Companies urged to intensify cybersecurity measures in response to the threat of cyber-attacks originating from India by the Securities and Exchange Commission of Pakistan (SECP).

Companies urged to intensify cybersecurity measures in response to the threat of cyber-attacks originating from India by the Securities and Exchange Commission of Pakistan (SECP).

BEATING CYBER ATTACKS: SECP GUIDES ALL FINANCIAL INSTITUTIONS ON BEST SECURITY PRACTICES

In the face of escalating geopolitical tensions with India, the Securities and Exchange Commission of Pakistan (SECP) has issued a set of cybersecurity best practices for financial institutions. These guidelines are aimed at bolstering the security posture of Pakistan's financial sector against potential cyber threats.

The SECP, in its circular 10 of 2025, has advised all companies to follow these recommendations, highlighting the risks of operational disruptions, data loss, and reputational harm resulting from cybersecurity oversights.

To start, multi-factor authentication ensures that only authorized users can access sensitive systems and data, acting as a strong defense against unauthorized penetrations. By enforcing strict access control, companies can limit the number of individuals who can access vital systems and data, reducing the risk of breaches.

Regular susceptibility assessments and vulnerability elimination are crucial in preventing attackers from exploiting network weaknesses. By maintaining readiness for security incidents, companies can respond swiftly to cyberattacks.

Employee education is equally important in the fight against cybercrime. The SECP encourages financial institutions to inform their workforce about cybersecurity risks, phishing, and deceptive communications to minimize human error that may lead to security breaches.

Data backups are vital for recovery in the event of a cyberattack. Maintaining offline data backups ensures that crucial information is accessible even if the primary systems are compromised.

It's important to keep antivirus software and firewalls updated, and patch known system vulnerabilities to thwart exploitation by cybercriminals. Establishing internal incident response teams and collaborating with national Computer Emergency Response Teams (CERT) provides timely threat detection and intelligence sharing, solidifying overall security measures.

In urging companies to implement these practices, the SECP underlines its commitment to protecting Pakistan's financial and information infrastructure from potential cyberattacks.

1. In light of the SECP's guidelines, it's essential for the technology sector, especially the finance industry, to prioritize cybersecurity, given the vulnerabilities and risks that a breach could pose to the country's financial infrastructure.
2. The incorporation of robust cybersecurity measures, including multi-factor authentication, regular susceptibility assessments, employee education, data backups, and timely software updates, will hopefully bolster the finance industry's resilience against cyber threats in the ever-evolving landscape of technology and finance.

Read also: