A total of 52 percent banks in the country are at high risk of cyber attack, a study by Bangladesh Institute of Bank Management (BIBM) has revealed. Of the banks surveyed, 16 percent are at grave risk of cyber security breach and 36 percent are at high risk. Researchers highlighted that although a majority of the banks are using costly foreign software to ensure cyber security, they have failed to become completely risk free. The research findings were disclosed at a workshop titled “IT operations of Bank” held recently at BIBM auditorium in Mirpur. Associate professor of BIBM, Shihab Uddin Khan, presented the research paper at the workshop.
Of late, cyber security has become the country’s most talkedabout issue, especially after last year’s Bangladesh Bank heist in which cyber criminals stole USD81 million from the bank’s reserve. Moreover, ransomware ‘WannaCry’ targeted hundreds of thousands of computers in around 150 countries. The malware has reportedly affected dozens of computers in Bangladesh as well. The research found that banks use a major portion of their IT budget in procuring hardware. The portion of expenditure for hardware was 40.4 percent of IT budget in 2016, slightly down from 41.9 percent in 2015, according to the survey. The second highest amount of their budget went to the software sector, while the spending on security, training and audit was very poor in the last six years. The report says the total number of employees working in the IT department was not sufficient and they are under tremendous workload. In 2016, the average, minimum, and maximum number of employees of IT department of different banks was 66, 15, and 320 respectively. The banks were advised to improve their IT Governance (ITG) as the survey data shows that 8 percent of the banks are yet to start implementing ITG and 60 percent banks started the process, but they have no definite target date to implement it to the full.
Banks should give proper attention to follow appropriate guidelines, The Cyber Risks BIBM study shows that banks should give proper attention to follow appropriate guidelines, standards, and framework to successfully implement ITG standards, and framework to successfully implement ITG, the report said. Successful implementation of ITG will help achieve sustainable business and offer new innovative products and services to their customers, it said. Highlighting the cyber security risks, the report came up with several other recommendations such as working on ICT infrastructure and efficiency, DC and DRS Management, Business Continuity, IT Audit, Network and Data Communication, E-commerce, and Management Information System. Deputy governor of Bangladesh Bank Abu Hena Mohd Razee Hassan while inaugurating the workshop said: “Though the banks are using different costly foreign software, they are not free from information security risk. If all the Bangladeshi banks use the same software, it would lessen both cyber security risk and financial loss.” He also said some banks are at cyber security risk as their budgets for IT security as well as operation system are poor.
The banks will have to increase cyber security measures along with awareness program to avert untoward incidents, said the deputy governor, adding that Bangladesh Bank is formulating an IT security guideline to ensure cyber security for all banks and financial institutions. BIBM director general Toufic Ahmad Choudhury chaired the program while supernumerary professors Helal Ahmed Chowdhury and Yasin Ali, and director (research) Shah Md Ahsan Habib, among others, spoke at the workshop.