IT IS worrying that the majority of the country’s commercial banks are yet to take proper security measures to tackle cyber-attack as the top executives of the banks possess a poor knowledge about information technology. One-fourth of the managing directors of 57 banks, according to experts at a workshop held in the capital, as New Age reported on Monday, have no idea about operating email that may plunge their banks into a major cyber risk. It will also not be unjustifiable to say that the country’s commercial banks lack adequate human resources and mechanism necessary for protecting their information technology infrastructure from any sorts of cyber attacks. What is more disquieting is that most of the banks still remain indifferent to the Bangladesh Bank’s advice on replacing their magnetic stripe cards with chip-embedded cards, a replacement crucial for protecting automated teller machines from card skimmers, despite the advice having been given on four occasions since 2013. They also, with a few exceptions, failed so far to comply with the central bank’s directive issued in 2015 on getting certified by the Payment Card Industry Data Security Standard, a proprietary information security standard for entities that handle branded credit cards including Visa, MasterCard and American Express.
Ironically, even the Bangladesh Bank, the regulatory authority of the sector, has failed to take necessary initiative to organise training programmes for its officials on IT control. It is all the more so as it is essentially the central bank’s repeated insistence that led the commercial banks to digitise their operations. Meanwhile, cyber criminals have stolen $101 million from the central bank’s foreign exchange reserve in recent times, while card skimmers stole about Tk 1 crore from different banks’ ATM machines in the capital Dhaka by cloning credit and debit cards of clients of the banks. It may be pertinent to mention here that a study by the Bangladesh Institute of Bank Management has found that the country’s banking sector invested Tk 820 crore in 2014 to develop their IT systems but spent only Tk 33 crore to strengthen their cyber security systems the same year. The scanty spending behind cyber security measures took place at a time when experts suggest that only improving firewall of a cyber security system is not enough to make the system immune from hacking. They suggest setting up of alarm in the system so that the relevant authorities can detect malware in the shortest possible time. Needless to say, the banks willing to upgrade their cyber security system in this manner will necessarily need to spend much higher.
Digitisation of banking operation has not only eased banking transactions but also reduced the cost of access to banking services for clients. But it is also true that if the above-mentioned security concerns remain unaddressed, it may end up putting the economy as a whole in jeopardy. Hence, the authorities concerned should immediately act on these issues.
Want stories like this in your inbox?
Sign up to exclusive daily email
More Stories from Editorial