Country
Bangladesh
Source
BankInfoSecurity article Feb 2020 by Suparna Goswami
Title
New Cyber Security Guidelines in BD: what's needed?
About
Experts offer insight on critical steps for financial institutions .
Central bank of BD about to release revised IT security guidelines for financial institutions.
Current guidelines (from 2015) failed to take account of new tech practices, e.g. no guidelines for if building their own software in house
Challenges:
Companies still consider Cy Sec a cost. Talks around Cy Sec have only really just begun. Huge lack of adequate resources in the market. Entire IT industry in BD is fairly new.
After the BD bank heist, financial institutions are required to appoint a CISO, however since there are not many qualified CISOs in the country banks are promoting people with a technology background to that position. Moreover, once appointed most banks do not spend the resources to train the person for security.
Bangladesh Bank has formed an info & communications tech steering committee that's working on the new guidelines.
The central bank asks banks & financial institutions to conduct at least one VAPT a year as well as obtain certifications PCI DSS. 1 view is that red team exercise are more valuable than VAPT.
Key findings
The hope is guidelines address this issue and challenges.
New guidelines should:
Enforce organisations to mitigate their non technical risks. New guidelines relating to data privacy (rarely acknowledged here).
Articulate that board of directors & senior management team should include those who have an understanding of technology risks to reduce roadblocks to banks Cy Sec enhancements.
New proper security guidelines about the network-connected IoT devices.
Tapan Anti Sardar (founder & president of CTO forum) calls organisations to:
Integrate security technologies to gain full threat visibility across all platforms (cloud, mobile, on premises assets).
Entire continuous training - to move away from manual processes and develop existing teams to create basic cyber hygiene and nurture culture of security
Security teams must create awareness of cyber threats, how to detect, mitigate & respond.
Website
https://www.bankinfosecurity.asia/new-cybersecurity-guidelines-in-bangladesh-whats-needed-a-13703