Tech & Startup

2014 Sonali bank hacking should have been a wake-up call: NCSA DG

abu_sayed_kamruzzaman
The panelists at the conference discussed various aspects of cybersecurity including ransomware, cost-effective measurements, risk assessment, threat modeling, fault tolerance, redundancy and load balancing among other topics. Image: Courtesy.

The Director General of the National Cyber Security Agency (NCSA), Abu Sayed Md. Kamruzzaman, has expressed regret over the missed opportunity to strengthen cybersecurity in Bangladesh following the hacking of Sonali Bank in 2014. Speaking at the "Pre-Cyber Drill Conference 2025," held on 15 January at the Krishibid Institution Bangladesh (KIB) in Dhaka, Kamruzzaman highlighted the consequences of that incident.

"If we had been more aware about cybersecurity after the hacking incident of Sonali Bank in 2014, maybe, just maybe, we could have prevented the hacking incident of Bangladesh Bank in 2016," he said. Kamruzzaman urged stakeholders to treat cybersecurity threats with greater urgency and implement robust measures to avoid similar breaches in the future. "Many CTOs failed to make their CEOs understand the pressing issue of cybersecurity as it does not give direct benefit against the investment for the companies," he added.

The event, organised by AGS Quality Action Limited, a cybersecurity penetration testing laboratory, served as a platform to discuss preventive strategies against cyberattacks. The conference also acted as a precursor to the "1st Agile Cyber Drill-2025". Scheduled for 26 February, the drill will engage corporate entities, microfinance institutions (MFIs), IT service providers, and other organisations in a comprehensive exercise to assess their preparedness for cyber risks.

During his address, Kamruzzaman also called on the Bangladesh Association of Software and Information Services (BASIS) to prioritise practical training initiatives over promotional programmes. "BASIS should spend more money on organising these kinds of drills rather than programs. I request them to circulate their funds to arrange competitions so that we can train students for them to join the workforce," he said.

Congratulating AGS Quality Action Limited for taking the initiative to organise this event, Kamruzzaman added, "Cyber drill has been arranged for the last 3 years from government initiative through BGD e-GOV CIRT project though having many difficulties."

The panelists at the conference discussed various aspects of cybersecurity including ransomware, cost-effective measurements, risk assessment, threat modeling, fault tolerance, redundancy and load balancing among other topics. 

Fahad Zaman Chowdhury, Joint Director (ICT) at Bangladesh Bank, also a panelist at the conference urged the importance of security awareness training, technical security training, phishing simulations, and social engineering awareness for all levels of employees regardless of experience. According to Fahad, regular security assessments, vulnerability management, incident response planning, and continuous monitoring, and alerting are essential for continuous improvement.

"Data protection and privacy regulations like the GDPR are applicable for European countries but if we follow a similar level of security layers, it would also benefit us in case of security," said Fahad. He also added, "Bangladesh Bank has its own ICT security guidelines. Any organisation can follow those guidelines to improve their cybersecurity."

Guests present at the conference included Chief Guest Shish Haider Chowdhury, Secretary of the ICT Division, along with key officials such as Md. Anwarul Alam, Additional Secretary and Director General of the Bangladesh Accreditation Board (BAB), and Dr. Muhammed Mehedi Hassan, Executive Director of the Bangladesh Computer Council (BCC). Representatives from the Bangladesh Association of Software and Information Services (BASIS), Bangladesh Association of Contact Center and Outsourcing (BACCO), Bangladesh Bank (BB), and Bangladesh Computer Society (BCS) were also present in the conference.

Technical partners for the upcoming cyber drill include the Bangladesh Computer Society and the CTF platform managed by BGD e-GOV CIRT under the ICT Ministry. The drill will involve 150 professional cybersecurity engineers who will support participating organisations in conducting the exercises, as per a press release.

The "1st Agile Cyber Drill-2025" will be held as an online day-long event on 26 February, with an awards ceremony scheduled for 9 March. Participating organisations will also receive cybersecurity penetration testing services on 10 March.

