Taher Ahmed Chowdhury, the Deputy Managing Director of Islami Bank, is a 30 years experienced personality in field of IT and is therefore also the Head of Information & Communication of this bank. He has also played the role of Executive Vice President & CIO of first security of Islami Bank.
Mr. Taher Ahmed Chowdhury’s resume reveals that apart from completing MBA from IIUC, he have also mastered the International Project Managing from AAPM, USA, after which he finally mastered in Information Technology from Institute of IT from Jahangirnagar university. He, for the quest of knowledge, has also earned professional/global online certifications on MCP, MCSE and CCNA from Microsoft & Cisco, USA. Recently he has received CISSO (Certified information Systems Security Officer)from Miles2 of USA. The fact is, he is the only head of ICT in banking industry who have earned this prestigious online certification.
With such high qualifications in the field of IT, in 1986, he started his career as the Hardware Engineer of Beximco Computers Ltd.; which was the first IT Company of Bangladesh. After sometimes, he took a break from Beximco and joined as a Radio Electronic Instructor in the Marine Academy of Chittagong (under Ministry of Shipping) in 1993. However, he joined back Beximco in 2000 as the Senior Network Engineer. After a while during the period of 2002, he became the Senior Faculty & System In-charge of BRAC IBM-ACE & BRAC BITI. Nevertheless, he went back to Beximco; but this time as a Manager Technical of Training & Services in 2005. Later after a certain time, he finally shifted his career to banking and joined as the Assistant Vice President of IT division of IFIC Bank. He worked there before he finally became a part of Islami bank.
In the last two issued of Fintech, the first and second core functions of cyber security of Taher Ahmed Chowdhury’s (the Deputy Managing Director of IT, Islami Bank) guidebook on “Executive leadership of cyber security” was published.
According to this IT personality’s guidebook, cyber security can be divided into five core cyber security functions of the NIST’s cyber security framework which includes the five core functions of cyber security; namely- Identify, protect, detect, respond and recover. Among these, how to “Identify” and how to “Protect” along with their respective elements has been discussed earlier.
This current issue will therefore shed light on the 3rd core function of cyber security-“Detect and its elements” written by this only Bangladeshi achiever of CISSO (Certified Information Systems Security Officer) from Miles2, USA, a prestigious online certification of ICT banking.
If the cyber security protection tools covered in the ‘Protect’ section are your banks “first line” of defense against Internet threats, consider the ‘Detect’ section tools as your reinforcement. Cyber-attackers will attempt to exploit vulnerabilities that they can find, and it’s up to your IT staff to detect such intrusions inside and outside of your network. To effectively do this, your IT manager must first have a thorough understanding of what is in your asset inventory and the associated risks. Your IT manager should also ensure the appropriate safeguards are in place to protect your banks assets (see PROTECT Section). The start of any detection strategy is the baseline inventory. Additionally, monitor your networks, systems, and applications to establish a baseline traffic pattern or establish a measure for “normal” operations. Your detection tools, which will be discussed later in this section, will then monitor for deviations from that normal state of activity. Your IT manager should also have a process in place for correcting any issues as you detect them.
Monitoring Deviations from Normal Operations
To mitigate threats proactively, use controls and sensors that automatically work to prevent or limit unauthorized access to computer
networks, systems, or information.
These may include:
- Intrusion Detection Systems;
- Network Behavior Anomaly Detection Tools;
- Security Information and Event Management /Log Analyzer;
Intrusion detection systems are security products that gather and analyze information from various areas within a computer or a network to identify possible security breaches, which include both intrusions from outside and inside the organization. These systems detect the occurrence of anomalies or cyber security incidents at your bank, enabling timely responses to a cyber-attack and the potential to limit or contain the impact of the attack. Network behavior anomaly detection tools or NBAD, is a type of network security threat detection system that continuously monitors a network for unusual events or trends. NBAD tools offer added security in addition to that provided by other anti-threat applications such as firewalls, antivirus software, and spyware-detection tools.
