The news of cyberattcks on three local banks last month has exposed the tottering state of the country’s security systems in banking sector against a growing threat of scammers. Of the three, Dutch Bangla Bank Limited (DBBL) was the biggest victim, losing as much as USD 3 million (around Tk 25 crore) to global cybercriminals. Two other banks -- NCC Bank and Prime Bank -- also faced cyberattacks, but they claimed they were able to avert financial losses. This was the biggest cyberattack after hackers made off with USD 81 million from Bangladesh Bank’s account with the Federal Reserve Bank of New York around three and a half years ago.
Cybersecurity breaches continue to grow in both frequency and sophistication for all industries, and the financial sector is particularly vulnerable. The latest incident has created worries in the country’s banking sector as it was different from the past incidents of hacking. Banks have always been at the forefront of enterprise cybersecurity. Their enormous stores of cash and consumer data have made them a top target for hackers, and the threat of financial losses, regulatory consequences, and reputational damage has spurred them to innovate and accelerate the field of cybersecurity. However, the intersection of cybersecurity and banking can feel like fighting the Hydra. As soon as one vulnerability is addressed, another one is created.
Banking customers are moving away from using cash and checks and relying more on electronic banking to complete transactions. In response to this shift, financial organizations continue to develop more web portals and mobile apps. Although these apps and portals are aimed at increasing convenience and enhancing the customer experience, they pose unique risks in terms of cybersecurity. Thus the widespread intervention of IT in banking sector over the last years has made the banks vulnerable to Cyber attacks. Cyber attack is an emerging threat to our economy and banking sector. Reportedly, fifty per cent banks of the country are vulnerable to cyber attack risks as these financial institutions have not yet been equipped properly to check those. Although around 96 per cent banks have introduced real time online banking and also efforts are on to bring all branches under the same system, worries are there as they are not fully protected against possible cyber-attacks.
We are told that most of the banks in Bangladesh are yet to comply with the directions despite strict guidelines from Bangladesh Bank (BB) over establishment of IT Governance and IT Security for all banks in the country. Ergo, all the private and public banks should allocate a certain portion of annual income for ICT infrastructure development and manpower training.
The need for reinforcing cyber security has often been neglected in Bangladesh because of the absence of stern and effective cyber security regulatory norms. The developed countries have laid more emphasis on resisting sophisticated cyber attacks and protecting banking information and infrastructure whereas Bangladesh is lagging far behind in taking such preparations owing to lack of skilled manpower and modern technology. It is disgraceful to note that some basic guidelines and recommendations have been issued by BB but they are still away from international standards.
It is alleged that cyber security has not been properly addressed by the banking sector of Bangladesh which has made the banking information and infrastructures vulnerable to sophisticated cyber attacks. Considering the situation, we call upon the bank authorities to think how to involve IT to minimize the cost and increase the efficiency, and how to provide better services to the customers ensuring reliability, safety and security. Otherwise, banks may face IT risks as well as business risks.
As cybercrime is an emerging threat and no one is fully secure these days, emphasis should be given on how we can control cybercrimes with continuous monitoring and act accordingly. It is now not only up to the organisations but also to the state to prioritise country’s cyber security needs. In this regard, the government should formulate and implement the right policies and cyber laws that will make online transactions a safer choice for customers. Also there is a need to deploy special cyber security watchdogs and equip them with advanced technology. We have to take measures to mitigate cyber threats risks, which is why investment in the IT sector has to be increased, both in terms of physical infrastructure and software upgrades. Bankers should be more aware and receive IT training.
The writer is Editorial Assistant, Bangladesh Post.
