Govt needs to formulate cyber security guidelines
The government needs to formulate cyber security guidelines immediately to secure the country's ongoing digitisation process, said Fahad Kabir, a cyber security expert.
The government should go for reforms as Bangladesh is under serious cyber security threats, he said.
Kabir, who works as a senior manager at the cyber risk services department of Ernst & Young in Canada, was in Dhaka recently to attend a cyber security related programme.
“The government should formulate guidelines and at the same time ensure that banks and other financial institutions are following those,” he said in an interview with The Daily Star.
Kabir, also an advisory director of a local cyber security and risk management company named Sure Next, said $400 billion is lost every year on average to cyber threats.
On the recent heist of Bangladesh Bank funds, Kabir said he has no comment on how it happened because there is a lot of speculation about it.
“But as I work on the issue, I can fundamentally say which groups of people did it. They have to hold the privileged IDs. There is no other way to open all the locks without the help of insiders.”
Here, Kabir has a suggestion -- the Bangladesh government should develop more resources locally.
“You shouldn't allow outsiders for your own security. It will never happen in the developing world. Canada will never allow US experts to work in their country on security issues.”
Kabir, who is an ex-cadet from Mirzapur Cadet College in Bangladesh, has been working on security issues in Canada for the last twelve years. The western world has already created a framework to deal with cyber threats; they have already developed their regulations and go for security audit every year, and Bangladeshi institutions will have to run security audits timely to enhance security, he said.
Kabir holds CISSP (Certified Information Systems Security Professional) and SABSA SCF (Security Architecture) certifications and earned his bachelor's degree in computer engineering from University of Toronto, Canada.
“Legislative changes are also needed.”
Legal experts need to understand the issues, he added. And for doing that, the government can run awareness programmes, Kabir said.
On security investments, he said, “If you feel shy to make a door with a hundred dollars, then your million dollars may be at risk.”
If business houses and banks do not secure themselves, their businesses will suffer, he added. “They need to understand this. The sooner they will understand, the better it will be.”
Kabir suggests businesses should initially invest 20 percent of their total operational cost, and this investment will gradually go down.
This expenditure may raise the cost of doing business, but companies have to think long-term, he added. “The number of sophisticated attackers is increasing. So, investment needs to go up.”
In the total attacks, 70 percent hackers are amateur. And sophisticated hackers even may not have any business interests, he added.
For Bangladesh, after banks and financial institutions, the power sector faces threats, he said.
If anyone can take control of the digital power network, it will create a chaotic situation, he added.
He said when anyone connects to a network, it means it opens doors to cyber threats; but it does not mean digitisation will stop.
As Bangladesh enters the digital map, it should ensure digital security to compete with the world market, he added.
Comments