1. IT Security Awareness Md. Mahbubur Rahman Alam
Presented By
Md. Mahbubur Rahman Alam
B. Sc. (Statistics) Dhaka University M. Sc. (Econometrics) Dhaka University PGD(ICT)BUET, M. Sc. (ICT) BUET Associate Professor, BIBM, Mirpur, Dhaka. Cell: , Mail:
Bangladesh Institute of Bank Management (BIBM)
Dhaka, Bangladesh.

2. Total Branches

3. Total Advance (Crore Taka)

4. Total Deposit (Crore Taka)

5. Percentage of Total Deposit and Advance

6. Per Capita Advance and Deposit (Lac Tk.)

7. Branch Per 1,00,000 Population

8. Other Bank
Customer
Internet
Branch
Mobile
PSTN
POST
Kiosk
Branch
ATM

9. Remote Backup and Restore
Customer server(s)
Disaster Recovery Center
WAN
Customer Firewall
ViaRemote Platform
Offsite Data Backup

10. At the end of 2017 The Ecosystem 57 Banks 150.7 Million Bank Accounts
Accounts Per Adult: 3.25
Total Bank Branches: 9753
Mobile Phone Operator: 5
ADC
Total
Total Card
1,27,00,886
Internet Banking Account
17,42,423
Mobile Banking Agents
7,86,460
Mobile Banking Customers
5,87,87,627
Agents of Agent Banking
2,577
Agent Banking Customers
12,14,561
ATMs
9,522
POSTs
37,379
Source: Bangladesh Bank

11. Source: Bangladesh Bank
Types of Transactions
Number of Transactions (Crore)
Volume of Transactions
(Crore Taka)
BACPS (Started on 07 Oct, 2010)
2.27
BEFTN (Started on 28 Feb, 2011)
1.32
87380
RTGS (Started on 29 Oct, 2015)
0.01
138780
NPSB (Started on 27 Dec, 2012)
0.3
Total Card (Credit Card, Debit Card, etc.)
15.47
111280
Internet Banking
0.73
25390
Mobile Banking (Started on October, 2011)
147.06
177270
Agent Banking
0.17
2640
ATM
13.49
93910
POST
1.54
16570
E-Commerce
0.12
430
Total
182.48
Source: Bangladesh Bank

12. Total Number of Accounts in 2016
Accounts Type
Number of Accounts
Deposit Accounts
8,07,50,837
Advance
9,934,475
Mobile Banking
4,10,78,524
Share Croppers
3,75,000
SME
5,41,656
Farmers’
90,43,859
No-Frills and Others
77,11,669
School Banking
12,57,270
Total
15,06,93,292

13. Volume of IT Transaction in Billion Taka

14. Index of Financial Inclusion (IFI)

15. IT Investment 2012-2017 (Crore)
Total investment up to 2017 was estimated at Tk. 32,465 crore since 1968 (considering the installation of computer at Agrani Bank in 1968 which was the first installation of computer in the banking sector of Bangladesh). And in 2017, approximately, Tk crore was invested on ICT processes in the banking segment, excluding central bank

16. Trends in Technology Adoption, 1998-2017

17. Total Number of Employees Per Branch

18. Total Number of Accounts (Deposit and Advance) Per Employee

19. Export Import and Remittance handling Per Employee (In Millions Tk.)

20. Total Accounts (Deposit and Advance) Per Branch

21. Total Income Per Employee ( In Lac Taka)
1975
1980
1985
1990
1995
2000
2005
2010
2015
CAGR
SCBs
0.60
0.66
1.62
2.48
3.11
6.00
8.57
20.49
33.92
54.36
FCBS
1.26
3.59
11.84
18.08
34.75
75.59
79.84
83.77
146.52
43.24
PCBs -
2.37
4.23
4.70
12.58
24.89
47.84
61.29
59.13
SBs
0.53
1.00
1.81
2.45
1.43
5.08
6.66
18.17
15.09
35.39
Total
0.61
0.74
1.89
2.95
3.22
7.55
13.92
33.58
49.68
59.54
Total Expenditure Per Employee ( In Lac Taka)
1975
1980
1985
1990
1995
2000
2005
2010
2015
CAGR
SCBs
0.47
0.57
1.40
2.54
2.93
5.69
6.76
14.31
27.96
53.41
FCBS
1.02
2.16
7.29
13.60
15.67
42.82
30.91
42.60
68.04
37.58
PCBs
2.07
4.03
4.14
9.48
17.98
29.74
46.16
55.77
SBs
0.39
0.73
1.65
2.32
3.21
4.56
7.07
17.36
18.29
41.01
Total
0.48
0.62
1.61
2.89
6.20
9.93
21.23
37.18
56.58
Profit PE
0.13
0.12
0.28
0.06
0.29
1.35
3.99
12.35
12.50 -

22. Net Profit Per Employee after Tax ( In Lac Taka)

23. Expenditure-Income Ratio

24. Currently we have 1.73 Lac Employees!
Total Transactions
Transactions Per Employee
(Branch Only)
(Online and Branch)
(Branch, Online and SMS)
Transactions from Branch
(Deposit, Advance and Others)
170.01
9,837.36
19,775.92
35,981.28
Online Transactions
167.51
SMS (Operations)
SMS (Monthly and Yearly Balance)
120.40
Total
625.43
Currently we have 1.73 Lac Employees!
To do the same amount of Transactions (Branch +Online) we need
9.86 Lac Employees Compared to Productivity of Employees of 1980
8.44 Lac Employees Compared to Productivity of Employees of 1990
To do the same amount of Transactions (Branch Only) we need
4.60 Lac Employees Compared to Productivity of Employees of 1980
4.02 Lac Employees Compared to Productivity of Employees of 1990

25. IT Security Technology (6%) Process (10%) Policies People (84%)
Applications, Architecture,
Infrastructure
Roles and Responsibilities
Culture and Attitudes
Skills and Training
Standards and Competence
Procedures, Standards and Compliance

26. ‘We Need Banking but No Banks’-Bill Gates
Keeping Secrets Secret is the Biggest Challenge of the Cyber World!

