FE Today Logo

28pc banks not ready to thwart large-scale cyber attacks

More than two-thirds of banks faced at least one attack last yr


FE Report | October 01, 2018 00:00:00


Some 28 per cent of the banks operating in the country are not prepared to thwart possible large-scale cyber attacks.

On the other hand, 34 per cent of the banks are partially prepared and remaining 38 per cent are fully prepared to handle such possible digital security threats, a research paper revealed.

The research was conducted by the Bangladesh Institute of Bank Management (BIBM).

The researchers presented the findings at a seminar on 'IT security of banks in Bangladesh: Threats and preparedness', organised by the BIBM at its office in the city on Sunday.

Former Deputy Governor of Bangladesh Bank Abu Hena Mohd Razee Hassan attended the seminar as the chief guest with BIBM Director General (DG) Dr Toufic Ahmad Choudhury in the chair.

Managing Director (MD) and Chief Executive Officer (CEO) of Islami Bank Bangladesh Limited Md Mahbub-ul-Alam, country manager of Commercial Bank of Ceylon PLC Varuna Priyashanta Kolamunna, and systems manager of Bangladesh Bank's information systems development department Debdulal Roy spoke in the seminar, among others.

An associate professor of the BIBM Md Mahbubur Rahman Alam presented the research findings at the seminar.

The research paper said the IT security threat in Bangladesh is gradually increasing in tandem with the global trend.

"Delays in adopting a sound cyber security hygiene could result in a US$ 3.0 trillion loss in economic value by 2020. Reputational impact can reach to $180 million," the paper said quoting the World Economic Forum (WEF).

Referring to findings of a global consultancy company the paper said financial service sector is the second highest sector (24 per cent) to have witnessed cyber attack following technology, media and telecommunication sector across the globe.

Around 93 per cent of cyber attacks aim to financial gain across the globe, the research report said quoting Ernst & Young.

The banks in Bangladesh are now facing increased number of security threats and cyber attacks than earlier.

"In the last year, 68% of the banks have experienced at least one attack, most commonly in the form of malware, subsequently followed by Spam and Phising attacks," the report said, adding that: "Of these, 24 % have had their network intruded in some way of at a significant cost to the business".

Besides financial losses, the hacking instances leave a negative impact on the morale of workforce and organisations' reputation in every case.

The research identified human error as the key reason (69 per cent) behind security breach and data losses in the country's banking sector.

"Human error occurs when an employee does not know how to do the work due to inappropriate training or lack of experience," the report said. Globally human error invites 95 per cent of cyber threat.

Besides, banks' internal and external sabotage is liable for 13 per cent and 3.0 per cent security breaches in the systems respectively.

Analyzing 50 fraud cases as a sample, the report said rate of frauds related to mobile financial services (MFS), automated teller machine (ATM) and plastic card transactions are higher than all others categories.

The research report has been prepared on the basis of data collected from 45 banks covering all categories operating in the country, survey of 750 customers and 450 employees.

The report also presented a set of recommendations to strengthen banks' capacity to handle cyber risks and attacks.

The banks should address the security issues with adequate hardware, software and manpower.

"Every bank should strengthen IT security department in ICT division," the paper said, adding that recruitment of ethical hacker and deployment of a skilled IT security control and monitoring are the crying need for the banks.

The report also underscored the need for creating awareness among the clients through counselling, advertising and distributing leaflets about cyber risks.

The central bank may take initiatives to develop Information Sharing and Analysis Centres (ISACs), where stakeholders can exchange their experiences about digital security threats.

"An institution like IDRBT (Institute for Development and Research in Banking Technology), which is set up by the Reserve Bank of India can be formed immediately in Bangladesh. Moreover, a computer Emergency Readiness Team may be formed for disaster recovery of the banking sector.

Speaking on the occasion, Mohd Razee Hassan lauded the collective efforts of the country's central bank and commercial banks, scheduled banks for conducting inter-bank online transactions.

But some banks are yet to upgrade their IT infrastructure, he said.

"Although huge investment and ICT development have been observed, cyber security has not been properly addressed by the banking sector of Bangladesh making banking information and infrastructures vulnerable to sophisticated cyber-attacks," he added.

[email protected]


Share if you like