Lax data security is a threat for us all

We're alarmed by the recent surge in cyberattacks and data breaches targeting government sites in Bangladesh. The latest incident to expose our woefully lax data security procedures is a leak of personal data of 50 million people from the state-run Office of the Registrar General, Birth & Death Registration (BDRIS). That's a massive number by any measure. While an investigation is underway to get to the bottom of the breach, the nature of the information disclosed – including birth dates and NID numbers – sends an ominous signal about its potential consequence should those fall in the wrong hands.

On Sunday, the state minister for post, telecommunications and information technology acknowledged the incident – about two weeks after it was discovered by a researcher from a South Africa-based cybersecurity firm – calling it a "great loss" for the state. He said the website in question was "fragile" and didn't have "minimum security". And despite being warned, responsible officials were negligent in following up on the threat intelligence, he added. We cannot say that we're surprised by this rather frank admission. In fact, one can say that the picture he drew of the "technical weaknesses" of one government website is not limited to it alone. It is a reality that the digital infrastructure of most public offices apparently shares.

The last few months have seen an alarming rise in data breaches and cyberattacks exploiting what we can only imagine to be such technical weaknesses. Our report on the latest development details a number of incidents, many apparently orchestrated by India-linked hackers, and the threat level of public websites. In March, for example, hackers demanded $5 million in ransom from Biman Bangladesh while holding 100 gigabytes of data hostage. As the government was unable to retrieve the data in time, a vast amount of financial, human resource, training and satellite communications information was leaked. Unfortunately, despite the heightened cyber threat facing government, military, financial and educational institutions, we seem still unprepared to rise to the challenge.

This must change. The BDRIS data breach is a wake-up call to the authorities to strengthen our cybersecurity. The repercussions of sensitive data being breached are far-reaching, as those can be exploited for malicious purposes. To mitigate the risk of future breaches, the government must adopt a multi-pronged approach to cybersecurity, investing in advanced threat detection systems and undertaking regular security audits of government websites/servers.