It is nightmarish to think that 99 per cent of both public and private banks in the country suffered major cyber attacks quite recently. None other than the state-run Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) made this disconcerting disclosure. The details of the damage caused are yet to be known but if the malicious attacks on the banks' digital system are of 'major' categories, they are supposed to have impacts on the country's overall financial stability. Has this destabilising but vital information been withheld from the public for fear that depositors might start withdrawing money from banks en masse? Given the fragile cyber-security system in the country's financial institutions, banks in particular, they are at risk of coming under such attacks anytime now. What is particularly worrying is that such trans-border invasions are not only carried out by infamous groups such as the Carbanak but, as a 2021 IMF report claims, also by 'states and state-sponsored criminal gangland'.
Ever since the Bangladesh Bank (BB) heist in the USA, the issue of cyber security has come to the fore but the banking sector and other financial institutions failed to take the digital security issues seriously enough. As early as March, 2016, the central bank issued a guideline instructing the country's banks to strengthen their cyber-security capabilities following the BB heist. Experts in the subject and organisations dealing with financial institutions' security matters have also issued dire warnings against imminent cyber attacks but it seems all such cautionary messages have fallen on deaf ears. For example, the central bank made it incumbent on banks that they each formed a security operation centre (SOC) for overseeing security measure round the clock. Reportedly the majority of the banks are yet to put in place such a system aimed at beefing up their digital security.
The BGD e-Gov CIRT has pinpointed the areas and spots where things are most likely to go awry. Most users of banking applications and portals ---both internal and external---were not properly aware of what it called 'cyber hygiene'. Both a lack of comprehensive knowledge of electronic devices and callousness may be responsible for allowing room for hackers to have access to some basic information and carry out malicious attacks. This is corroborated by the state-run organisation's findings that theft of credentials is possible due to insecure use of cell phones/smartphones or computing devices. Vendors assigned to managing applications and devices can be a potential source of putting organisations' assets at risk. Absence of strong passwords can also allow undesirable interference in the system.
The good news, though, is that there are also effective safeguards against cyber attacks. As a leading cyber-security expert claims that ISO 27001and the Payment Card Industry Data Security Standard (PCI DSS) can secure organisations' information assets from hacking and fund heist. True, criminals often stay a few steps ahead of security measures but then the solution to this is constant vigil and updating the security system. The country's financial institutions, particularly the banks which are the prime target of attacks, must maintain their security at its most advanced in technological terms in order to avoid any financial disasters.