FE Today Logo

Banks still face threat of data breach

Experts say at BIBM seminar in city

FE REPORT | October 16, 2019 00:00:00

The country's banking sector is still facing threat of data breach despite installation of cyber security technologies and equipment in banks and financial institutions, speakers said at a seminar on Tuesday.

The risk of cyber security in local banks continues mainly due to scarcity of IT professionals and lack of bank officials' awareness about cyber security, they added.

The observations came at a seminar on 'Cyber Security-First Responder: Threat Detection and Response' jointly organised by Bangladesh Institute of Bank Management (BIBM) and DigiSec Council at the BIBM auditorium.

Banking Reform Adviser of Bangladesh Bank SK Sur Chowdhury addressed the programme as the chief guest.

Jeff Felice, president of New York-based CertNexus, and Desmond Devendran, logical operations director (Information Security & Compliance), also spoke at the seminar with Dr Muzaffer Ahmad Chair Professor of BIBM Barkat-e-Khuda in the chair.

While delivering his speech, Mr Sur Chowdhury said threat detection and response is about utilising data analytics to find threats across large and disparate data sets, find anomalies, analyse threat level and determine actions for response.

Tools used for threat detection and response are designed to collect and analyse forensic data while being configured to monitor and manage security threats, he added.

In a presentation on response to cyber attacks, Mr Felice said swift response to a cyber attack is important to prevent attackers accessing the entire system, spreading malware and taking control of the servers.

Citing the IBM data, he said a company takes, on an average, 197 days to identify a breach in the network system while 69 more days are needed to contain the breach in general.

A data breach costs about an average of US$3.86 million of an organisation while the average cost per lost or stolen record is around $148, he added.

Around 57 per cent of business leaders said it's taking longer to resolve cyber incidents and 65 per cent said cyber attack severity is increasing, he mentioned.

The CEO of CertNexus, an IT certification agency, also said in most cases, intruders access a computing system through phishing and due awareness among the officials of a particular company.

Phishing is fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information such as passwords and credit card numbers.

Scarcity of IT professionals, lack of knowledge about IT security among officials, poor password, weak security system, and related third-party companies are few reasons behind lax internet security of an organisation, Mr Felice said.

Mr Devendran said banks in Bangladesh may have ratings in between 1.0 and 2.0 out of 5.0 in terms of cyber security as it only responds when an attack happens.

He said preventive system is the most important component in cyber security in financial institutions because it becomes harder to restore previous setup as time goes by.

The IT expert said organisations should have own data backup system instead of depending on only cloud storage.

In the cases of cyber attack, he said, insiders' connection is found more often followed by conspiracy of competing companies and lastly because of hackers.

Association of Bankers, Bangladesh (ABB) Secretary General Md Arfan Ali, BIBM Professor and Director (Training) Dr Shah Md Ahsan Habib and DigiSec Council CEO Maruf Ahmed were also present at the seminar.

[email protected]

Share if you like