Bangladeshi banks need to adopt advanced cybersecurity system in line with the regulatory guidelines amid concerns that the infrastructures in the country’s banking sector dangerously lag behind, cybersecurity experts, banking sector officials, policymakers and lawyers said on Tuesday.
They said the central bank and all the merchant banks need to reinforce their effort for building skilled manpower that can deal with the latest technology like setting up of “Security Operation Centre (SOC)” to secure the banking sector from hacking as they are out to steal money by using malware and ransomware.
The issues came at a seminar on “Security Operation Centre (SOC)” in the city where top officials, chief technical officers and experts took part. The discussion was organized by Backdoor Private Ltd, a Dhaka-based cybersecurity firm that works in the field of cybersecurity for the banking sector. Many others joined the session virtually and shared their experiences and asked questions regarding security challenges the banking sector currently faces.
Debdulal Roy, executive director of Bangladesh Bank, spoke on the occasion as the chief guest.
Roy said Bangladesh Bank issued a circular long ago and subsequently warned several times, asking the banks to install the Security Operation Centre (SOC) to secure their system, but the response from the banks was lukewarm.
“So far I know only three banks have installed the SOC but I am not sure if they are running properly. This scenario is very unfortunate,” he said. The country has about 60 banks.
“Issuing orders are not enough. We are doing our part from the central bank, but the banks should come forward to execute the decisions,” he said as he was connected to the discussion virtually.
Roy also said the banks must be aggressive to install SOC and use local firms and experts to make their system secure.
“The banks should come forward with investment for good software for the sake of the banking sector’s credibility,” Roy said.
Tanvir Hassan Zoha, a cybersecurity expert and the managing director of Backdoor Private Ltd, presented his keynote paper where he explained why the country’s banking sector remained vulnerable to hacking by both local and outside hackers.
Referring to recent alert regarding the possible hacking attempt in the country’s ATM systems, he said authorities and investigators should not only focus on so-called “international hackers”, but it is equally important to deal with domestic hackers.
Many of the banks’ secrets were available in the dark web and local hackers are monitoring them as part of their preparation to launch cyber attacks.
“This is dangerous. It can harm the system. So we must protect the customers and the banks’ system,” Zoha said.
He said the installation of the Security Operation Center (SOC) can secure the banking system from hackers to a great extent.
“We have SOC. We have proof that local hackers are active all the time. They are not sitting idle. Bangladesh Bank has issued circulars, they are doing their part, but are the banks doing enough to secure their own systems?,” he asked.
Abul Kashem, Bangladesh Bank’s former deputy governor and advisor to the Backdoor Pvt Ltd, spoke as a special guest.
He said the country’s banks are eager to secure their system, but many of them are reluctant to spend money on the advanced system.
“But the banks need to respond fast to install modern technology, create manpower and engage experts. The installation of the Security Operation Centres is crucial for securing the savings of the people and thus maintaining their credibility as a financial institution,” he said.
Arpita Chowdhury, a lawyer and legal advisor to the Backdoor Pvt Ltd, said cybercrime is a non-bailable offence but in absence of proper evidence gathering and investigation mechanism any hacking incidents could go unpunished.
She warned that the banks should have to bear the responsibilities as laws dictate that one must report to the police rather than hiding any incidents.
“If someone refrains from complaining to the police or proper authorities about any crimes involving their banking system, the person concerned would go under investigation and could be booked for negligence as per law,” she said.
She said SOC can help the banks investigate the technical details to bring the hackers to book. Otherwise, any complaints would reach nowhere because of the lack of evidence if the cases are not properly documented and investigation is not done.
She urged the technical heads of the banks to report to police and file cases in case of any suspected attacks.
“Otherwise you (technical heads) could also face legal action like hackers and that’s the law,” she said. “If a hacker is jailed for 14 years for hacking a technical person of a bank could also face a similar punishment.”
Technology experts from various banks shared their experiences and they acknowledged in a panel discussion that the banks have more to do to secure their system.
AYM Mostafa, chief technical officer of Prime Bank, said the banking sector has enormous challenges to face in the cybersecurity regime but the investment is a big concern from the management point of view.
“We are doing well so far, but challenges remain there. The overall banking sector wants to secure their system, but many do not want to invest adequately,” he said. “But we are progressing.”
Anisur Rahman, head of IT of City Bank, acknowledged that the installation of SOC was important but regretted those supporting elements for that were absent.
“When Bangladesh Bank issued a circular, we have taken it very seriously but unfortunately we have not got enough guidelines on how to do that, where the manpower would come from and how the procedures would be implemented.”
Abul Kalam Azad, chief executive officer of Backdoor Pvt Ltd, also spoke on the occasion.