Over half of banks at high risk of cyber-attacks: BIBM

A high risk of cyber-attacks looms large over 36 per cent of banks in Bangladesh mainly due to a shortage of investment in strengthening security measures, skilled personnel and a lack of awareness among bankers and customers.

In addition, another 16 per cent of banks are in a very high-risk condition, an indication of the fragile cybersecurity scenario in Bangladesh's banking sector, according to research carried out by the Bangladesh Institute of Bank Management (BIBM).

Md Mahbubur Rahman Alam, an associate professor of the BIBM, presented the findings at a cybersecurity summit organised by the Association of Bankers Bangladesh (ABB) at the Pan Pacific Sonargaon hotel in Dhaka.

Only 12 per cent and 4 per cent of banks are now in low and very low-risk zones, respectively.

The BIBM carried out the research based on the situation of the banking sector as of 2020.

Although the banking sector has observed a "dreadful growth" in IT infrastructures, there has been a lack of security measures to protect banks from cyber-attacks.

Alam said banks had invested Tk 42,609 crore to build IT infrastructures and run the system till 2020.

The number of employees in the banking sector stood at 1.94 lakh in 2020, of which 5,875 were deployed to run their IT infrastructures.

"The top local educational institutions such as Dhaka University and Bangladesh University of Engineering and Technology are unable to produce the experts what we need," Alam said.

For the lack of IT experts in the banking sector, the majority of lenders are trying to recruit people offering high salaries, but they are failing to fulfil their demands, he said.

When faced with IT-related problems or loopholes, all lenders usually make a mad dash for a solution, he said.

But this should not be the practice for banks, he said, suggesting lenders take up long-term initiatives to strengthen their IT operations.

"Banks should take a long-term initiative by spending at least 4 to 5 years to establish a sound and secure IT platform," he said.

Only 18 banks out of 61 have so far built security operations centres (SOC) to monitor, prevent, detect, investigate and respond to cyber threats.

Bangladeshi banks face the highest number of cyber-attacks from China, which is 24 per cent, followed by 13 per cent from North Korea, and 7 per cent from the United States and Pakistan, respectively.

IT vendors, meaning entities and persons who supply software and hardware and set up those in banks, have largely been found to be responsible for cybercrimes.

Of all security breaches in banks, 27 per cent are committed by these vendors, 24 per cent by unknown hackers and 16 per cent by both bankers and hacktivists, respectively.

There is also little IT security awareness among bankers, with 28 per cent in a "very poor" condition and 22 per cent in "poor".

Only 4 per cent of bankers have excellent knowledge on the issue.

Alam proposed establishing a "Bangladesh Institute of Electronic-Banking Research and Development" to bolster the IT sector in banks.

Banks are gradually shifting towards online and digital banking to keep up with changing demands, said Bangladesh Bank Governor Fazle Kabir, who inaugurated the two-day summit titled "Building Cyber Resilience for Banks".

There are risks and challenges in using technology that enables banks to do digital banking, he said.

"There are organised fraudsters who try to break into banks' IT infrastructure, which is why lenders have to invest a lot in cyber security."

Integrated cyber security has emerged as a part and parcel of everyday banking operations, Kabir said.

He also touched upon the ongoing volatility in the country's foreign exchange market.

He claimed that Bangladesh's foreign exchange reserves were still in a comfort zone.

The reserves stood at $41.7 billion last week, which is good enough to settle import bills for more than five and a half months.

Selim RF Hussain, chairman of the ABB, said cybercrimes in the financial sector had risen globally in the last few years.

Cyber-attacks against financial institutions rose by 238 per cent between February and April of 2020, and globally, one out of four banks had experienced at least one security breach.

In addition, attacks against the banking and financial services industry accounted for 11 per cent of all reported incidents, compared to 7 per cent in other industries.

In 2021, the average number of cyberattacks and data breaches increased by 15.1 per cent from that the previous year.

"This is a matter of grave concern for us. Keeping sensitive business information secure is more important than ever," said Hussain, also the managing director of Brac Bank.

Banks must protect their IT infrastructure -- ATM, internet banking, app, debit and credit card systems, phone banking and a host of digital banking platforms – from cyber threats, he said.

More than 200 participants from the banking industry, including managing directors of banks, are participating in the summit.