On February 4, 2016, Bangladesh’s banking industry suffered a sudden shock when $101 million was stolen from Bangladesh Bank’s account at the New York Federal Reserve; the biggest cyber attack on the banking sector of the country.
After the incident, questions were raised about the preparedness of the central bank as well as other banks to prevent cyber attacks.
Two years after the incident, Bangladesh Bank has taken a series of steps towards a remediation plan and the program is likely to be completed by June this year.
Upon discussion with bankers, regulators, and experts, it has been found that there are three tools that comprise the cyber security of banks - people, process, and technology.
While talking to Dhaka Tribune, most of the interviewees said banks in Bangladesh have a comparatively good performance record in process and technology, but that the people sector needs improvement.
Bangladesh Institute of Bank Management (BIBM) conducted many researches on the cyber security of banks in Bangladesh, with one of its research revealing that 52% of the banks are at a high risk of cyber attack.
Another BIBM research found that 80% of banks in the country do not have relevant staff skilled and efficient enough to face any such attack, or even as much as a firewall in their data centre.
Only 4% of banks have employees with excellent knowledge about IT and cyber security systems, found another BIBM study which also revealed that half the banks officials in Bangladesh are unaware of cyber security.
The research found that 28% of the officials in the banking industry are “very ignorant” about cyber security and 22% are “ignorant” about IT security, while 20% of officials have a minor knowledge about the matter.
Another survey conducted by a team led by the Managing Director and CEO of Dutch-Bangla Bank Limited (DBBL) Abul Kashem Md Shirin showed that none of the banks in Bangladesh are ready to recover from a sudden data centre collapse.
Moreover, only 20 banks have the capacity to recover from a major shutdown such as the corruption of the database or storage or damage to the data centre caused by fire.
According to the Director General of Bangladesh Institute of Bank Management (BIBM) Dr Toufic Ahmad Choudhury, “The BIBM survey on various aspects of ICT last year reflects that 12% of banks still could not meet the Category-I status as stipulated by Bangladesh Bank's guideline. Only 22% of banks have an ITG framework, indicating a severe lacking in the management’s active involvement with IT systems in banks.”
He also emphasized on the security awareness of both bank customers and employees, “Over the years, it has been seen that online banking frauds have been increasing due to the lack of proper knowledge regarding the security of banking information. Customers’ awareness must be increased.”
Associate Professor of BIBM Md Mahbubur Rhamn Alam, who is also a cyber security expert, emphasized on specialized training on IT security and fraud prevention.
He said: “Auditors of the central bank should ensure that banks are following the guidelines of Bangladesh Bank properly. A multi-factor or adaptive authentication method should be introduced quickly by banks.”
He also said the communication gap between the bank's management board and director board regarding the introduction and implementation of IT technologies in the bank should be bridged.
Also Read- Can Bangladesh Bank tackle another cyber attack?
Sources said that among commercial banks, state-owned banks are at a high risk of cyber attack, followed by private and international ones.
When contacted, the Managing Director and CEO of Mutual Trust Bank Anis A Khan told the Dhaka Tribune: “Banking nowadays is all about services and solutions enabled by technology. Therefore, cyber security will have to be enhanced to a great extent and constant research and development must take place in order to develop new products or systems that enhance security measures, along with the installation and implementation of the new system.”
Bangladesh Bank has instructed all banks to strengthen their ICT infrastructure by investing more time on it.
Bangladesh Bank Deputy Governor Abu Hena Mohd Razee Hassan asked the banks to use the same software in order to reduce both cyber security risks and the risk of financial loss.
“Banks will have to increase cyber security measures along with conducting awareness programs to avert untoward incidents. The formulation of the new Bangladesh Bank guideline is to ensure cyber security for all banks and financial institutions, and its incorporation is currently at the final stage,” added Hassan.