Cybersecurity threats in the Banking sector of Bangladesh
In recent years, the banking sector in Bangladesh has found itself grappling with a formidable array of cybersecurity threats, reflecting the global evolution of digital risks. A study conducted by the Bangladesh Institute of Bank Management (BIBM) has unveiled a disconcerting statistic – a staggering 52% of the country's banks currently operate under the shadow of high cyber risks.
This alarming figure is underpinned by the daily onslaught of cyberattacks, with an average of 630 attempts aimed at infiltrating their systems and some 32% of the banks are at moderate cyber risk, while only 12% are at low risk, according to the study titled "Cybersecurity landscape of banking in Bangladesh and recommendations." In 75% of cases, credential stealing is possible due to insecure uses of mobile or computing devices, it said.
These threats encompass a wide spectrum of cyber maladies, from the insidious infiltration of malware, exemplified by banking Trojans and ransomware, designed to siphon sensitive customer data or disrupt banking operations, to sophisticated phishing campaigns targeting both bank customers and employees. The use of deceptive emails and websites has proven to be a cunning method to trick individuals into divulging personal or financial information. Additionally, card skimming devices strategically placed at ATMs and point-of-sale terminals have been employed to illicitly obtain cardholder data for fraudulent purposes. To compound these concerns, intermittent distributed denial of service (DDoS) attacks have disrupted online banking services by overwhelming servers and networks, causing significant disruptions in service delivery. The specter of insider threats, whether through malicious intent or inadvertent actions, looms large, as social engineering tactics have been leveraged to manipulate bank employees into compromising security. Furthermore, data breaches have heightened concerns about customer data exposure, prompting banks to fortify data protection measures and response protocols. The landscape is further complicated by supply chain attacks on third-party vendors, necessitating heightened scrutiny. In addition to these technical threats, regulatory compliance and adherence to international cybersecurity standards have been paramount for Bangladeshi banks, as failure to do so can have significant legal and financial consequences.
An illustrative case is the 2016 cyber heist at Bangladesh Bank, where hackers attempted to steal nearly $1 billion from the bank's account at the Federal Reserve Bank of New York. Although a portion of the funds was ultimately recovered, this incident was a wake-up call for the entire industry. To counter these ever-evolving threats, Bangladeshi banks have embarked on a comprehensive journey to bolster their cybersecurity strategies. This includes investments in cutting-edge security technologies, rigorous employee training programs, and collaborative efforts with law enforcement agencies and regulatory bodies. However, the dynamic nature of cyber threats necessitates constant vigilance and adaptation, as the adversary's tactics continue to evolve and become more sophisticated. To stay abreast of the latest developments in the realm of cybersecurity threats affecting Bangladeshi banks, it is advisable to consult recent news sources and reports from reputable cybersecurity organizations and governmental agencies.
12iD is currently working to reduce cyber threats for banks by strengthening user authentication through multifactor authentication, centralizing access control, and enforcing anti-password policies. This also helps in session management, reduces phishing vulnerabilities, streamlines user provisioning, enhances auditing and monitoring, and integrates with security systems. While 12iD is an essential security tool, banks should complement it with other security measures and ensure that the implementations are regularly updated to address evolving threats.
Image by pvproductions on Freepik
