Systemic risk assessment key to curbing down cyber threats
Financial sector of Bangladesh is lagging behind in terms of cybersecurity particularly when pandemic has driven banking online and systemic risk assessment can be a key in reducing cyber threats to the financial sector. In a webinar hosted by PwC Bangladesh, these findings were pointed out during the discussion between panellist of cyber experts and industry leaders. They also opined that it's time to go beyond reactive measures to ensure the security of the financial sector.
The panellist included Mamun Rashid, Managing Director of PwC Bangladesh, Hemant Arora & Amol Bhat, both Partner (Cyber Security) of PwC, Arijit Chowdhury, Additional Secretary at Financial Institutions Division (FID) of Ministry of Finance, S M Mashrur Arefin, Managing Director of City Bank, Syed Almas Kabir, President of Bangladesh Association Software and Information Service etc.
During the initial phase of the discussion, Hemant Arora pointed out that globally $100 Billion were stolen globally. Things got even more critical during the COVID-19 pandemic when attempts of hacking have seen an increase of 40%. Analysing the trends, Hemant pointed out three types of attempts most prominent: Stealing of credentials, phishing attack, and Ransomware hacks.
Arijit Chowdhury highlighted the initiatives of the government to thwart cyberhacking attempts on the financial sector. He mentioned that the government has aided with the regulatory reforms and has been hosting cyber drills to better prepare the financial institutes.
S M Mashrur Arefin pointed out that cybercriminals have been always a step ahead. Quoting from a report of Deloitte, he stated that most banks in Bangladesh use 2nd or 3rd generation security systems whereas hackers operate with 4th or 5th generation technology. Pointing out that City Bank saw a rise of 350x times in online banking and e-commerce growth of 800%. This has increased system risk by many folds. He also informed that Deloitte suggests the banks have a Security Operations Centre (SOC) and other active measures which most Banks don't in Bangladesh.
According to Bangladesh Bank, only four banks in Bangladesh has SOC amongst the 60. Though the central bank in its 2016 directive specified an IT security solution for all banks with an investment of Tk 2-5 crore each, most of the banks either went for partial-fix or no-fix at all.
Syed Almas Kabir mentioned that ensuring cybersecurity is a continuous process. He suggested that by building dynamically build resilient systems with self-healing codes the system can protect itself with by adopting and adjust with each attack. He also suggested an AI-backed data validation system can also assist in thwarts attacks. In case if something is compromised, Almas suggested that mission-critical applications need to have a fallback system so that they never go down easily.
Amol Bhat pointed out some key trends of global cybersecurity spaces and drew some conclusions on what to expect in near future. He pointed out that in order to keep financial sector operation without having system outage, it's very important to do a period systemic risk assessment.
Mamun Rashid opined that in order to deal with the challenges of tomorrow a transformation of the financial sector is imminent. He also pointed out, based on PwC's experience of security auditing of IBAS++ of the finance ministry, that perioding auditing of the system of storing public information can also ensure better cybersecurity of the financial sector in the long run.