Banks face IT audits
The ICT Division will probably commence an IT audit on banks next month to measure their capacity to thwart cyberattacks as growing digitalisation and remote working arrangements have augmented the financial sector's exposure to online crimes.
The Digital Security Agency, a wing of the ICT Division in charge of tackling cyber threats, will carry out the audit as most banks are susceptible to cyber-criminals in the absence of a powerful security system.
Tarique M Barkatullah, director of businesses at the Agency, said almost all the preparations had a need to get started the audit are complete.
"The agency will commence the audit next two months. We have already arranged several meetings with the stakeholders to conduct it."
Banks in Bangladesh are increasingly embracing digital banking means by rolling out various retail banking products. For example, many banks have previously introduced app-based banking, enabling clients to carry out banking activities online. Furthermore, some banks are establishing cash recycling machines to replace the existing automated teller machines at an easy pace.
The ongoing coronavirus pandemic has given a boost to these digital initiatives because they help persons settle transactions and never have to visit their local branches.
Against this backdrop, you will find a strong requirement to strengthen IT security in the banking sector.
S&P Global ratings firm has said banks are fundamental targets as direct resources of finance, because of their key infrastructure role and in addition their possession of a broad range of sensitive personal data, according to Reuters.
Accelerated digitalisation and remote working arrangements have increased the financial sector's contact with cyber-risks and could bring about more complex cyberattacks that trigger higher losses, it said.
Initially, state-owned banks in Bangladesh will be audited, with Rupali Bank set to be the first.
"After completing the audit programme in state-owned banks, the agency will verify the effectiveness of private banks," Barkatullah said.
Brac Bank is definitely the first lender among private banks to endure an IT audit, that may have a maximum of five days to complete for each and every lender.
In February this past year, the agency completed an IT audit on Sonali Bank on a pilot basis.
"The piloting helped us decide," Barkatullah added.
The audit team will scrutinise all IT infrastructures, which range from core banking answers to hardware, to find loopholes that could become potential threats for lenders.
The agency will also verify whether the banks follow the government's information security manual.
Zunaid Ahmed Palak, state minister for ICT, said the federal government made a decision to conduct an IT audit to bring all of the banks under official guidelines by pointing out their cyber-security flaws.
The audit will identify the banks' cyber-security flaws and make recommendations for the required measures to solve them.
The team will submit a complete are accountable to the Digital Security Agency on the companies which will implement their tips within a stipulated timeframe.
"This will certainly reduce the risks of the banking sector and make it safer," Palak added.
Ali Reza Iftekhar, chairman of the Association of Bankers Bangladesh, welcomed the government's decision.
"All kinds of cooperation will be extended in this regard. However, the facts about how the IT audit process begins and the conditions and conditions have not been finalised," he added.
This is a good initiative by the ICT Division to keep carefully the financial institutions safe from cybercrime, according to IT expert Tanvir Hassan Zoha.
"But the question is whether the Digital Security Agency and the Computer Incident Response Team have enough skilled workforce to conduct this audit," he said.
There are simply 70 people in the two agencies, while the number of banks and non-bank finance institutions stands at 95.
"How do they audit all these organisations?" added Zoha, also the managing director of Backdoor Private Ltd.
He questioned the way the ICT Division could complete these audits without assistance from the Bangladesh Bank, which lays down the laws and guidelines for the neighborhood lenders.
The BB has asked banks to introduce a Security Operations Centre (SOC) to keep them safe from digital threats.
"If a SOC system is introduced in every banks, you'll be able to prevent cyberattacks," Zoha said.
