Financial Sector has to be Automated

After the cyber heist in Central Bank, the security of the whole banking sector is put under scanner. SD Asia recently talked with Dr. Vilius Benetis. Dr Benetis is Is a senior consultant, focusing on securing digital environment capabilities development for organizations via changing behavior and automation. Benetis is a researcher in securing digital environments and a promoter of critical security controls for effective cyberdefense with 20 years of experience in the IT sector.

He is currently working with the Bangladesh Government for the implementation of National Computer Incident Response Team (CIRT) and Development of Information Security Policies, standards in Bangladesh

Tell us something about your current assignment in Bangladesh

The objective of this assignment is to establish the Gov. of Bangladesh’s information security program, and set program goals and priorities to support the government’s mission. It will also provide resources to set up a national Computer Incident Response Team (CIRT) to facilitate and support the program. The assignment has multiple components, including the drafting of policies, regulations, standards and guidelines. It will also propose a structure for the CIRT that is technically, financially, and operationally sustainable; provide trainings for the CIRT personnel; and assist the CIRT to establish relationships with other international/regional CIRTs.

What is CERT? Are there any differences between CSIRT and CERT?

CERT/CSIRT/CIRT are synonyms, with some minor mostly irrelevant differences. These teams have a particular processes, communities, and cooperation models, and trust in the community. CIRTs can be national/sectorial/company wide, depending on the need and setup. NRD CS have commercial CIRT, which helps organisations to set up own CIRTs and securely handle cybersecurity incidents on behalf and with customers.

What do you think is the condition of cyber security in financial sector and banking sector in Bangladesh? What are their main threats?

The only way for financial sector to be efficient and reliable in the World and in Bangladesh, is to be highly automated. That includes the automation of client service, and of internal operations. The automation is implementing through digitization.
Usage of digital services saves time of the customers, grows economies of countries, reduce physical dangers to people and organizations.

At the same time digitization is changing the threat and crime models. Instead of physical attack on banks, armed heists, criminals are benefiting from cyberattacks. This change has to be comprehended by banks and their clients, and it should come with the new skills and knowledge how to protect themselves.
The biggest risk for financial institutions and their clients are the missing proper knowledge on the new threats, how to use methodologies, technologies, and cyber-hygiene.

Is cyber security solution to banking industry expensive? If so, why? Do we have any open source option?

Cybersecurity costs must be adequate to the value of the protected assets. Due to the more assets moving to digital world, more investment is required. What is not so obvious, that hygiene is not expensive at all due to many tools existing (both commercial and open source). What costs most – the setup of appropriate processes and build required human skills.

You mentioned some of the problem of our Digital Security Act, like it doesn’t have the provision for a national internet security officer provision? Why do we need that position?

We were not commenting on Digital Security Act, as it is in Draft form and still being discussed. Yesterday we were not talking about Digital Security Act.

Does financial sector need a CIRT to monitor financial transaction security?

Organisations in financial sector should start from building own capability (Cybersecurity Incident Response Teams – CIRT/SOC), adjust processes, and then should cooperate in organized way with other national and regional CIRT teams to achieve the security of their assets and clients. Additionally organisations should focus on cybersecurity hygiene, adopting and implementing such practical frameworks like CIS Security Controls (https://www.cisecurity.org/critical-controls.cfm), which already benefited many organisations around the world, and which allow to be better compliant with sectorial regulation as PCI DSS.

How information security consultant like you can make sure that the breeches in a network could be traced?

We empower financial organisations to be able to secure and monitor their IT and banking systems, detect incidents and respond appropriately in order to reduce losses. It is done by the means of creating internal CIRTs – teams of incident handlers, who work according specific process.

Source: https://sdasia.co/2016/03/25/financial-sector-has-to-be-automated/

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_7R789HZWSC	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
guest_id	2 years	Twitter installs the guest_id cookie to enable Twitter integration and for social media advertising. This cookie helps to track user behaviour for marketing, to enable sign in and personalize the user's Twitter experience across devices.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
muc_ads	2 years	Twitter set this cookie to collect visitor navigation data to optimise ad relevance.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
DEVICE_INFO	5 months 27 days	No description
guest_id_ads	2 years	No description
guest_id_marketing	2 years	No description
ln_or	1 day	No description

What are You looking for?

Financial Sector has to be Automated

Financial Sector has to be Automated

Explore Other Insights

FATF Lists - Impacts Of Inclusion

The Impact of Ultimate Beneficial Owners Transparency on Society

Advancing Transparency with Beneficial Ownership Registers

FATF Lists - Impacts Of Inclusion

The Impact of Ultimate Beneficial Owners Transparency on Society

Advancing Transparency with Beneficial Ownership Registers

Lithuania's Digital Transformation Journey: A short story

Understanding e-Government Projects: Why Do More than 80% Fail?

Transforming Governance: The Impact of e-Government Projects on Efficiency & Public Value

Navigating Challenges in Accessing Beneficial Ownership Information across the EU

A Major Win for the Ministry of Digital Transformation of Trinidad and Tobago