Bangladesh Bank has issued a warning regarding the threat of a major cyber attack on the country's banks, financial institutions, and digital payment service providers.
On Wednesday (July 30), Bangladesh Bank's Information and Communications Technology (ICT) department sent out a letter with this warning. The letter stated that in the coming days, key infrastructure in the country (Critical Information Infrastructure, CII), including banks, the financial sector, healthcare, and both government and private institutions, are at risk of cyber attacks. Such concerns have emerged from various sources.
The letter instructed banks, financial institutions, and payment service providers to urgently implement necessary cybersecurity measures.
Recommended Preventive Measures by Bangladesh Bank:
-
Servers, databases, and IT systems must be regularly updated.
-
Unnecessary ports should be closed, and access should be permission-based, ensuring at least minimal authorization.
-
Regular backups and restore procedures should be implemented based on the importance of the stored data. The 3-2-1 backup strategy is encouraged.
-
Encryption is mandatory for data transfer, storage, and processing.
-
Multi-factor authentication (MFA) should be enabled on all critical systems.
-
Emphasis should be placed on security monitoring and the use of other security tools.
-
Endpoint Detection and Response (EDR), antivirus, and other software should be updated and their functionality ensured.
-
Incident response plans and specialized teams should be prepared to handle potential cyber attack incidents.
-
Suspicious logins, file changes, or external connections should be monitored and reported to authorities when necessary.
-
Regular reviews of remote access, VPNs, and privileged accounts should be conducted, with necessary controls applied.
-
If any signs of a cyber attack are detected, immediate action must be taken, and Bangladesh Bank should be informed.
-
Adequate personnel must be assigned to operate a 24/7 security monitoring center.
-
To maintain high system capacity and reliability, load balancers should be installed, and alternative plans should be prepared.
-
The institution's Business Continuity Plan and Disaster Recovery Plan should be updated and implemented.
The letter further mentions that these measures aim to prevent any potential cyber attack, reduce damage, and ensure the prompt implementation of effective responses to manage risks.
This letter has been sent to the Chief Executive Officers of all scheduled banks, financial institutions, and payment service providers in the country.
It is also mentioned that the central bank has urged these institutions to take preventive measures immediately, without delay. Failure to ensure cybersecurity could lead to significant disruptions in the country’s financial system.
