Most govt, financial institutes at risk of cyber attack

Cyber security experts suggest immediate measures

HM Murtuza | Published: 00:31, May 15,2017 | Updated: 01:00, May 15,2017


Majority of the country’s government installations and banks are at risk of cyber attack as 80.50 per cent the government installations and 52 per cent of the banks have taken no proper measures to tackle the growing cyber threat across the globe.
Cyber security experts said that although the cyber security had become one of the major concerns worldwide, Bangladesh was lagging behind the rest of the world in taking capacity building measures, including building skilled manpower, awareness and regulatory environment.
If proper measures are not taken, the institutions may face more attacks in future that may result in widespread and intensive damage like the theft of Bangladesh Bank reserve from the Federal Reserve Bank of New York in February 2016.
No disruptions were, however, noticed in any government and private institutions, except five computers of a private television channel, in Bangladesh by epidemic ‘ransomware’ dubbed WannaCry that demanded money from the users by hacking files from computes across the globe in May 12-13.
Bangladesh e-Government Computer Incident Response Team, a wing of Bangladesh Computer Council that supports government efforts to develop and amplify ICT programmes establishing incident management capabilities, in its annual report 2016 mentioned that 80.50 per cent of the government installations were found vulnerable by its tracking system between February 2016 and February 2017.
CIRT tracking system recorded 405 problem incident tickets from 82 government organisations during the period, said the report.
The tracking system also recognised ransomware attack on Windows server because of weak credentials, the report mentioned.
The report identified lack of no server and system patching, misconfiguration of servers and systems, and weak, default or non-existent administrator’s passwords as the most common root causes of such vulnerability and incidents.
Bangladesh Association of Software and Information Services president Mustafa Jabbar told New Age on Sunday, ‘If the assessment of the CIRT is true, I would say that the situation is terrible when we are going through a digitisation process of the country.’
He said, ‘I see no initiative to get out of such grave vulnerability. So, how will we go forward with the situation where 80.50 per cent of our installation is vulnerable?’
Unless proper measures are taken, the country is heading toward a ‘digital danger,’ the BASIS president said.
‘No sector or industry is immune to cyber crimes. As the goal of the cyber criminal activity is to gain financial rewards, financial institutions have a high risk of data breaches as successful attacks could reap huge benefits for the criminal groups,’ said Information Systems Security Association’s Bangladesh chapter president Maruf Ahmed.
‘While some financial institutions are now taking more initiatives in information security, unfortunately the financial industry still has a lot catching up to do when it comes to cyber security risks,’ he said.
‘As many organisations still lack threat-prioritised remediation processes and timely management of the vulnerability, they remain vulnerable to destructive and fast-moving cyber attacks such as the recent Ransomware outbreak,’ he said.
A team of Bangladesh Institute of Bank Management including its associate professors Md Shihab Uddin Khan and Md Mahbubur Rahman Alam carried out an study on the state of cyber security in the banks that showed that 52 per cent of the country’s 57 scheduled banks were at risk of data breach and 16 per cent of them were highly vulnerable.
According to the report, 16 per cent of the banks informed the research team that the current situation of cyber security was not enough to prevent any virtual or physical damage to their information management system, perceiving the highest risk.
About 36 per cent of the 30 surveyed banks believed that they were at high risk of information loss at any moment.
Of the banks, 12 per cent audit their IT system quarterly while the rest 88 per cent do it yearly, the report said.
Asked about the vulnerability of the banking sector, Mustafa Jabbar said, ‘The assessment of the BIBM suggests that our money can turn into digit unless adequate investment is made for digital security purpose.’
Mahbubur Rahman Alam said that such lacking might result in data hacking, ransomware attack and operation closure.
He said that the entities should invest to create skilled manpower and equipment as a huge number of online branches of banks were running without adequate skilled manpower on cyber security.
He also mentioned that the country’s entities were mainly lagging behind other countries in creating skilled manpower to tackle the growing cyber threat.
Association of Bankers, Bangladesh vice-chairman Syed Mahbubur Rahman questioned the parameters that BIBM used for the report. He mentioned cap on cash transaction for clients, two factor authentication and non-convertibility of capital account as the measures which could tackle cyber theft automatically.
He also said that the absence of cyber security guideline of Bangladesh Bank was among other lacking to guide the banks to take proper measures in this respect.
In August 2016, the cabinet approved the Digital Security Bill that would help the government to increase its oversight over the cyber security issue and formation of a National Computer Incident Response Team, said an official of the ICT ministry.
Bangladesh Computer Council also formulated an Information Security Manual with a view to curb the growing tension regarding the online security, he said. 

More about:

Want stories like this in your inbox?

Sign up to exclusive daily email