Cyber Security

Cyber security consists of technologies, processes and measures that are designed to protect systems, networks and data from cyber crimes. Effective cyber security reduces the risk of a cyber attack and protects entities, organizations and individuals from the deliberate exploitation of systems, networks and technologies.

Cyber security has never been simple and because attacks evolve every day as attackers become more inventive, it is critical to properly define cyber security and identify what constitutes good cyber security.

Cyber security is so important as year over year, the worldwide spend for cyber security continues to grow: 71.1 billion in 2014 (7.9% over 2013), and 75 billion in 2015 (4.7% from 2014) and expected to reach 101 billion by 2018. Organizations are starting to understand that malware is a publicly available commodity that makes it easy for anyone to become a cyber attacker, and even more companies offer security solutions that do little to defend against attacks. Cyber security demands focus and dedication.

Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization’s network. Its purpose is to defend those assets against all threat actors throughout the entire life cycle of a cyber attack.

Kill chains, zero-day attacks, ransomware, alert fatigue and budgetary constraints are just a few of the challenges that cyber security professionals face. Cyber security experts need a stronger understanding of these topics and many others, to be able to confront those challenges more effectively.

Vulnerabilities in Cyber Security of Bangladesh

In recent years, Bangladesh has become one of the most vulnerable countries in regard of cyber security. Cyber-attacks often took place, which caused loss of assets in very recent time. With the increasing number of internet users, the number of attacks ratio is also going up. According to the Kaspersky Security Bulletin 2015, Bangladesh is in the second position in the level of infection among all the countries. 69.55% unique users are in the highest risk of local virus infection in Bangladesh. 80% users are the victim of spam attack according to Trend Micro Global Spam Map. In a recent test of two hours that was run in Bangladesh Computer Council, total number of infected IP in Bangladesh was 34552.  IPs of renowned companies like Grameenphone, Banglalion, and Link 3 were also found in that list.

Cyber attacks are focused on higher value data. Locally, many hackers target Bangladeshi sites out of curiosity and give alerts about vulnerability of the system. Bangladesh faces a number of challenges in ensuring cyber security. To ensure cyber security, the government has taken various steps, including initiatives to frame a Digital Security Law.  –Zunaid Ahmed Palak, State Minister, ICT Division.

Here we have shortly described the cyber security vulnerabilities existing in some particular fields from the perspective of Bangladesh as well as across the whole world.

Banking Sector- Bank officials in Bangladesh are largely ‘ignorant’ about cyber security in financial institutions, a research by the Bangladesh Institute of Bank Management (BIBM) has revealed. Of the bank officials surveyed, some 28 percent were found ‘totally ignorant’ and another 20 percent ‘ignorant’. Only 20 percent respondents showed ‘some knowledge’ on the issue.

Online Banking- The online payment systems approved by the central bank in Bangladesh may face security threats unless a common internet platform is established between banks and merchants, as the experts think. The systems may take some more time to come to user level, as the required internet infrastructure is yet to be readied at merchant points to ensure secured transactions for customers.

According to some IT professionals, the security issue is critical to such transactions, as no regulatory system has so far been developed in Bangladesh to monitor internet services.

Social Media- Risks we face with social media are the same ones encountered by large organizations in our country. This shouldn't be too surprising. Even the largest company's social media presence is handled by a person or small group, with employees using social media in ways similar to us. Everyone faces similar concerns when they're interacting with others, including embarrassment, misrepresentation, losing data, or sensitive information falling into the wrong hands. The scale may be different, but they're accessing the same sites, using the same apps, and need protection from the same threats. When it comes to social media, we'll often find that the risks we usually face in our country fall into two categories: technology and the people using it. Technical problems can be dealt with by implementing proper security and having the right tools in place to handle any issues that arise in the context of Bangladesh. When it comes to people, we need to change their behav¬ior through policies, training, and communication. The user-generated problems of social media are diminished as a person learns what they should and should not do.

Mobile Applications- Government and private organizations of Bangladesh have started getting adopted to various web applications due to the easy accessibility. Services provided by web applications include online education, banking, reservation, shopping, resources, and information sharing. However the awareness of web application security has not been developed yet. No through study has been done on the existing vulnerabilities of these web applications of Bangladesh. 

Online Shopping- However, not all players are fair and there are frauds, spam websites, hackers, malicious elements etc unwanted activities reporting with same intensity on the web sphere of Bangladesh. Therefore, it is mandatory to take enough precautionary steps while doing online shopping in Bangladesh taking smart way of online shopping. 

Mobile Financial Service-Customers of the country’s different mobile financial services often become victims of fraud and harassment and lose money to scammers, who send masked SMSs (Short Message Service). By using masked SMS, fraudsters are able to send anonymous SMS to a mobile phone, but the recipient will see the name or number selected by the criminals instead of the original mobile number.

The issue of cyber security is especially important. The required security is essential in internet using as well as in its unrestricted access and for ensuring this essentiality, mass-awareness is also required along with the usage of ICT related products and services. But, it is quite difficult for an individual to execute. That's why a combined movement is necessary-Mustafa Jabbar, BASIS President  

Card Transaction- Security continues to be an issue in case of card transactions. POS and ATM deployment in rural areas is still low. There is a lack of dispute resolution and fraud management system in the NPSB. On the other hand, internet Bandwidth is still slow and relatively expensive, particularly in rural areas.

