Commercial banks are on high alert following a series of directives issued by Bangladesh Bank (BB) aimed at bolstering their defenses against cyberattacks. In response to the BB’s instructions, Mutual Trust Bank’s CEO, Syed Mahbubur Rahman, assured that the bank is working tirelessly to ensure the security of all its operations. Rahman emphasized that the bank has swiftly implemented the necessary measures to counter the potential threat, ensuring the safety of deposits and transactions. Similarly, Selim RF Hussain, CEO of BRAC Bank, echoed this sentiment, highlighting the collaborative efforts of an expert team aligned with government entities to mitigate potential cyber threats.
The alarm was raised by BB, revealing that a group of hackers had issued a warning of a cyber attack, slated for August 15. In reaction to this imminent threat, the government’s ‘Computer Incident Response Team’ (CIRT) issued a cybersecurity alert. CIRT’s statement on August 7 highlighted the potential for disruptions to State Critical Information Infrastructure (CII), as well as operations of financial institutions, healthcare providers, and both government and private sectors. Organizations concerned were urged to proactively prepare for potential cyber incidents, regardless of scale.
BB’s directives to banks and financial institutions encompassed eleven key measures aimed at preventing cyber attacks. Among these, a prominent directive was the round-the-clock monitoring of network infrastructure, especially outside regular office hours, to ensure data integrity. Additionally, stringent control over website access was emphasized as a means to curtail cyber threats. Complementary to these measures, adherence to the latest Open Web Application Security Project (OWASP) guidelines was recommended, alongside the implementation of various protocols to identify and counter insecure activities on networks.
In response, CIRT extended vital recommendations to safeguard the infrastructure of relevant organizations against cyber attacks. These included the deployment of firewalls to scrutinize incoming HTTP/HTTPS traffic, identification and filtering of malicious requests, and the safeguarding of critical services such as DNS and NTP. The significance of securing user input validation and maintaining website backups was also underscored. The incorporation of HTTPS, supported by SSL and TLS encryption, was encouraged to bolster website security. Finally, organizations were urged to promptly report any suspicious activities, employing up-to-date technological solutions.
