36 percent of banks in the country at risk of cyber attacks, risk expected to increase before elections

Despite spending an average of Tk 200 billion every year to prevent cyber attacks, 36 percent of the country’s banks are still at the highest risk. The government itself has expressed concern that this risk may increase further before the elections. Bankers and IT experts say that this risk is not decreasing due to lack of regular maintenance and not updating technology over time. According to Bangladesh Bank, Tk 53,413 crore has been spent to protect the banking sector from cyber attacks until 2024. According to BIBM data, by the end of March this year, the number of deposit accounts in the country stood at about 165 million and the number of advance accounts was about 143 million. Meanwhile, the scope of bank branches, ATMs, CRM, agent banking and internet banking activities has also increased significantly. However, as cybersecurity is not as strong as it should be, banks are becoming targets for hackers. BIBM says the country’s banking sector is being attacked between 145 and 630 times a day, most of which come from China, Russia and the US. About 2 percent of attacks are also carried out from within the country. “After purchasing software and equipment for security, banks do not want to invest in maintenance. There are often delays due to the complexity of board approvals. Hackers take advantage of this gap,” said Faruk Mainuddin, vice chairman of BRAC Bank. BIBM Professor Md. Mahbubur Rahman Alam said, “The nature of cyber attacks is constantly changing. When new devices come out, the risk increases if they do not receive immediate updates. While large banks invest relatively more, small banks lag behind.” Data shows that 68 percent of attacks are malware, 48 percent DoS and phishing, 46 percent spam. 27 percent attacks are carried out by vendors and about 16 percent are carried out in collusion with bank internal officials or hacktivists. IT expert Suman Ahmed Sabir said, “People in the house are often involved in major cyber attacks.” Once a cyber attack occurs, 37 percent of the total cost has to be reinvested in hardware and software, 18 percent in customer business losses and 35 percent in direct financial losses. Bangladesh Bank spokesperson Ariful Hossain said, “Banks have been given strict instructions so that they do not take advantage of negligence. If any bank is not prepared or if collusion of officials is proven, strict action will be taken.”