- The Fin-Cert will be
- Take measures to prevent cyber attacks against the financial sector.
- Monitor the cybersecurity situation in the banking sector
- Help banks prevent impending cyber attacks.
- Facilitate the exchange of information between all financial institutions
- Banks will be able to share information about attacks and their solutions on the platform
Bangladesh Bank to launch Financial Sector IT Emergency Response Team (Fin-Cert) to prevent cyberattacks such as the one in which hackers managed to steal $ 81 million from its bank accounts. Federal Reserve Bank of New York five years ago. – in the biggest digital break in the country’s banking history.
A senior central bank official told The Business Standard that Fin-Cert will focus exclusively on the financial sector for emergency security and take action to avoid any impending cyberattack.
For example, if a bank is faced with a hacker malware threat and is unable to counter it, it can share the problem anonymously on the Fin-Cert platform to alert other banks and check if someone else is having similar problems. If another bank has a solution, they will share the information on the platform, the central bank official said.
The Fin-Cert will monitor the cybersecurity situation of the banking sector and provide the necessary support and advice to help prevent probable and imminent cyber attacks. It will also facilitate the exchange of information between all connected financial institutions, he added.
The country already has the Government of Bangladesh Online Government Computer Incident Response Team (BGD e-GOV CIRT), which was established under the umbrella of the Government’s Digital Security Agency.
Central bank officials recently held a meeting on Fin-Cert, sources said.
BGD e-GOV CIRT Tarique Project Director M Barkatullah told The Business Standard: âThe Fin-Cert will work to ensure cybersecurity for all financial institutions. The central bank has already formed a team to develop a system to respond to cyber attacks and we are coordinating the issue. “
He said: âIf there is a cyberattack in the financial sector, the central bank will tackle the problem first and if they ask us for help, we will go ahead with our help.
With the advancement of technology, the banking system now faces more security threats. Previously, banks imposed restrictions on the use of ATM services at night and advertised the possibilities of cyber attacks to educate customers.
Managing Director and CEO of Pubali Bank, Safiul Alam Khan Chowdhury, said: âAs a private commercial bank, we have the biggest banking chain in Bangladesh and we are trying to provide internet services, because better protection in cybersecurity has always been a priority. “
Some security practitioners have said that the big challenges in cybersecurity are the lack of precautions before an attack. Furthermore, developing a realistic framework for Fin-Cert’s activities and carefully defining its role in ensuring better security for the financial sector is also a challenge.
Former computer science and engineering professor at Bangladesh University of Engineering and Technology Mohammad Kaykobad said: âIt is too late to implement such an initiative now. These plans almost always look good on paper, but I doubt the central bank programmers are effective. enough to develop such advanced technology.
He said: âThey haven’t been very active in the past because we’ve already lost almost $ 1 billion from our banking system. This is a huge loss and for some reason we are taking such initiatives for our banking industry after 5-6 years after the cyber-heist. “
The IT specialist advised the central bank to take a proactive role in ensuring cybersecurity by consulting with national and international cybersecurity practitioners.
Shadhin Fintech Co-Founder Shadman Y said, âCyber ââsecurity is by far the biggest threat to financial institutions around the world. We are very keen to learn more about the cybersecurity initiatives taken by the Bangladesh Bank and the Ministry of ICT.
“This [the Fin-Cert] will be an excellent development for the entire financial ecosystem and will strengthen customer confidence. As a fintech startup, we would be more than willing to understand these issues and incorporate relevant solutions if we asked. “
According to the report by global cybersecurity leader Trend Micro, they blocked 40.9 billion email, malicious file and malicious URL threats for customers around the world in the first half of 2021, an increase of 47% year-on-year.
The global banking industry has been affected at a disproportionate rate, with a 1318% year-over-year increase in ransomware attacks in the first half of 2021, according to Trend Micro.
Ransomware was a major threat to global organizations in the first half of 2021, but it was not the only one.
The Trend Micro report also found that Commercial Email Compromise Attacks (BECs) increased 4% in the first half of this year, potentially due to new opportunities from Covid-19 for threat actors.
Cryptocurrency miners have become the most detected source of malware, having overtaken WannaCry and web shell attacks in recent months.
Structure and expectations of Fin-Cert
The Fin-Cert has major tasks, including the creation of a threat intelligence platform and the definition of security standards.
The Fin-Cert will be fully independent to monitor the cybersecurity situation in the financial sector, but will report to the BGD e-GOV CIRT and the Digital Security Agency at national level, in accordance with the law and rules on information technology, a government official said.
âFin-Cert will have an advisory board. It was also recommended that each financial institution have a separate entity that will provide real-time information to Fin-Cert, âhe added.
Some security practitioners have recommended that Fin-Cert develop a framework to manage and oversee third parties who are often responsible for maintaining the cybersecurity of financial institutions.
Experts also want Fin-Cert to be an independent entity made up of stakeholders from the government, the central bank, law enforcement agencies, the justice ministry and all banks and financial institutions.
âThere is a lack of qualified resources to develop such an IT emergency response team, especially in the banking industry. As we lack a skilled workforce, we should focus on e-literacy and industry-oriented technological education, âMohammad Kaykobad said.
“I believe that such a platform must include a new generation of dynamic programmers, who will work effectively and efficiently. They will ultimately develop effective measures to ensure cybersecurity,” he added.
In addition to Fin-Cert, the BGD e-GOV CIRT plans to have an IT emergency response team for chemical and commercial facilities, communications, critical manufacturing and emergency services, power and agriculture, healthcare, nuclear, waste management, transport, and water and wastewater sectors.