Many of local banks face cyber invasions

Dhaka,  Fri,  22 September 2017
Published : 17 May 2017, 00:25:31 | Updated : 17 May 2017, 11:06:15

Many of local banks face cyber invasions

BIBM study on 21 banks reveals
Many of local banks face cyber invasions
FE Report
A large number of banks in Bangladesh have experienced cyber intrusions or attempted cyber intrusions in their information technology (IT) systems over the past three years, a recent industry-wide survey on IT system in banks has revealed.

Bangladesh Institute of Bank Management (BIBM) conducted the study on 21 banks across the country.

Some of the most common methods of such cyber intrusions include malware (27 per cent), phishing (21 per cent), pharming (7.0 per cent) and botnets or zombies, according to the survey.

The most common type of wicked activities resulting from a cyber intrusion were account takeovers (7.0 per cent), identity theft (18 per cent), telecommunication network disruptions (15 per cent) and data integrity breaches (9.0 per cent), the study found.

The results of the survey were revealed at a seminar on "IT Security in Banks" in the capital.

The results came at a time when the world is witnessing one of the 'largest ransomware attacks in internet history'. According to sources, around 100 cases of such ransomware attacks have been reported in Bangladesh until Tuesday evening.

"Although the banks reported numerous attempted system intrusions in last three years, very few of them experienced successful breaches which can result in significant monetary damages or financial losses," said Md. Mahbubur Rahman Alam, Associate Professor of BIBM, who has conducted the study.

"For those banks that experienced a monetary loss, the top factors in calculating such loss included customer reimbursement (16 per cent), audit and consulting services (52 per cent), and deployment of detection software, services and policies (45 per cent)," he added.

The BIBM survey also shows that only 32 per cent of banks are checking the access log of IPS/ IDS, which means that the rest 68 per cent do not know how many external attacks are attempting daily to their system.            

At the same time, 64 per cent of the banks do not prepare any report on the attempted unauthorized access to their critical system.

The survey also found that only 22 per cent of the banks have IT governance framework in place, while only 12 per cent have some level of IT roadmaps. It was also found that almost 50 per cent of bank auditors are not trained enough to perform IT audit properly.

According to BIBM study, nearly, 3.3 per cent of total IT budget goes to training purpose and 62 per cent of chief technology officers are not satisfied with such allocation level. About 52 per cent of the IT heads of the banks also indicated that budget approval is a challenge for them.

"Every bank should allocate certain portion of their annual profit for ICT budget, and this budget may be spent for ICT infrastructure development and manpower training," said Bangladesh Bank (BB) Deputy Governor S K Sur Choudhury, who attended the event as the chief guest.

Speakers at the seminar also called for a greater role of IT experts within the banks and better readiness of the financial institutions in tackling cyber risks.   

CEO of nazdaq Technologies Naz Ahmed said tackling the cyber crime issues require a set of skills and trainings, including soft skills, hard skills and experience.                                   

BB General Manger Debdulal Roy opined that an extensive manual can be developed, based on the existing IT security guideline, which was earlier formulated for the banks.

Focusing on the recent cyber heist in the central bank, Mr Roy said since that incident, BB is working not only on technological refreshment but also on remediation when it comes to cyber security issues.

He also observed that once the Digital Security Act is passed in the parliament, it would make way for establishing a relevant forensic lab in the country.

Head of IT of Eastern Bank Limited Omar F Khandker said IT should be treated as a part of business of the banks, and not as a service provider.   Deputy Managing Director of Pubali Bank Mohammad Ali said cyber security issues in the banks should not be vendor-dependent, but should be dealt by skilled and highly-capable internal IT manpower.

He also called for a establishing a cyber security information centre in the country for necessary knowledge sharing on the issue.     

Director General of BIBM Toufic Ahmad Choudhury also spoke on the occasion.
Editor : A.H.M Moazzem Hossain
Published by the Editor for International Publications Limited from Tropicana Tower (4th floor), 45, Topkhana Road, GPO Box : 2526 Dhaka- 1000 and printed by him from City Publishing House Ltd., 1 RK Mission Road, Dhaka-1000.
Telephone : PABX : 9553550 (Hunting), 9513814, 7172017 and 7172012 Fax : 880-2-9567049
Email :,
Copyright © 2017. All rights reserved
Powered by : orangebdlogo