Banks on alert to prevent cyberattacks

All commercial banks are on a state of high alert after Bangladesh Bank (BB) issued 11 instructions to all banks and financial institutions to fight cyberattacks.

The central bank on Thursday wrote to the institutions telling them what they should do to prevent cyberattacks.

Chief Executive Officer of Mutual Trust Bank Syed Mahbubur Rahman said that officials of the bank are working round the clock to keep all the activities of the bank  secure.

He said after getting the central bank’s instructions, MTB has taken enough measures to check the threat.

“All the deposits and other transactions are safe and secured,” said Syed Mahbub.

Selim RF Hussain, CEO of BRAC Bank, also gave a similar opinion regarding measures to prevent cyber-attacks.

An expert team is working with coordination of the government entities to avert any disaster, he said.

The BB letter stated that a group of hackers have threatened a cyber-attack in Bangladesh, with August 15 as the date of a possible attack.

In response to the threat, the government’s ‘Computer Incident Response Team’ (CIRT) issued a cyber-security alert.

A CIRT press release on August 7 said that cyber-attacks could disrupt operations of State Critical Information Infrastructure (CII), banks, financial institutions, healthcare, and government and private institutions. All concerned organizations are asked to take pre-preparedness to prevent small or medium cyber-attacks.

The BB has issued 11 instructions to banks and financial institutions to prevent cyber-attacks. Notable among these are 24-hour, especially outside office hours, network infrastructure should be monitored to ensure that no one is removing data. Access to various websites should be controlled to minimize cyber-attacks.

In addition, the Open Web Application Security Project (OWASP) latest guidelines should be followed to strengthen the security system in addition to taking various measures to detect insecure activities on the network.

CIRT offers some suggestions to ensure the infrastructure security of the concerned organizations to avoid cyber-attacks.

They are deploying firewalls to analyze incoming HTTP/HTTPS traffic and filter malicious requests and traffic patterns. Securing critical services such as DNS, NTP, and network middleboxes; validating user input.

It also asked for keeping backups of the Website; Implementing HTTPS on websites with SSL and TLS encryption. CERT is asked to report anything suspicious, including using updated technology.