Bangladesh ranks third in the list of countries at risk of malware attacks
With several lock downs due to Covid-19, online transactions in e-commerce, online banking activities, and the use of mobile financial services (MFS) have soared across the country.
MFS, for instance, has become one of the most reliable means of disbursement of money under various incentives and social security programs of the government during the pandemic. Various private organizations, including the garments industry, have also been relying on such services to disburse salaries and bonuses.
But the rapid adoption of new technology also raises the question of cybersecurity — how safe is the Bangladeshi financial system?
According to a report by Kaspersky Lab, for the first quarter of this year, Bangladesh ranked third in the list of countries at risk of malware attacks on smartphones. About 26 out of every 100 smartphone users in Bangladesh are at risk of malware attacks this year, up from 13 out of 100 users just five years ago.
Ransomware attacks on computers in Bangladesh have also increased from 4-5% to 8.11%, according to the report.
However, Bangladesh has been able to provide continuous cybersecurity improvements, moving up 25 notches from the 78th to 53rd position in the latest edition of the Global Cybersecurity Index of the International Telecommunication Union (ITU).
This was mainly because stakeholders and regulatory bodies such as the central bank have taken numerous steps over the years to enhance consumer protection in terms of data and system securities.
According to Bangladesh Bank, the current turnover in mobile banking in the country is around Tk1,100 crore per month — an amount that is on the rise.
In response to the popularity of online shopping and growing number of transactions, one of the top MFS providers in the country bKash adopted the PCI DSS compliance framework — the standard of operations intended to keep consumers' card information and personal data safe when used with merchants and service providers.
However, the major issue in terms of data security in MFS is a social issue, according to a bKash official.
“MFS scams have definitely declined because we have taken numerous steps to raise social awareness. A big part of our promotional expense has been diverted to reaching the masses in raising awareness of protecting their own personal data,” the official told Dhaka Tribune.
bKash strongly communicates with its users not to share personal data — OTP, PIN, NID information — to anyone who threatens them of account closure or offers prizes and rewards to acquire personal information through social engineering, he said.
“Even the central bank very recently issued two separate notices in this regard, warning banks as well as non-banking financial institutions [NBFIs] to take effective measures in deploying IT teams to cater to cybersecurity,” he added.
As part of the new instruction, the central bank has asked to form an IT management team to enhance and develop cybersecurity of NBFIs, explained Md Kyser Hamid, managing director of BD Finance.
He pointed out that NBFIs have been exposed to cybersecurity threats with growing digitalization; some institutions now have digital wallets, credit cards, and even offer consumer loans.
In this regard, there has been a strong requirement to strengthen IT security in the financial sector, he said, adding: “Accelerated digitalization and remote working arrangements have increased the global financial sector's exposure to cyber-risks and could lead to more complex cyberattacks that trigger bigger losses.”
Furthermore, the central bank had not approved a cloud-based database management system, and hence consumer data, financial records are hosted in local servers, in contrast to storing them offshore in countries like Singapore.
“This makes it harder for hackers to access database systems,” explained Hamid.
Institutions have also been hiring ethical hackers for monitoring hacks and aligning systems accordingly, increasing internal capacities, he added.
“We have hired ethical hackers to align our systems and currently use separate APIs [Application Programming Interfaces] to provide customer service that has no access to the core-banking-system.
“As online based transactions soared, we took such measures for added security against any potential cyber threats,” Hamid further said.
Before Covid-19 struck, the latest report of Bangladesh Institute of Bank Management (BIBM) titled “Cyber Security-First Responder: Threat Detection and Response” said that only 35% of the country's banks have next-generation cybersecurity installed.
After this report in April 2019, there have been no more updates on this due to the pandemic.
Mahbubur Rahman, an associate professor of BIBM who worked on the report, said the banking sector has improved a lot since the Bangladesh Bank reserve heist.
“My guess is that in the last two years, almost all the top banks in the country have strengthened the cybersecurity of their major branches,” he said.
They have updated the latest card system; before they were using magnetic cards but now, they have shifted to chip-based cards, making it difficult to clone those, he added.
Investment in this sector is increasing in Bangladesh as in other parts of the world, Rahman further said.