CIO Wall

Md. Anisur Rahman

Senior Executive Vice President & CIO - NCC Bank Ltd. - Bangladesh

CIO Perspectives

The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?

Cyber Security is always a top priority for the bank. During the pandemic, we were required to open our corporate network to provide uninterrupted customer support by enabling remote working. The Bank has ensured NAC with user authentication, separate firewall for VPN with MFA, endpoint security and need to know basis access to the systems with proper monitoring to ensure the security of remote working. Employee access to critical systems is role based and is controlled and monitored by a dedicated information security team. The Bank has also separate security solutions for the endpoints and servers. Moreover, the Bank only allows specific services from the server, network devices and firewall to safeguard the services with different OEM solutions to reduce the attack surface.

NCC Bank has increased the cyber security posture to prevent the cyber-attacks during the pandemic. In the process, the Bank has implemented extra security layer for ADC systems by segregation and segmentation in the network and access level with dedicated security solutions to minimize the attack surface area. The Bank has also implemented security solutions to manage and monitor the privilege access with MFA and UEBA, unusual activity monitoring in the system and network level. The Bank has a dedicated cyber security team to perform security assessment of the systems and applications to identify the security gaps and mitigate the gaps. Moreover, the Bank is in the process to implement the zero trust security by implementing never trust always verify, least privilege and default deny, full visibility and inspection and centralized security management to fight against the cyber-attacks.