BB asks banks, NBFIs to shore up security amid threats of cyberattack on 15 August

The Bangladesh Bank has instructed all scheduled banks, non-bank financial institutions and payment gateways to urgently implement a dozen instructions for preparing against threats of small- to medium-scale cyberattacks on 15 August.

The instructions include implementing 24/7 strict network and user activity monitoring, especially during non-office hours, to promptly detect any signs of security breach, according to a notice, marked as classified, issued by the central bank's Information and Communication Technology Department yesterday. The Business Standard has obtained a copy of the notice signed by SM Tofayel Ahmad, system analyst (Joint Director) at the Bangladesh Bank.

The instructions come only days after the government's Computer Incident Response Team (BGD e-GOV CIRT) issued an alert saying several hacktivist groups have made threats of targeting critical infrastructures of the country on 15 August.

The government body on 7 August warned that critical information infrastructures (CII), banks, financial institutions, healthcare services of both public and private organisations may be disrupted due to the attacks.

The Bangladesh Bank on Friday issued the instructions for preventing such attacks.

Apart from monitoring user activity, the BB instructions include minimising the attack surface by applying appropriate access controls based on a need-to-know basis.

The regulator also advised updating network security tools and firewalls.

Besides, financial institutions and payment gateways have been asked to ensure high availability and resilience to prevent server overload during potential attacks.

The regulator also asked to maintain regular backups of website content and databases to enable swift restoration in the event of defacement or other incidents.

The regulator also instructed to adhere to best practices while configuring and hardening web applications to fortify against potential cyber threats.