Cyber threat and security
Cyber security is the ability to protect or defend the use of cyberspace from cyber-attacks, according to the National Institute of Standards and Technology, USA.
Of late, in Bangladesh, the financial services industry, which is a vital component of a nation's critical infrastructure, is under persistent threat.
There has been burgeoning growth of internet users in the country. According to Bangladesh Telecommunication Regulatory Commission, the number of internet users almost doubled in the last two years. It shot up from 30.48 million in 2013 to 58.31 million in February 2016. With it, came an ardent need for in-built cyber security in IT and to make people more aware about the policies, standards and guidelines.
The emerging role of IT governance is to bridge the gap between control requirements, technical issues and business risks. The Governance Global Practice of the World Bank supports governments in improving access and quality of public services by developing integrated governance solutions to address service delivery problems in their local contexts.
Improving public services requires making policymakers, public servants, and service providers accountable to citizens, and promoting citizen engagement and trust in public institutions.
Recognising the interconnections between institutions, service delivery, and citizen trust and engagement is especially crucial in fragility, conflict and violence settings.
The organisations undergoing change management become the easy targets of cyber criminals. Since 2011, Bangladesh Bank was busy modernising its payment and settlement system. The overall banking functions of the central bank had been brought under automation by implementing the banking application package.
All the offices and departments of the BB had been brought under a computer network, connecting around 4,000 desktops/laptops by 2012. During the computerisation phase of the BB, it might be that the things were done out of hurry. The main thrust was on meeting the World Bank's deadline. It was not possible to pay much attention to the security details.
Usually, this transformation phase of computerisation and change management remains risk-prone, as hackers take this chance of transition. They know that three important gears like security, monitoring and control might be lacking at that stage. The IT security of the banking sector in Bangladesh is in a very precarious stage and, hence, there are chances of further attacks.
In the last couple of years, CTO Forum Bangladesh has been addressing these critical issues. So far, it has organised as many as 15 seminars on cyber security. Its pursuits to make people aware are on. It is going to organise a conference on security jointly with Bangladesh Institute of Bank Management this month.
Out of my 35 years of experience in IT, I have developed an impression that the organisations are never willing to invest in IT security until and unless they are targeted and fallen as victims. What is more important is to make the system bulletproof and to defend further attacks by raising awareness.
Creation of platforms for future cyber-security awareness raising efforts is important. Every day, in one way or the other, businesses are facing the threat of hacking -- phishing, ransomware, data breach and malware attacks.
In the country, there has been a dire need of a core group of professionals consistently working on cyber threat intelligence, data protection and encryption.
In Bangladesh, the overall situation now calls for a cyber-security legal framework and that of an IT skill framework. It has to be a thorough assessment of the cyber security capacity, taking into account the existing capacity, availability of relevant skills training and education institutes, security companies, IT industry representatives, associations, professionals and multi-stakeholders.
It is usually said that as ICT investment continues to grow, the cyber-security profile must also be increased at par in order to enhance the effectiveness of technological capacity.
To be holistic in its approach to leverage ICT, at this juncture, Digital Bangladesh has been trying new approaches, new innovations and new methodologies. These include, among others, the establishment of the digital connectivity project.
It is the highest priority project of the government and expansion of the government-wide network to its lowest tier is also important.
A survey from Security Lab has found that almost 73 percent of companies are relying on standard endpoint security-class solutions to protect their virtual environments, potentially leading to reduced performance and creating an excessive load on their systems.
About 34 percent of businesses remain unaware that specialised security products even exist. According to the findings of a recent survey, only 27 percent of companies use security solutions that are specifically adapted for virtual environments.
Of these, nearly half use agent-based solutions. Specialised agent-less and light-agent solutions are still uncommon, and are used in just 35 percent and 15 percent of cases respectively.
Kaspersky Lab is a privately owned entity operating in 200 countries, including Bangladesh. According to them, Bangladesh is one of the countries on the top hit list of impending cyber attacks.
Wire-transfer processes and other operations need constant screening. Clearly, the time demands for creation of a position of a cyber security officer (CSO) in financial entities, corporations, businesses, organisations and institutions. More than 80 percent of Bangladesh is now covered by wireless networks.
Now, as we make steps ahead, we make digital footprints. Bangladesh ranks 107 out of 139 in the Global Competitiveness Index, 115 out of 138 in the Networked Readiness Index (2011) and 134 out of 183 in the United Nations e-Government Survey 2010.
Finally, mobile, cloud computing, IoT (internet of things) and cognitive computing are expected to be the technologies that will shape the near future the most.
The author is the founder president of CTO Forum Bangladesh and can be reached at firstname.lastname@example.org.