‘Most banks still lack measures against cyber-attacks’

Most banks in Bangladesh still lack the capacity to detect cyber attacks, as they are yet to establish Security Operations Centres (SOCs) despite facing multiple cyber security threats since the central bank reserve heist in 2016.

Following the heist, the Bangladesh Bank issued a circular on 3 March the same year, asking all banks to strengthen their cyber security protocols and establish SOCs –dedicated to monitoring, preventing, detecting, investigating, and responding to cyber threats around the clock.

It has been four years since the central bank issued the circular, but only three banks have established SOCs so far. But the Bangladesh Bank possesses few details about how those SOCs are being operating, the central bank's Executive Director Debdulal Roy said on Tuesday.

Roy was speaking at a seminar on Security Operations Centres, organised by Backdoor – a cyber security solutions firm in Bangladesh.

Speaking at the event, City Bank Executive Vice President and Head of Information Technology Mohammed Anisur Rahman pointed out, "The Bangladesh Bank had issued a circular about establishing SOCs, but it did not provide any guidelines to us about establishing them.

"The lack of proper guidelines on the matter has made it difficult for us to follow the circular."

Responding to the comment, Debdulal Roy said, "Banks can establish SOCs by following the Banking Regulation and Policy Department's (BRPD) guidelines. They can also hire local security analysts and systems to tackle cyber attacks, but not foreign ones.

Meanwhile, Backdoor's Managing Director and cyber security analyst Tanvir Ahmed Joha said,"85% of sensitive information from nine private banks is now in the hackers' hands. Besides, hackers from North Korea, Russia and Vietnam are always trying to hack into Bangladesh's banking system.

"Sometimes they achieve success, but most of the time the victim banks are concealing the incidents."

In response, the central bank Executive Director Debdulal Roy said, "The Bangladesh Bank at present has no evidence supporting the claim [that hackers now have 85% sensitive information belonging to nine private banks]."

Speakers at the seminar emphasised the need for more cyber security analysts in Bangladesh. The government should also take necessary steps in this regard, they added.

Former deputy governor of Bangladesh Bank Abul Kasem and Head of Information Technology Division of Prime Bank AYM Mostafa were present on the occasion, among others.

In the last week of September, Financial Institutions Division Senior Secretary Asadul Islam announced that the government will carry out an information technology (IT) audit on banks and other financial institutions to determine their capacity for dealing with cyber security threats.

Necessary measures will also be taken to help facilitate uninterrupted online transactions and ATM services by countering cyber attacks.