. This information should be shared with CERT-IN in the format specified by the directive and updated from time to time.
  • It is suggested (in the guideline) that all service providers, intermediaries, data centers, legal entities and governmental organizations connect to the NTP (Network Time Protocol) server of the National Informatics Center (NIC) or the National Physical Laboratory (NPL). ) or with NTP servers traceable to these NTP servers, for the synchronization of all their ICT system clocks.
  • Retool and rewrite in a world of ever-changing technologies and threats. Adjust your cyber incident response plan at regular intervals to ensure it is updated as needed.

There is no foolproof way to protect yourself completely from cyber incidents, but being prepared to deal with any cyber incident is essential to surviving and recovering from its impact.

The article is written by Sachin Yadav, Partner, Financial Advisory, Deloitte India, supported by Alok Bhavsar, Deputy Director, Financial Advisory, Deloitte India and Nachiketa Sharma, Deputy Director, Financial Advisory, Deloitte India

Previous District 44 State House of Representatives Candidates Discuss Issues
Next Looking to save money? Insider look at 10 websites that offer free articles.