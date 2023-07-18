

Cultivating knowledge, we must prep for Cyber security threats



The recent data leak from a government website has raised alarm bells, exposing sensitive personal information of countless citizens, including their full names, phone numbers, email addresses, and National Identification (NID) numbers. On July 7, TechCrunch, a global portal reported that a website belonging to the government of Bangladesh was leaking the personal information of the country's citizens, including full names, phone numbers, email addresses and national ID numbers. At the time, the portal didn't disclose which website in particular was leaking because the data was still accessible. Later the portal reported that the issue was with the Office of the Registrar General, Birth & Death Registration (BDRIS) website.



Viktor Markopoulos, a researcher who works for Bitcrack Cyber Security, found the data at the end of June, and then alerted CIRT(Cyber Incident Response Team). According to his estimate, the website leaked data on around 50 million Bangladeshi citizens. However, the Bangladesh government has responded to the incident quickly and the site was secured. To shed light on the factors contributing to such incidents, we must consider the following:

Responsibility: In large organizations, the lines of responsibility for data security can sometimes become blurred. It is crucial to clearly define who maintains and secures data to ensure that vulnerabilities are promptly identified and addressed.

Lack of Proper Knowledge: Organizations become more susceptible to attacks in the absence of a thorough understanding of potential cyber threats and the necessary protective measures. This lack of knowledge extends from top management, who need to fully comprehend the importance of cybersecurity, to IT staff, who require training in the latest security protocols.



Lack of Continuous Assessment: Cybersecurity is an ongoing process rather than a one-time event. Without regular assessments to identify and address vulnerabilities, an organization's defenses can become outdated, leaving them vulnerable to breaches. As threats evolve rapidly, security measures must keep pace.



Lack of quick response: The concerned government agencies must respond quickly to any authentic information on any kinds of hacking or leakages, which is undoubtedly necessary to mitigate as well as to evade worst conditions.



In an age where data is increasingly digital, proper management and protection of this data should be a top priority. Failing to accept this responsibility, not investing in knowledge and training, and neglecting regular assessments are pitfalls that can lead to serious breaches.



It is deeply concerning that the consequences of such breaches go beyond identity theft, financial fraud, and privacy invasion. They could facilitate attacks, compromise national security, and result in long-term reputational damage for the government.



According to the Department of Information and Communication Technology's Digital Security Agency, 14,627 IPs were targeted by cyber attacks in 2021, including prominent companies such as Beximco Group, Akiz Group, and Biman Bangladesh Airlines. The Bangladesh Bank Cyber Heist in 2016, where robbers were able to fly away with US $81 million, is considered the world's largest bank heist in modern history. Meanwhile, in March 2023, hackers seized 100 gigabytes of data from Biman Bangladesh, a state-owned airline, and reportedly demanded $5 million. Of course, Bangladesh is far from alone in struggling to plug online loopholes. In the biggest known breach so far, an estimated 3 billion Yahoo user accounts were affected.



However, the BDRIS leak is another wake-up call -- especially as Bangladesh strives to ramp up the digitalization of its economy, including banking.



During a press conference on August 22, 2022, the Honorable State Minister of the ICT Department, Zunaid Ahmed Palak, highlighted that the country's mobile operators' database, servers, and infrastructure had already been impacted. Mr. Palak stressed that protecting against cyber attacks is a joint responsibility of the government and the private sector, as no single country can handle this challenge independently.



The government of Bangladesh is taking action to strengthen the country's cybersecurity. They are spearheading an ambitious project called Cyber Threat Detection and Response, led by the Bangladesh Computer Council. This project demonstrates their commitment to combating the escalating cyber threats. The approach includes implementing robust defense systems, improving governance frameworks, and developing a skilled workforce, all contributing to a safer digital future for Bangladesh.



Additionally, the world of academia is stepping into the arena. Universities, such as Bangabandhu Sheikh Mujibur Rahman Digital University, are introducing cybersecurity degrees to their curricula. By equipping future generations with the knowledge and skills to counter the growing tide of cyber threats, they are playing a vital role in addressing the challenges ahead.



However, like any compelling story, there are hurdles that need to be overcome. A lack of awareness about cyber threats and some businesses disregarding cybersecurity pose significant challenges. We can say that our aim is not just to survive the storm but to navigate through it and come out stronger. Nowadays, a business ignoring cybersecurity is like leaving your front door wide open with a 'Welcome' sign for cybercriminals.



We emphasize the importance of a proactive approach to cybersecurity, which includes clearly defining responsibilities, educating all levels of the organization about cybersecurity, and conducting regular vulnerability assessments and penetration testing. We believe that these steps are the cornerstone of a robust cybersecurity strategy capable of preventing data breaches.



Nevertheless, Bangladesh is demonstrating resilience in the face of these challenges. With sector leaders, government support, and educational institutions stepping up to the plate, Bangladesh is ready to confront the cybersecurity threats of the digital age.



The writer is the founder of RedNode and an OSCE3 certified cybersecurity expert