Comments

2014 Sonali bank hacking should have been a wake-up call: NCSA DG

abu_sayed_kamruzzaman
The panelists at the conference discussed various aspects of cybersecurity including ransomware, cost-effective measurements, risk assessment, threat modeling, fault tolerance, redundancy and load balancing among other topics. Image: Courtesy.

The Director General of the National Cyber Security Agency (NCSA), Abu Sayed Md. Kamruzzaman, has expressed regret over the missed opportunity to strengthen cybersecurity in Bangladesh following the hacking of Sonali Bank in 2014. Speaking at the "Pre-Cyber Drill Conference 2025," held on 15 January at the Krishibid Institution Bangladesh (KIB) in Dhaka, Kamruzzaman highlighted the consequences of that incident.

"If we had been more aware about cybersecurity after the hacking incident of Sonali Bank in 2014, maybe, just maybe, we could have prevented the hacking incident of Bangladesh Bank in 2016," he said. Kamruzzaman urged stakeholders to treat cybersecurity threats with greater urgency and implement robust measures to avoid similar breaches in the future. "Many CTOs failed to make their CEOs understand the pressing issue of cybersecurity as it does not give direct benefit against the investment for the companies," he added.

The event, organised by AGS Quality Action Limited, a cybersecurity penetration testing laboratory, served as a platform to discuss preventive strategies against cyberattacks. The conference also acted as a precursor to the "1st Agile Cyber Drill-2025". Scheduled for 26 February, the drill will engage corporate entities, microfinance institutions (MFIs), IT service providers, and other organisations in a comprehensive exercise to assess their preparedness for cyber risks.

During his address, Kamruzzaman also called on the Bangladesh Association of Software and Information Services (BASIS) to prioritise practical training initiatives over promotional programmes. "BASIS should spend more money on organising these kinds of drills rather than programs. I request them to circulate their funds to arrange competitions so that we can train students for them to join the workforce," he said.

Congratulating AGS Quality Action Limited for taking the initiative to organise this event, Kamruzzaman added, "Cyber drill has been arranged for the last 3 years from government initiative through BGD e-GOV CIRT project though having many difficulties."

The panelists at the conference discussed various aspects of cybersecurity including ransomware, cost-effective measurements, risk assessment, threat modeling, fault tolerance, redundancy and load balancing among other topics. 

Fahad Zaman Chowdhury, Joint Director (ICT) at Bangladesh Bank, also a panelist at the conference urged the importance of security awareness training, technical security training, phishing simulations, and social engineering awareness for all levels of employees regardless of experience. According to Fahad, regular security assessments, vulnerability management, incident response planning, and continuous monitoring, and alerting are essential for continuous improvement.

"Data protection and privacy regulations like the GDPR are applicable for European countries but if we follow a similar level of security layers, it would also benefit us in case of security," said Fahad. He also added, "Bangladesh Bank has its own ICT security guidelines. Any organisation can follow those guidelines to improve their cybersecurity."

Guests present at the conference included Chief Guest Shish Haider Chowdhury, Secretary of the ICT Division, along with key officials such as Md. Anwarul Alam, Additional Secretary and Director General of the Bangladesh Accreditation Board (BAB), and Dr. Muhammed Mehedi Hassan, Executive Director of the Bangladesh Computer Council (BCC). Representatives from the Bangladesh Association of Software and Information Services (BASIS), Bangladesh Association of Contact Center and Outsourcing (BACCO), Bangladesh Bank (BB), and Bangladesh Computer Society (BCS) were also present in the conference.

Technical partners for the upcoming cyber drill include the Bangladesh Computer Society and the CTF platform managed by BGD e-GOV CIRT under the ICT Ministry. The drill will involve 150 professional cybersecurity engineers who will support participating organisations in conducting the exercises, as per a press release.

The "1st Agile Cyber Drill-2025" will be held as an online day-long event on 26 February, with an awards ceremony scheduled for 9 March. Participating organisations will also receive cybersecurity penetration testing services on 10 March.

Comments