Ensuring cyber security of banks

Digital transformation is taking place rapidly across all sectors and the shift is an inevitable consequence of technological advancement. As Bangladesh embraces this digital revolution, concerns about cyber security have also been rising.  Government institutions, the financial sector, military installations, industry, trade and commerce, and the energy sector are all facing relentless attempts of cyber attack. Hackers often target Bangladesh due to its geopolitical position. The banking industry, in particular, is precariously vulnerable to sophisticated cyber attacks. With the widespread adoption of electronic transactions, mobile, and internet banking, ensuring foolproof cyber security has become a formidable challenge for the banking sector. Against this backdrop, the Bangladesh Bank (BB)'s recent directive for immediate reinforcement of cyber security protocols in commercial banks shows the urgency. The central bank's 17-point guideline highlights a proactive step towards strengthening the banking sector's defence against a rising wave of cyber threats.

Reportedly, the central bank issued the circular following insights from the Bangladesh Cyber Security Intelligence (BCSI), which revealed unsettling findings such as fraudulent transactions facilitated through dual-currency cards on platforms like Facebook Ad Manager, indicating a serious breach of security. These digital vulnerabilities pose significant risks not only to banking institutions but also to customers who entrust them with their finances. To avert digital theft on the money market, the regulator ordered the 17-point directives to implement immediately which include biometric authentication, CVV verification, and multi-factor authentication (MFA). Addition of one-time password (OTP) systems and adoption of artificial intelligence-driven fraud detection solutions were also recommended for a foolproof security mechanism. These measures will not only strengthen transaction security but also enable banks to monitor irregular transaction patterns in real time.

The guidance also underscores essential preventive measures such as restriction of transaction attempts on a single card to curb brute-force attacks and adoption of the latest firewall, intrusion-detection, and access-control technologies. In the face of ever-evolving threats, banks can proactively shield themselves from potential breaches by investing in upgrading their cyber security mechanism. Moreover, the importance of continuous cyber-security awareness and training for bank employees cannot be overstated. Once the employees are better equipped with the knowledge to identify and prevent breaches, they can serve as a frontline defence against cyber threats.

The world's biggest cyber heist-targeting Bangladesh's reserves at the US Federal Reserve-remains a stark reminder of the colossal damage that cyber intrusions can cause. Bangladesh lost an astounding $80 million from its reserve during that 2016 hacking incident. Then, in 2019, $3.0 million was stolen from cash machines at three private banks through credit card cloning. These incidents underscore that robust cyber security is an absolute necessity. The central bank's initiative to enforce strict cyber security standards is a vital step towards safeguarding the integrity of the financial sector and ensuring that citizens' hard-earned money is secure. However, issuing directives alone is not enough. It was previously found that most banks were not taking necessary measures to enhance cyber security because of the additional costs involved. Therefore, necessary steps must be taken to enforce the directive. Overall, it must be remembered that plugging cyber security holes is no longer optional; it is an obligation. Regulatory bodies, financial institutions, and industry stakeholders must work together to safeguard the financial institutions.