The document summarizes an operational excellence webinar hosted by Reserve Bank Information Technology Private Limited (ReBIT) on anti-phishing campaigns and Domain-based Message Authentication, Reporting and Conformance (DMARC) implementation. The webinar featured presentations by Vivek Srivastav from ReBIT on phishing statistics and mitigation strategies, Trent Adams from PayPal on DMARC technical details, and Bhavin Bhansali from ICICI Bank on their DMARC implementation. ReBIT also shared their three-phased anti-phishing campaign plan and facilitator role in collaborating with industry stakeholders to improve cybersecurity practices through initiatives like a monthly webinar series.

1. Anti-Phishing Campaign
DMARC implementation
Vivek Srivastav, ReBIT
J Trent Adams, PayPal
Bhavin Bhansali, ICICI Bank
Operational Excellence Webinar
Reserve Bank Information Technology Private Limited
Webinar Support from Cisco 1

2. Agenda
• Vivek Srivastav
• Phishing sources, stats and mitigation strategies
• ReBIT’s Industry Agenda
• Trent Adams
• DMARC technical details
• Bhavin Bhansali
• Implementing DMARC at ICICI Bank
QA session for 15 minutes towards the end
2

3. Source: http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf 3

4. DMARC Compliance Report
PUBLIC
PRIVATE
FOREIGN
OTHER
11
6
4
6
0
3
5
0
Not Compliant DMARC Compliant
No
DMARC
78%
DMARC
22%
DMARC Compliance
Total Surveyed: 36 Banks/Institutions
Target:
100%
Compliance
in 1 year
4

5. Anti-Phishing Campaign
Phase-1
• DMARC Webinar,
knowledge
sharing
• Playbooks
• Industry level
tool
• DMARC
implementations
– early adopters
Phase-2
• DMARC
implementation
– 100% adoption
by financial
institutions
• Reporting tools
for FI
• Work with email
providers
Phase-3
• Partnership with
industry
stakeholders
• Threat
intelligence
1.5 years
5

6. Final Phase
Threat
Intelligence
6

7. ReBIT’s Facilitator Role
Business Leader’s - Forum
Community Leadership - WG
Operational Excellence - Campaigns
Industry
Stakeholders
Research
Institutions
7

8. DMARC technical Deep Dive
8

9. rirebit@rbi.org.in
Vivek Srivastav, SVP – Research and Innovation
Ph: +91 98677 24062
9
ReBIT
Operational Excellence Webinar Series
Anti-Phishing Campaign

10. ReBIT’s Industry Initiatives
Cybersecurity Maturity Model
(monthly)
Cybersecurity Assessment
Engagement Model WG
(Kickoff planned end June)
Cybersecurity
Assessment
Tools
VAPT
Accreditation
Body
Auditing and Monitoring
Auditing and
Monitoring
Tools
Industry Tools
and Reporting
Operational
Excellence
Webinar
(monthly):
Industry initiatives
to improve
cybersecurity
postures
Cybersecurity
Awareness
Campaign
Business
Leader’s
Forum
(bi-monthly)
May 11th:
Launching
Anti-Phishing
Campaign -
DMARC Webinar -
collaborating with
PayPal & ICICI
Bank
Planning Phase
6-months effort: Kicked off in Feb, ongoing industry initiative to define a uniform yardstick to
assess a firm’s cybersecurity maturity, benchmark and help create evolution roadmap
10