Bangladeshi banks need to adopt advanced cyber security system in line with the regulatory guidelines amid concern that the infrastructures in the country’s banking sector dangerously lag behind, experts said.
They said the central bank and all the merchant banks need to reinforce their effort for building skilled manpower that can deal with the latest technology like setting up of “Security Operation Centre (SOC)” to secure the banking sector from hackers as they are out to steal money by using malware and ransomware.
The issues came at a seminar on “Security Operation Centre (SOC)” in the city where top officials, chief technical officers and experts took part. The discussion was organized by the Backdoor Private Ltd, a Dhaka-based cyber security firm that works in the field of cyber security for the banking sector. Many others joined the session virtually and shared their experiences and asked questions regarding security challenges the banking sector currently faces. Debdulal Roy, executive director of the Bangladesh Bank, spoke on the occasion as chief guest.
Roy said the Bangladesh Bank issued a circular long ago and subsequently warned several times, asking the banks to install the Security Operation Centre (SOC) to secure their system, but the response from the banks was lukewarm.
“So far I know only three banks have installed the SOC but I am not sure if they are running properly. This scenario is very unfortunate,” he said. The country has about 60 banks.
“Issuing orders are not enough. We are doing our part from the central bank, but the banks should come forward to execute the decisions,” he said as he was connected to the discussion virtually. Roy also said the banks must be aggressive to install SOC and use local firms and experts to make their system secure. “The banks should come forward with investment for good software for the sake of the banking sector’s credibility,” Roy said.
Tanvir Hassan Zoha, a cyber security expert and the managing director of the Backdoor Private Ltd, presented his keynote paper where he explained why the country’s banking sector remained vulnerable to hacking by both local and outside hackers. Referring to recent alert regarding the possible hacking attempt in the country’s ATM system he said authorities and investigators should not only focus on so-called “international hackers”, but it is equally important to deal with domestic hackers.
Many of the banks’ secrets were available in darkweb and local hackers are monitoring them as part of their preparation to launch attack.
“This is dangerous. It can harm the system. So we must protect the customers and the banks’ system,” Zoha said.
He said the installation of the Security Operation Center (SOC) can secure the banking system from hackers to a great extent.
“We have SOC. We have proof that local hackers are active all the time. They are not sitting idle. The Bangladesh Bank has issued circulars, they are doing their part, but are the banks doing enough to secure their own systems,” he asked.
Abul Kashem, Bangladesh Bank’s former deputy governor and advisor to the Backdoor Pvt Ltd, spoke as a special guest.
He said the country’s banks are eager to secure their system, but many of them are reluctant to spend money for the advanced system.
“But the banks need to respond fast to install modern technology, create manpower and engage experts. The installation of the Security Operation Centres is crucial for securing the savings of the people and thus maintaining their credibility as a financial institution,” he said.
Arpita Chowdhury, a lawyer and legal advisor to the Backdoor Pvt Ltd, said cyber crime is a non-bailable offence but in absence of proper evidence gathering and investigation mechanism any hacking incidents could go unpunished.
She warned that the banks should have to bear the responsibilities as laws dictate that one must report to the police rather than hiding any incidents.
“If someone refrains from complaining to the police or proper authorities about any crimes involving their banking system the person concerned would go under investigation and could be booked for negligence as per law,” she said.
She said SOC can help the banks investigate the technical details to bring the hackers to book. Otherwise any complaints would reach nowhere because of the lack of evidence if the cases are not properly documented and investigation is not done.
She urged the technical heads of the banks to report to police and file cases in case of any suspected attacks.
“Otherwise you (technical heads) could also face legal action like hackers and that’s the law,” she said. “If a hacker is jailed for 14 years for hacking a technical person of a bank could also face the similar punishment.”
Technology experts from various banks shared their experiences and they acknowledged in a panel discussion that the banks have more to do to secure their system.
AYM Mostafa, chief technical officer of the Prime Bank, said the banking sector has enormous challenges to face in the cyber security regime but investment is a big concern from the management point of view.
“We are doing well so far, but challenges remain there. The overall banking sector wants to secure their system, but many do not want to invest adequately,” he said. “But we are progressing.”
Anisur Rahman, head of IT of City Bank, acknowledged that the installation of SOC was important but regretted that supporting elements for that were absent.
“When the Bangladesh Bank issued a circular we have taken it very seriously but unfortunately we have not got enough guidelines on how to do that, manpower would come from where and how the procedures would be implemented
Abul Kalam Azad, chief executive officer of the Backdoor Pvt Ltd, also spoke on the occasion.