Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
Amid rising concerns over global cyber-threats, Bangladesh Bank has issued an urgent directive to all banks, financial institutions, mobile financial service providers, and relevant government bodies, calling for immediate action to fortify their cybersecurity systems.
The central bank, in a circular on July 30, warned that the country's financial sector could face serious cyberattacks if adequate preventive measures are not taken without delay.
Signed by Md. Tofayel Ahmad, Director of the Information and Communication Technology Operations Division of Bangladesh Bank, the circular outlines a comprehensive set of security protocols that all institutions concerned must implement without exception.
The instructions, written in both technical and administrative language, urge organisations to remain alert around the clock and take a proactive stance to ensure cyber resilience. According to the circular, institutions must ensure that all their software, operating systems, and network devices have the latest patch updates.
They have been directed to follow the 'least privilege' principle in granting system access, thereby minimizing risks arising from internal vulnerabilities. Moreover, the central bank has mandated the use of the 3-2-1 backup strategy to secure critical data. This involves keeping at least three copies of data, stored on two different media, with one kept offsite.
In a strong push for data protection, the circular requires all sensitive information -- whether in transit, at rest, or during processing -- to be encrypted. Multi-factor authentication must be enforced on critical systems to prevent unauthorized access.
The institutions are also instructed to adopt behaviour analysis systems capable of detecting abnormal activities such as data exfiltration, lateral movement within networks, or distributed denial-of-service (DDoS) attacks.
To ensure real-time threat detection and response, organisations are advised to integrate advanced security tools, including Security Information and Event Management (SIEM), Network Intrusion Detection Systems (NIDS), and Endpoint Detection and Response (EDR) solutions.
The deployment of regularly updated threat signatures and indicators of compromise (IOCs) is expected to enhance preparedness against known and emerging threats. In case of a breach or system failure, institutions must have an active Incident Response Plan in place.
The central bank has emphasised that such plans should define the nature of potential impacts, outline response mechanisms, and designate responsibilities among internal teams. Institutions must also monitor and secure their remote access systems, especially those using VPNs or privileged accounts.
The circular further requires the presence of a dedicated 24/7 cyber response team capable of taking swift action during emergencies. To ensure uninterrupted services, institutions are encouraged to implement load balancers that enhance system resilience and availability. In the event of a breakdown, fallback plans must be ready for both systems and infrastructure.
Finally, the institutions have been reminded to update their Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) in line with these new cybersecurity protocols. Institutions failing to comply may face heightened vulnerability in the coming months, the circular indirectly warned, urging authorities to treat the directive with the highest level of seriousness.
bdsmile@gmail.com