IT Security Awareness Md. Mahbubur Rahman Alam Presented By   Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc. (Econometrics) Dhaka University PGD(ICT)BUET, M. Sc. (ICT) BUET Associate Professor, BIBM, Mirpur, Dhaka. Cell: 01556323244, Mail: alam_mr@yahoo.com Bangladesh Institute of Bank Management (BIBM) Dhaka, Bangladesh.

Total Branches

Total Advance (Crore Taka)

Total Deposit (Crore Taka)

Percentage of Total Deposit and Advance

Per Capita Advance and Deposit (Lac Tk.)

Branch Per 1,00,000 Population

Other Bank Customer Internet Branch Mobile PSTN POST Kiosk Branch ATM

Remote Backup and Restore Customer server(s) Disaster Recovery Center WAN Customer Firewall ViaRemote Platform Offsite Data Backup

At the end of 2017 The Ecosystem 57 Banks 150.7 Million Bank Accounts Accounts Per Adult: 3.25 Total Bank Branches: 9753 Mobile Phone Operator: 5 ADC Total Total Card 1,27,00,886 Internet Banking Account 17,42,423 Mobile Banking Agents 7,86,460 Mobile Banking Customers 5,87,87,627 Agents of Agent Banking 2,577 Agent Banking Customers 12,14,561 ATMs 9,522 POSTs 37,379 Source: Bangladesh Bank

Source: Bangladesh Bank Types of Transactions Number of Transactions (Crore) Volume of Transactions (Crore Taka) BACPS (Started on 07 Oct, 2010) 2.27 1612050 BEFTN (Started on 28 Feb, 2011) 1.32 87380 RTGS (Started on 29 Oct, 2015) 0.01 138780 NPSB (Started on 27 Dec, 2012) 0.3 4173.04 Total Card (Credit Card, Debit Card, etc.) 15.47 111280 Internet Banking 0.73 25390 Mobile Banking (Started on October, 2011) 147.06 177270 Agent Banking 0.17 2640 ATM 13.49 93910 POST 1.54 16570 E-Commerce 0.12 430 Total 182.48 2269873 Source: Bangladesh Bank

Total Number of Accounts in 2016 Accounts Type Number of Accounts Deposit Accounts 8,07,50,837 Advance 9,934,475 Mobile Banking 4,10,78,524 Share Croppers 3,75,000 SME 5,41,656 Farmers’ 90,43,859 No-Frills and Others 77,11,669 School Banking 12,57,270 Total 15,06,93,292

Volume of IT Transaction in Billion Taka

Index of Financial Inclusion (IFI)

IT Investment 2012-2017 (Crore) Total investment up to 2017 was estimated at Tk. 32,465 crore since 1968 (considering the installation of computer at Agrani Bank in 1968 which was the first installation of computer in the banking sector of Bangladesh). And in 2017, approximately, Tk. 2035 crore was invested on ICT processes in the banking segment, excluding central bank

Trends in Technology Adoption, 1998-2017

Total Number of Employees Per Branch

Total Number of Accounts (Deposit and Advance) Per Employee

Export Import and Remittance handling Per Employee (In Millions Tk.)

Total Accounts (Deposit and Advance) Per Branch

Total Income Per Employee ( In Lac Taka) 1975 1980 1985 1990 1995 2000 2005 2010 2015 CAGR SCBs 0.60 0.66 1.62 2.48 3.11 6.00 8.57 20.49 33.92 54.36 FCBS 1.26 3.59 11.84 18.08 34.75 75.59 79.84 83.77 146.52 43.24 PCBs - 2.37 4.23 4.70 12.58 24.89 47.84 61.29 59.13 SBs 0.53 1.00 1.81 2.45 1.43 5.08 6.66 18.17 15.09 35.39 Total 0.61 0.74 1.89 2.95 3.22 7.55 13.92 33.58 49.68 59.54 Total Expenditure Per Employee ( In Lac Taka) 1975 1980 1985 1990 1995 2000 2005 2010 2015 CAGR SCBs 0.47 0.57 1.40 2.54 2.93 5.69 6.76 14.31 27.96 53.41 FCBS 1.02 2.16 7.29 13.60 15.67 42.82 30.91 42.60 68.04 37.58 PCBs 2.07 4.03 4.14 9.48 17.98 29.74 46.16 55.77 SBs 0.39 0.73 1.65 2.32 3.21 4.56 7.07 17.36 18.29 41.01 Total 0.48 0.62 1.61 2.89 6.20 9.93 21.23 37.18 56.58 Profit PE 0.13 0.12 0.28 0.06 0.29 1.35 3.99 12.35 12.50 -

Net Profit Per Employee after Tax ( In Lac Taka)

Expenditure-Income Ratio

Currently we have 1.73 Lac Employees!   Total Transactions Transactions Per Employee (Branch Only) (Online and Branch) (Branch, Online and SMS) Transactions from Branch (Deposit, Advance and Others) 170.01 9,837.36 19,775.92 35,981.28 Online Transactions 167.51 SMS (Operations) SMS (Monthly and Yearly Balance) 120.40 Total 625.43 Currently we have 1.73 Lac Employees! To do the same amount of Transactions (Branch +Online) we need 9.86 Lac Employees Compared to Productivity of Employees of 1980 8.44 Lac Employees Compared to Productivity of Employees of 1990 To do the same amount of Transactions (Branch Only) we need 4.60 Lac Employees Compared to Productivity of Employees of 1980 4.02 Lac Employees Compared to Productivity of Employees of 1990

IT Security Technology (6%) Process (10%) Policies People (84%) Applications, Architecture, Infrastructure Roles and Responsibilities Culture and Attitudes Skills and Training Standards and Competence Procedures, Standards and Compliance

‘We Need Banking but No Banks’-Bill Gates Keeping Secrets Secret is the Biggest Challenge of the Cyber World!

