Banks need to install BB-prescribed SOC to secure system from hacking: experts

Bangladeshi banks need to adopt an advanced cybersecurity system in line with the regulatory guidelines amid concern that the infrastructures in the country’s banking sector dangerously lags behind, experts told a seminar on Tuesday.

They also said the central bank and all the merchant banks need to reinforce their efforts for building skilled manpower that can deal with the latest technology like setting up of “Security Operation Centre (SOC)” to secure the banking sector from hackers as they are out to steal money by using malware and ransomware.

Backdoor Private Ltd, a Dhaka-based cybersecurity firm that works in the field of cybersecurity for the banking sector, arranged the seminar on SOC at a city hotel with the participation of cybersecurity experts, banking sector officials, policymakers and lawyers.

Debdulal Roy, executive director (ED) of the Bangladesh Bank, spoke at the programme as the chief guest.

Roy said the Bangladesh Bank issued a circular long ago and subsequently warned the banks several times, asking them to install the SOC to secure their system, but the response from the banks was lukewarm.

“So far I know only three banks have installed the SOC but I’m not sure if they’re running it properly. This scenario is very unfortunate,” he said.

The country has about 60 banks.

“Issuing orders are not enough. We’re doing our part from the central bank, but the banks should come forward to execute the decisions,” Roy said joining the discussion virtually.

The BB ED also said the banks must be aggressive to install SOC and use local firms and experts to make their system secure. “The banks should come forward with investment for good software for the sake of the banking sector’s credibility.”

Tanvir Hassan Zoha, a cybersecurity expert and the managing director of the Backdoor Private Ltd, presented the keynote paper where he explained why the country’s banking sector remained vulnerable to hacking by both local and outside hackers.

Referring to a recent alert regarding the possible hacking attempt in the country’s ATM system, he said authorities and investigators should not only focus on so-called “international hackers”, but also on the domestic hackers.”

Many of the banks’ secrets were available in the darkweb and local hackers are monitoring them as part of their preparation to launch attacks.

“This is dangerous. It can harm the system. So, we must protect the customers and the banks’ system,” Zoha said.

He said the installation of the SOC can secure the banking system from hackers to a great extent.

Abul Kashem, Bangladesh Bank’s former deputy governor, said the country’s banks are eager to secure their system, but many of them are reluctant to spend money on the advanced system.

Arpita Chowdhury, a lawyer and legal advisor to the Backdoor Pvt Ltd, said cybercrime is a non-bailable offence but in absence of proper evidence gathering and investigation mechanism any hacking incidents could go unpunished.

She warned that the banks should have to bear the responsibilities as laws dictate that one must report to the police rather than hiding any incidents. “If someone refrains from complaining to the police or proper authorities about any crimes involving their banking system the person concerned would go under investigation and could be booked for negligence as per law.”

Arpita said SOC can help the banks investigate the technical details to bring the hackers to book. Otherwise, any complaints would reach nowhere because of the lack of evidence if the cases are not properly documented and an investigation is not done.

She urged the technical heads of the banks to report to police and file cases in case of any suspected attacks.

Source: United News of Bangladesh