A number of local public and private banks are currently at risk of cyberattacks mainly due to their indifference and weak cybersecurity systems, prompting experts to suggest immediate action.
Stakeholders and experts said a large percentage of banks were not taking enough precautionary measures to repel possible attacks and avoid greater financial losses, which they believed to be imminent.
The malicious actors behind such a cross-border invasion not only include increasingly audacious criminals – such as the Carbanak group, which targeted financial institutions to steal over $1 billion in the period 2013-2018 – but also states and state-sponsored criminal gangs, according to a 2021 report by the International Monetary Fund (IMF.)
In June 2022, the Bangladesh Institute of Bank Management (BIBM) conducted a study based on the state of the banking sector in 2020 which revealed that almost 52% of banks were at serious risk of cyberattacks.
In April 2020, the Financial Stability Board (FSB) warned that “a major cyber incident, if not properly contained, could severely disrupt financial systems, including critical financial infrastructure, with wider implications for financial stability”.
In March 2016, Bangladesh Bank issued a directive asking banks to boost their cybersecurity capabilities after the bank’s unprecedented type of orchestrated reserve theft.
The regulator had also ordered them to form a security operations center (SOC) to oversee round-the-clock security measures.
But most banks have yet to install SOCs, sources added, leaving such vigilance a long way off.
Considering this phenomenon, experts have also called for enhanced measures from the regulator to bolster the weakened cybersecurity scenario in Bangladesh’s banking sector, stressing the need for banks to build capacity among their employees and improve logistical support. to the security shield.
Stating that these financial institutions (FIs), especially banks, are the most desirable target for cyber criminals, the state Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) made a shocking revelation, that approximately 99% of private and public companies Banks have suffered major cyberattacks very recently.
The report, titled “Sectoral Cyber Threat Intelligence for Banking Industries,” also identified that most users of banking apps and portals (both internal and external) lacked proper awareness of cyber hygiene.
Research also reveals that unsecured use and/or access to the internal application/portal by employees’ mobile devices can increase the risk of exposure to organizations’ critical assets.
In 75% of cases, credential theft is possible due to insecure uses of mobile or computer devices, he said.
In another report titled Common Vulnerabilities in Cyber Space of Bangladesh, it is stated that the level of cyberspace vulnerability is increasing day by day in the country.
Nearly 70% of attacks against financial institutions targeted banks, according to Research by IBM X-Force, adding that some 16% targeted insurance companies while 14% targeted other financial institutions in 2021.
BGD e-GOV CIRT’s Intelligence Unit has also found that vendor-managed applications/devices influence a large exposure of organizations’ assets.
It also detected that strong password policy enforcement was missing from many banking apps and portals.