This is done by tracking critical network characteristics in real time and generating an alarm if an anomalous event is detected that could indicate the presence of a threat, such as larger than normal traffic volume to the website or bandwidth usage. Security information and event management (SIEM) systems are tools used to manage logs and alerts from multiple security applications and devices. SIEM tools typically provide real-time monitoring, correlation of events, notifications, long-term storage, analysis, and reporting of log data.
With innovation in technology has come the evolution of methods to deliver financial services. The industry has gone from the widespread use of ATMs in the 1980s, to modern point of sale (PoS) terminals in the 1990s, to Internet banking in the 2000s and mobile banking in 2010s. These new and evolving ways of meeting consumer demand, however, come with new fraud patterns and evolving risks of cyber-attacks. Common cyber-attacks that bank CEOs should particularly know about and understand are:
- Distributed Denial of Service (DDoS) attacks;
- Corporate Account Take Over (CATO) attacks;
- Automated Teller Machine (ATM Cash Out) attacks; and
- CryptoLocker attacks
Distributed Denial of Service (DDoS)
DDoS is a type of attack that attempts to make an online service unavailable by overwhelming a website with excessive traffic from multiple sources that interrupts normal services. In the latter half of 2012, an increased number of DDoS attacks were launched against financial institutions by politically motivated groups. These DDoS attacks have increased in sophistication and intensity. They have caused slow website response times, intermittently prevented customers from accessing institutions’ public websites, and adversely affected back-office operations. DDoS attacks are a threat to financial institutions of all sizes. Banks subject to a DDoS attack may face a variety of risks, including operational risks and reputation risks. The attack may also serve as a distraction while hackers attempt alternative types of fraud.
Corporate Account Take Over (CATO)
CATO is a type of business identity theft where cyber-thieves impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. All businesses are vulnerable to a CATO attack, especially those with limited or non-existent computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. Losses from this form of cyber-crime have the potential to be substantial, with the majority of these thefts never being fully recovered. These thefts have affected both large and small banks.
ATM Cash Out
ATM Cash Out is a type of large dollar-value ATM cash-out fraud characterized as Unlimited Operations by the U.S. Secret Service. Recently, there has been an increase in these types of cyber-attacks where thieves gain access to and alter the setting on ATM web-based control panels used by small- to medium-sized financial institutions. ATM Cash Outs may cause financial institutions to incur large-dollar losses. Therefore, state and federal regulators expect financial institutions to take steps to address this threat by reviewing the adequacy of their controls over their information technology networks, card issuer authorization systems, systems that manage ATM parameters, and fraud detection and response processes.
CryptoLocker is a type of computer software malware or “ransomware” that emerged in 2013.The malware is typically spread through phishing emails containing malicious attachments. Once a computer is infected, the malware encrypts the data, thereby restricting access to the data on the infected computers. Then the malware demands the victim provide a payment (or ransom) to the attackers in order to decrypt and recover their files. The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares, and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected. While victims are told they have three days to pay the attacker through a third-party payment method (i.e. MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key.
Eight Mobile Banking Security Recommendations
The use of mobile banking has increased substantially in recent years, and studies show this trend is very likely to continue as more consumers opt for the convenience of mobile technology. In 2012, 33 million U.S. consumers used their mobile devices to conduct financial transactions, and according to Aite Group, an independent research and advisory firm, an estimated 96 million U.S. consumers will adopt mobile banking by 2016. To keep up with the rise in consumer demand, Aite expects the number of financial institutions offering mobile banking solutions to their retail banking customers will also increase. As demand for the convenience of mobile banking continues to grow, so too has concern regarding the security of mobile banking applications. A report published by Deloitte Center for Financial Services in May 2014 revealed that a leading reason some smartphone users do not engage in mobile banking is concern regarding the security of the applications. Mobile banking has opened a new door for cybercriminals, and the ecosystem of mobile banking involves several players which can be challenging when addressing issues of security. These players include customers, merchants, banks, debit/credit card networks, clearing/settlement organizations, application providers, third-party payment providers, wireless carriers, and handset/chip manufacturers, all of which are responsible for some level of security. For banks, there are various measures that can be taken to address the security of mobile banking and payments. Additional recommendations for a secure transition to mobile banking is available in an executive financial services report by Symantec titled, “Banks Likely to Remain Top Cybercrime Targets.” ■