Stunning Cybercrime Statistics The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. According to the Identity Theft Resource Center’s (ITRC) “ITRC Data Breach Report,” more than 29 million records were exposed According to the Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which queried 383 organizations that suffered at least one breach in 2016, the average cost per breach was $4 million. That figure rose to $7 million in the U.S. Forty-eight percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest. https://securityintelligence.com

Stunning Cybercrime Statistics 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password. Of the 1,000 IT leaders polled for Invincea’s “2016 Cyberthreat Defense Report,” three-quarters reported that their networks had been breached in the last year, and 62 percent said they expect to suffer a successful cyberattack at some point this year. According to the Verizon DBIR, 30 percent of phishing emails are actually opened, and 12 percent of those targeted click on the infecting link or attachment. An Osterman Research survey of 540 organizations in North America, the U.K. and Germany revealed that nearly half had sustained ransomware attacks in the last year.

Percentage of Financial Crimes Committed by the Involvement of Internal Employees Source: BIBM, PwC

Source: Wall Street Journal Causes of Data Loss “40% of all SMBs will go out of business, if they cannot get their data in the first 24 hours after a crisis.” -- Gartner Source: Wall Street Journal

Develop Hackers Don’t Put them into Jail! Min 45 to Max 300 Per Day! Attack Develop Hackers Don’t Put them into Jail!

Information Security Risk (% of Banks) 2012 2016 Very low: Very Good, Very High: Very Bad

Category of Fraudsters

Frauds in Banking

Full Database Backup Strategy Created Database and Performed Full Database Backup Full Database Backup Full Database Backup Sunday Monday Tuesday Data Log

Granting/Denying/Revoking Permissions to Allow Access User/Role SELECT Eva Ivan David public INSERT UPDATE DELETE User/Role SELECT Eva Ivan David public INSERT UPDATE DELETE User/Role SELECT Eva Ivan David public INSERT UPDATE DELETE

Multi-factor Authentication (MFA) Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); Something only the user is (e.g., biometric characteristic, such as a fingerprint).

Disaster What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Sample Disasters Natural Forces Fire Environmental Hazards Flood / Water Damage Extreme Weather Technical Failure Power Outage Equipment Failure Network Failure Software Failure Human Interference Criminal Act Human Error Loss of Users Explosions 18

Recovery process Manage RPO  Recovery point objectives RTO  Recovery time objectives ETTR  Elapsed time to recover Crisis Time Zero Status Restored Capture actual ETTR Emergency Response Mobilize Resources Restore Backups Restore Applications Roll Forward & ReSync

Historical Evidence on Impact of High Duration IT Outage The WTC bombing of 1993 450 companies 147 non-recoverable Majority out of business by 1994 The WTC disaster of 2001 800 companies 250 disaster declarations ~150 out of business by 2002 Natural Disasters 2004: four hurricanes in Florida 2005: Katrina, Rita, Wilma Gartner Inc: 93% of organizations that have experienced a significant data loss are out of business within five years. Most of the 170 disaster recoveries that SunGard has supported since 1978 have taken place in the last 10 years. Of those recoveries, 45 were for banks.

IT Governance (Key IT Role Players in Banks)

IT Budget Allocation: 2011-2017 (% of Total Budget)

IT Security Awareness of Employees'

IT Security Awareness of Customers'

Strategic Model Source: Eusebio and Hartmut

IT Compliance? Self/Own Central Bank (Bangladesh Bank) ISO (International Organization for Standardization) BS (British Standard)

Some Cases (SWIFT, ATM, Mobile Banking, Internet Banking, Banking Software) and What to Do? Don’t share your Password. Use Strong and Multiple Password. Change Password Regularly. Use Multi Factor Authentication and follow Segregation of Duties. Don’t open Unknown Mail and Don’t use personal mail in banks (Gmail, Yahoo, etc.). Check URL carefully while using Internet. Don’t share information by public media (Facebook, Twitter). Follow Guidelines of your bank. Be aware about BYOD, Phishing and Spoofing. Shutdown your computer, if not needed . Go offline immediately after any transaction by Internet. Don’t share your desktop for remote access. Increase employee and customers awareness. Read News Papers and watch IT programs on TV Monitor your operation.

Q & A Thanks for Patience Hearing Md. Mahbubur Rahman Alam   Md. Mahbubur Rahman Alam Associate Professor Bangladesh Institute of Bank Management (BIBM) Dhaka, Bangladesh.