Bangladesh Bank has issued a cybersecurity alert warning of a possible major attack targeting banks, financial institutions, and digital payment service providers across the country.
On Wednesday (30 July), the central bank’s Information and Communications Technology (ICT) Department circulated an official letter outlining the threat.
According to the notice, the country’s critical information infrastructure (CII), banking and financial sectors, healthcare, and both government and private organisations are at heightened risk of cyberattacks in the coming days. The warning is based on intelligence gathered from multiple reliable sources.
In response, banks, financial institutions and payment service providers have been instructed to urgently implement robust cybersecurity measures.
Security Directives
Bangladesh Bank has directed the institutions concerned to immediately adopt the following fourteen precautionary measures:
Regularly update servers, databases, and IT systems.
Close unnecessary ports and ensure access is strictly permission-based.
Maintain routine data backup and restoration in line with the 3-2-1 backup strategy.
Enforce encryption for all data transfers, storage, and processing.
Introduce multi-factor authentication (MFA) across all critical systems.
Strengthen monitoring by deploying advanced security tools.
Keep Endpoint Detection and Response (EDR) systems, antivirus, and other protective software up to date and effective.
Prepare an incident response plan and a dedicated specialist team to counter potential attacks.
Monitor suspicious logins, file modifications, or external connections, and notify the authorities when necessary.
Review and control remote access, VPNs, and privileged accounts on a regular basis.
Report any signs of cyberattack immediately to Bangladesh Bank.
Ensure adequate staffing for 24/7 security monitoring centres.
Use load balancers and maintain contingency plans to preserve system capacity and resilience.
Update and implement the organisation’s Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
Purpose of the Measures
The central bank emphasised that these measures are intended to:
Prevent potential cyberattacks
Minimise damage should an attack occur
Ensure swift and effective response to emerging threats
Distribution of the Notice
The directive was sent to the chief executive officers of all scheduled banks, financial institutions, and payment service providers.
Bangladesh Bank has urged all organisations to act without delay in implementing the measures, warning that failure to ensure adequate cyber protection could lead to serious disruptions to the country’s financial system.