27. Stunning Cybercrime Statistics
The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion.
According to the Identity Theft Resource Center’s (ITRC) “ITRC Data Breach Report,” more than 29 million records were exposed
According to the Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which queried 383 organizations that suffered at least one breach in 2016, the average cost per breach was $4 million. That figure rose to $7 million in the U.S.
Forty-eight percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

28. Stunning Cybercrime Statistics
60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.
Of the 1,000 IT leaders polled for Invincea’s “2016 Cyberthreat Defense Report,” three-quarters reported that their networks had been breached in the last year, and 62 percent said they expect to suffer a successful cyberattack at some point this year.
According to the Verizon DBIR, 30 percent of phishing s are actually opened, and 12 percent of those targeted click on the infecting link or attachment.
An Osterman Research survey of 540 organizations in North America, the U.K. and Germany revealed that nearly half had sustained ransomware attacks in the last year.

40. Percentage of Financial Crimes Committed by the Involvement of Internal Employees
Source: BIBM, PwC

41. Source: Wall Street Journal
Causes of Data Loss
“40% of all SMBs will go out of business, if they cannot get their data in the first 24 hours after a crisis.”
-- Gartner
Source: Wall Street Journal

42. Develop Hackers Don’t Put them into Jail!
Min 45 to Max 300 Per Day!
Attack
Develop Hackers Don’t Put them into Jail!

43. Information Security Risk (% of Banks)
2012
2016
Very low: Very Good, Very High: Very Bad

44. Category of Fraudsters

45. Frauds in Banking

46. Full Database Backup Strategy
Created Database and Performed Full Database Backup
Full Database Backup
Full Database Backup
Sunday
Monday
Tuesday
Data
Log

47. Granting/Denying/Revoking Permissions to Allow Access
User/Role
SELECT
Eva
Ivan
David
public
INSERT
UPDATE
DELETE
User/Role
SELECT
Eva
Ivan
David
public
INSERT
UPDATE
DELETE
User/Role
SELECT
Eva
Ivan
David
public
INSERT
UPDATE
DELETE

48. Multi-factor Authentication (MFA)
Something only the user knows (e.g., password, PIN, pattern);
Something only the user has (e.g., ATM card, smart card, mobile phone);
Something only the user is (e.g., biometric characteristic, such as a fingerprint).

49. Disaster What is a Disaster?
Any unplanned event that requires immediate redeployment of limited resources
Sample Disasters
Natural Forces
Fire
Environmental Hazards
Flood / Water Damage
Extreme Weather
Technical Failure
Power Outage
Equipment Failure
Network Failure
Software Failure
Human Interference
Criminal Act
Human Error
Loss of Users
Explosions 18

50. Recovery process Manage RPO  Recovery point objectives
RTO  Recovery time objectives
ETTR  Elapsed time to recover
Crisis
Time Zero
Status
Restored
Capture actual ETTR
Emergency
Response
Mobilize
Resources
Restore
Backups
Restore
Applications
Roll Forward
& ReSync

51. Historical Evidence on Impact of High Duration IT Outage
The WTC bombing of 1993
450 companies
147 non-recoverable
Majority out of business by 1994
The WTC disaster of 2001
800 companies
250 disaster declarations
~150 out of business by 2002
Natural Disasters
2004: four hurricanes in Florida
2005: Katrina, Rita, Wilma
Gartner Inc: 93% of organizations that have experienced a significant data loss are out of business within five years.
Most of the 170 disaster recoveries that SunGard has supported since 1978 have taken place in the last 10 years. Of those recoveries, 45 were for banks.

52. IT Governance (Key IT Role Players in Banks)

53. IT Budget Allocation: 2011-2017
(% of Total Budget)

54. IT Security Awareness of Employees'

55. IT Security Awareness of Customers'

57. Strategic Model
Source: Eusebio and Hartmut

58. IT Compliance? Self/Own Central Bank (Bangladesh Bank)
ISO (International Organization for Standardization)
BS (British Standard)

59. Some Cases (SWIFT, ATM, Mobile Banking, Internet Banking, Banking Software)
and What to Do?
Don’t share your Password. Use Strong and Multiple Password. Change Password Regularly.
Use Multi Factor Authentication and follow Segregation of Duties.
Don’t open Unknown Mail and Don’t use personal mail in banks (Gmail, Yahoo, etc.).
Check URL carefully while using Internet.
Don’t share information by public media (Facebook, Twitter).
Follow Guidelines of your bank.
Be aware about BYOD, Phishing and Spoofing.
Shutdown your computer, if not needed . Go offline immediately after any transaction by Internet.
Don’t share your desktop for remote access.
Increase employee and customers awareness.
Read News Papers and watch IT programs on TV
Monitor your operation.

60. Q & A Thanks for Patience Hearing Md. Mahbubur Rahman Alam
Md. Mahbubur Rahman Alam
Associate Professor
Bangladesh Institute of Bank Management (BIBM)
Dhaka, Bangladesh.