Are we just sitting ducks for the hackers?
Worrying details about digital data security – or the shocking lack thereof – in different government organisations have been coming out over the past week or so, making us wonder whether the authorities really appreciate the importance of cybersecurity. Most recently, a report published by Prothom Alo has revealed the extent to which a number of government websites and servers are vulnerable to breaches. Even calling it a "breach" may be a stretch, as a simple Google search by anyone can apparently bring up personal details of citizens stored on some websites! This is not just a grave security concern, it is also a gross violation of privacy.
The above report mentioned one instance of fraud caused by such digital vulnerability. In 2022, a number of government officials who received grants from the Bangladesh Employees Welfare Board (BEWB) were duped by fraudsters, who stole money from their banks. The fraudsters were able to do that because those officials' personal information was openly listed on the BEWB website. We are unable to understand how, in this day and age, no one involved with the maintenance of the BEWB website thought of this possibility.
There's more. On July 9 this year, this daily reported a massive leak of personal information from the Office of the Registrar General, Birth & Death Registration (BDRIS). A few days later, it again reported that the infamous ransomware group BlackCat had hacked into the Bangladesh Krishi Bank's server in June, and downloaded 170GB data including financial records as well as employees' passport and NID information. In both cases, when the organisations concerned were warned about the breaches, they reportedly ignored them. This surely cannot be the attitude of government offices and authorities in charge of the safety and well-being of citizens.
With the increased digitalisation of our lives, the risk of cybercrimes is only bound to increase. Professionals dealing with digital data management and security should be able to anticipate all possible security risks and prepare accordingly. While we recognise the government's efforts to digitalise its services, we must reiterate that since this requires storing personal information of citizens, the government websites and servers ought to be equipped with adequate security measures so that the data stays protected. To stop any potential leaks, IT experts have also advised the Election Commission to monitor all its partners who avail services from the NID server round the clock. The bottom line is, the authorities across the public system should employ preventive measures so that no breaches and leaks take place in the first place.