52pc banks in cyber risks

Bangladesh's 52 percent banks ran the risk of information management security breaches in 2016, of which 16 percent were in the highest risk, a report found.

Bangladesh Institute of Bank Management (BIBM) released the survey report at a workshop on "IT operations of banks", at the BIBM auditorium in Dhaka yesterday.

Around 36 percent of the surveyed banks were found in high risk of information loss at any moment, 32 percent banks were under moderate risks and 16 percent banks in low risk.

Shihab Uddin Khan, associate professor of BIBM, presented the report at the workshop.

The research found that a major portion of the IT budget of the banks is used to procure hardware.

The portion of expenditure for hardware was 40.4 percent of IT budget in 2016, slightly down from 41.9 percent in 2015, according to the survey.

The second highest amount of their budget went to the software sector, and the spending on security, training and audit was very poor in the last six years.

In 2016, around Tk 1,793 crore was invested on the IT system in the banking sector, up by 22 percent from Tk 1,467 crore in 2012.

The report says the total number of employees working in the IT department was not sufficient and they are under tremendous stress.

In 2016, the average, minimum and maximum number of employees of IT department of different banks was 66, 15 and 320 respectively.

Core Banking Software (CBS) plays a key role for online banking, and most of the banks use foreign CBS, the survey found.

In 2016, some 56 percent banks were found using foreign CBS while 34 percent were using local CBS.

Microsoft Windows was the most popular operating system in banks. Around 97 percent terminals of banks were running under Windows operating system last year.

Linux was used in around 0.35 percent of the terminals, Google Chrome in 2.14 percent, Unix 0.49 percent and Mac 0.02 percent, the report said.

About 98 percent terminals of different banks have licensed operating system while the rest were using free version of different operating systems.

About 30 percent banks have online payment gateway service for e-commerce payment processing.

IT Governance (ITG) is gaining importance in the banking sector due to its increasing reliance on technology to conduct their operations, gain customer satisfaction and improve cost efficiencies.

Survey data shows that 8 percent of the banks are yet to start implementing ITG and 60 percent banks started the process but they have no definite target date to implement it to the full.

Banks should give proper attention to follow appropriate guidelines, standards and framework to successfully implement ITG, the report said. Successful implementation of ITG will help in achieving sustainable business and offer new innovative products and services to their customers, it said.

The banks' budget for cyber security increased 60 percent after the reserve heist of Bangladesh Bank last year that took away $81 million from its reserve account with New York Federal Reserve Bank, said the report.

The number of training for the employees to develop cyber security awareness increased 84 percent after the BB heist.

Banks are spending a lot to purchase foreign software to ensure security, but they have failed to become risk free yet, Abu Hena Mohd Razee Hassan, deputy governor of Bangladesh Bank, said while addressing the workshop as the chief guest.

He suggested banks should use uniform software to reduce cyber risk and financial damage. He said some banks are lagging behind in terms of technology use, as they spend very low on IT. Banks should allocate more funds for IT, he said.  

Helal Ahmed Chowdhury, supernumerary professor of BIBM, said banks should appoint an IT specialist in their audit team to identify IT flaws.