Contact Us

Cyber security and the role of Bangladesh Bank

Cyber Security | March 8, 2021

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies into a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

Application security focuses on keeping software and devices free of threats. Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware. Information security protects the integrity and privacy of data, both in storage and in transit. Operational security includes the processes and decisions for handling and protecting data assets.

The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella. The global cyber threat continues to evolve at a rapid pace, with a rising number of data breaches each year. A report by Risk Based Security revealed that a shocking 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This figure is more than double (112.0 per cent) of the number of records exposed in the same period in 2018. With the scale of the cyber threat set to continue to rise, the International Data Corporation predicts that worldwide spending on cyber-security solutions will reach a massive US$133.7 billion by 2022.

Governments across the globe have responded to the rising cyber threat with guidance to help organisations implement effective cyber-security practices. In the U.S., the National Institute of Standards and Technology (NIST) has created a cyber-security framework. To combat the proliferation of malicious code and aid in early detection, the framework recommends continuous, real-time monitoring of all electronic resources.

The threats countered by cyber-security are three-fold: (1) Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption; (2) Cyber-attack often involves politically motivated information gathering; (3) Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

Some common methods used to threaten cyber-security are: Malware like Virus, Trojans, Spyware, Ransomware, Adware, etc. Besides this Botnets, SQL injection, Phishing, Vishing, Smishing, DNS Phishing, Farming, Man-in-the-middle attack, Denial-of-service attack, etc are mentionable cyber attack.  Dridex malware (December 2019), Romance scams (February 2020), Emotet malware (late 2019), etc are some latest cyber threats of the world.

End-user protection or endpoint security is a crucial aspect of cyber security. After all, it is often an individual (the end-user) who accidentally uploads malware or another form of cyber threat to their desktop, laptop or mobile device.

The ways cyber-security measures protect end users and systems are discussed here.

First, cyber-security relies on cryptographic protocols to encrypt emails, files, and other critical data. This not only protects information in transit, but also guards against loss or theft. Here are some top cyber safety tips: update your software and operating system, use anti-virus software, use strong passwords (not easily guessable), do not open email attachments from unknown senders (these could be infected with malware), do not click on links in emails from unknown senders or unfamiliar websites (this is a common way that malware is spread), avoid using unsecure WiFi networks in public places (unsecure networks leave you vulnerable to man-in-the-middle attacks), etc.

Bangladesh bank has taken different measures regarding cyber security. Different training and awareness program are arranged on a regular basis through IT departments and Human resources department. Bank has already formed a separate Cyber Security Unit (CSU) and appointed a security specialist from outside who is posted as the head of that unit. CSU is responsible for ensuring IT security, information security and cyber security of Bangladesh Bank.

Besides, Bangladesh Bank has published EOI for PCI DSS certification and evaluation is going on. Moreover, ISO 27001 certification is under process. Both IT departments and PSD are working on this issue. As per the instruction of Ministry of ICT and Ministry of Finance Bangladesh Bank asked all banks and NBFIs to get PCI DSS and ISO 27001 certification with the mentioned deadlines.

Bangladesh Bank is going to implement Security Operation Center (SOC) soon. Security Information and Event Management (SIEM), Anti Advanced Persistent Threat (Anti-APT), Privileged Access Management (PAM) solutions are going to be implemented soon. Vulnerability Assessment & Penetration Testing (VAPT) is performed through Information Systems Development and Support Department (ISDSD), ICT Infrastructure Maintenance and Management Department (ICTIMMD) and Cyber Security Unit (CSU) to protect valuable data and systems from malicious attacks.

The piece is excerpted from Bangladesh Bank Annual Report (July 2019-June 2020).

This content was originally published here.