'Most banks not aware of cyber risks'

Most of the banks in the country have no updates on new strategies to fight cyber hacking and lack the security structure required for online transactions, cyber security analyst Tanvir Hassan Zoha has said.

According to him, cyber security issues are ignored because of a lack of skilled manpower and a poor monitoring system.

On Sunday, he stated this to a seminar organised by Backdoor Private Ltd, a multinational company where he serves as the managing director.

Zoha said, "A huge number of polluted malware has entered the network system of various institutions, including banks, in our country. If we cannot find the malware, a terrible digital disaster is awaiting [us] in the upcoming days."

Recently, most banks restricted their ATMs, cards, and online transactions – plus strengthened their security measures – as the Bangladesh Bank had alerted them about a cyber hacking risk, he said.

"But most of the banks are not aware of and have no idea about the risk. They have restricted their ATMs and online services only as per the instructions of the Bangladesh Bank," Zoha said.

He said the government's Computer Incident Response Team (CIRT) had said the North Korean Hacker group "Beagle Boys" was attempting to attack the country's banking industry.

"But it does not exist. We tried to trace Beagle Boys but could not find it," the cyber security analyst told the seminar held in the auditorium of the Economic Reporters' Forum at Paltan Tower in the capital.

"If banks faced malware attacks, they should have filed lawsuits. But we did not hear any such news," he said.

Zoha said, "Cybercrime is also a non-bailable, cognisable offence. So, banks should not neglect the act of filing cases against hackers."

"We should be aware about local hackers as they have been behind most of the hacking incidents," he said.

"If we want to protect from malware intrusion, stopping ATM services is not a wise decision. We should enhance monitoring of the network systems of banks," Zoha said in response to a question.

He made several recommendations. First, banks should find the weaknesses in their network systems. They should enhance monitoring of the systems. Awareness about this issue should be created and practical training in cyber security should be arranged. Also, cases should be filed against hackers.

Backdoor Private Limited's Chief Executive Officer M Abdul Kalam Azad and other officials of the organisation were present at the event.

From August 27 this year, most of the banks restricted their ATMs, cards, and online transactions – plus strengthened their security measures – to avoid a hacking risk in the wake of an alert from the Bangladesh Bank.

Some banks suspended their: ATM booth transactions from midnight to 6am, EMV transactions from ATMs, BEFTN transactions, and SWIFT transactions.

A number of overly-cautious banks have not yet fully restored their ATM, credit card and online transaction services even though the Bangladesh Bank has withdrawn the alert.

The alert was withdrawn on September 13 after consultations with the CIRT.

The chief executive officer of Backdoor said, "The number of cyber security experts has not increased but cybercrimes have. To protect banks from cyberattack, we need to train IT experts to increase their skills and capacity. But we see that banks are indifferent about doing so."

The seminar organiser said the Bangladesh Bank issued a guideline on enhancing the cyber security of banks on March 3, 2016, after the reserve heist. It asked banks to form a security operation centre (SOC) for full-time security monitoring.

"But only a few banks have partially developed SOCs while others have made no significant progress in following the instructions," Zoha said.

He said Backdoor is a multinational organisation which analyses cyber security in Canada, the United Arab Emirates and Bangladesh.

"It has a cyber security operation centre which provides security support as a third party."