Framework for the mobilization of cyber security and risk mitigation of financial organizations in Bangladesh: a case study

Abstract

The aim of this research is to explore cyber threats and other key risks by which a financial organization in Bangladesh can be severely affected and find out the cyber attack impacts, cyber security challenges and the strategies to overcome the cyber risks. Besides, it suggests a framework by which an organization can safeguard its financial or customer data and money against cybercriminals. In order to prepare cyber security, organizations must understand how attacks can progress, which critical factors to look out for or challenges might face in order to establish cyber security, how to develop a counteractive strategy, decide who will carry out which actions. Then, organizations need to practice, monitor and refine the cyber strategic services or plans regularly to protect from or mitigate the cyber risks considerably.

This thesis is based on both qualitative and quantitative research methodology. A part of the report looks into the details of cyber threats, kind of cyber attacks, challenges in building cyber security and a complete cyber security framework (layers of protection, risk assessment and risk mitigation). The research suggests that a financial organization should be aware of cyber threats, potential impact of any cyber attacks, the challenges to establish cyber security and the safeguards or protective measures that need to be taken in order to reduce the cyber risks.

The author used a survey among IT officials from different financial organizations in Bangladesh to determine the most common cyber attacks which are spam, malware and phishing. Business Disruption, Data Loss and Financial Loss are the biggest impacts after a successful attack. Invest in new Technology is the best strategy for the reduction of Cyber risk suggested by the survey. Survey suggests that lack of implementation of a cyber security policy and lack of employee & customer awareness are the most critical challenges in establishing cyber security. The ISM (Interpretive Structural Modeling) and MicMac analysis reveals that lack of implementation of a cyber security policy and challenge in Law enforcement and legislation are the most influent for the failure of cyber security implementation.

It is important to mention that in addition to employ the standard cyber security policy and follow the Bangladesh bank ICT guidelines or NIST framework for the cyber security management, organizations should acquire industry-standard certifications like ISO-27001 & 27002: ISMS which provides best practice and recommendations for information security management. Overall, the findings, recommendations and suggestions of this research study can be beneficial for every financial organization in the globe specially Bangladesh who wants to defend against cyber threats.