BSEC issues cyber threat warning to bourses

Amid a myriad of cyber threats, the Bangladesh Securities and Exchange Commission (BSEC) has directed the stock exchanges to follow some guidelines to ensure security of their network infrastructure.

The suggested measures to combat cyber threats include 24/7 strict monitoring of user activity, deploying web application firewalls, implementing load balancer solutions, and more.

A team from the Bangladesh Computer Council of the ICT Division of the Ministry of Posts, Telecommunications and Information Technology issued situational alerts to spread awareness about the disruption of activities of the Critical Information Infrastructure (CII).

The CII is any government-declared external or virtual information infrastructure that controls, processes, circulates or preserves any information-data or electronic information. If this infrastructure is damaged or critically affected, the public safety or financial security or public health and national security or national integrity or sovereignty might get adversely affected.

The BSEC, Dhaka Stock Exchange (DSE), and Chittagong Stock Exchange (CSE) are in the CII list.

The stock market regulator's letter to the DSE in September this year stated that the computer incident response team of the posts and telecommunication ministry found various hacker groups that remain active and continuously engage in hacking activities such as distributed denial of service attack, web defacement, and ransomware and data theft.

The BSEC said in the letter, "It is imperative for us to be acutely aware of the state of our own infrastructure and diligently adhere to best practices regarding the issued alerts."

"In the light of this ongoing threat landscape and advice of the computer incident response team, we earnestly request all major capital market stakeholders to implement the suggested measures to fortify the security of their infrastructures," the letter reads.

In October last year, the ICT Division declared 29 organisations as 'critical information infrastructure' under the Digital Security Act for the safety of sensitive data under which any illegal access to computers, digital devices or networks is a punishable offence.