Google Drive- A privacy issue has recently been discovered in ‘Google Drive’ which could have led sensitive and personal information stored on the cloud service exposed to unauthorized parties. The security flaw has now patched by Google, but its discovery indicates that the vulnerability of cloud data when accessed via a link can allow “anyone who has the link” to access your private data without any further authentication. The security hole addressed a risk to files that included a clickable URL on user’s cloud file sharing service.

When someone opens the file and clicks on an embedded hyperlink, then they get sent to the website of a third-party website owner. Upon accessing this URL, unfortunately the external Internet user - an unauthorized party - could potentially access your sensitive information by accessing the original documents that included the URL.

Cloud Computing- The current discourse about cloud computing security issues makes a well-founded assessment of cloud computing security impact difficult for two primary reasons. First, as is true for many discussions about risk, basic vocabulary such as "risk," "threat," and "vulnerability" are often used as if they were interchangeable, without regard to their respective definitions. Second, not every issue that's raised is really specific to cloud computing. We can achieve an accurate understanding of the security issue "delta" that cloud computing really adds by analyzing how cloud computing influences each risk factor.

Consideration to Cyber Security

The whole universe is full of numbers of challenges and we have to face them each and every moment. Despite of confronting such challenges, still we survive and we have to. Currently, we belong to an age of technology and this technology world is not beyond challenges. On the contrary, numbers of critical challenges emerge rapidly. Today, getting over the cyber security vulnerabilities has become a huge challenge for humanity. There is hardly anything in this existing world without vulnerability. But, there exist some remedies of them too which are the means to challenge these vulnerabilities. So, in the context of cyber security vulnerabilities, let’s get into some safety measures for them-

Think before you connect- It is a simple step for online security. To follow this advice will be simple and effective for all. Just think before you get involved in internet and ensure security for you held position. Then think about your online activities and its output and get yourself involved.

It is all of our responsibility to remain secured in internet. It is really difficult for everyone to browse internet and practice cyber security measures. To secure yourself, you have to keep your home network and mobile devices secured. We all need to learn how to use internet more securely and with responsibility.

The government wants to fill the skill gap of its officials to deal with cyber security problems that have emerged as major concern not only for Bangladesh but also elsewhere in the world. It has now become inevitable to protect IT services, information and data as cybercrimes pose a serious threat to ensure uninterrupted services.   – Shyam Sunder Sikder , ICT Division

Cyber Security in Business Enterprises and Work Stations- Cyber security has to be ensured everywhere-in business enterprises or work stations, health services providers, educational institutions or government agency. It is really essential for us to develop such a culture where there will exist a joined-responsibility among all in the work stations. It is also essential to have planning for employees’ training, awareness, risk management and to prevent cyber attacks.  

Prediction over future internet- We have to keep an eye on our future through technology and identify the strategies of security, protection and confidentiality using latest technology, though it is difficult. Despite of this difficulty, we will need everyone’s contribution to balance the cyber world besides, developing inter-relationship of technology. Currently, modern city, connected health-service devices, digital records and latest vehicles-all are getting transformed into our new digital execution.  

Children in our country are getting affected by cyber crimes. We can’t overcome this crisis unless smartphone usage regulation is developed on the basis of age.  – Omar Farooq Khandaker, Secretary to ISACA Dhaka Chapter 

To build up career in Cyber Security- Economy and security are of the most risky issues in our country. We still lack of professional cyber security engineers to protect out spread network. We have to skill our next generation cyber security issues and utilize them as well. According to a research of Center for Cyber Safety and Education, USA, the world is likely to be in need of 1.8 million information-security officials within 2022. Besides, parents, teachers and the state of our country should be more aware to encourage our young generation to get involved in cyber security profession.   

To protect infrastructure from cyber threats- We are gradually being dependent upon internet for our public service oriented companies like of electricity, economy, transport system etc. Stability of these essential infrastructures is really effective for our national security. 

On the other hand, many of us sometimes usually click on something attractive seen in internet. Besides, we click on any new emails whether the email sender is familiar or not. In these emails, cyber criminals usually send malware or ransomware through attachment files, attractive images or videos. If we click on such emails or images, videos, our computers may get affected by these viruses. Due to this virus attack, our log in information along with our personal and other financial information also may get beyond our controls. So, we should be more careful before clicking on emails sent from new sources. Therefore, it would be comparatively safer to access the website directly where the link comes from rather than clicking on it.

Sometimes we get free WiFi access in some particular spots. But, anything free doesn’t mean safe. We should remain careful in that case. This is because the cyber criminals can easily hack your personal data through free WiFi. In case using free WiFi, we should not log in typing user ID and Password. Our important personal information will remain safe if we do so.

Cyber threats are rapidly growing along with the expansion of technology. The more the activities of Digital Bangladesh progress, the more cyber security has to be given importance- Kazi Mustafiz, Founder of Cyber Crime Awareness Foundation

Last Words

Basically, Cyber security is the ability to protect or defend the use of cyberspace from cyber-attacks. There has been burgeoning growth of internet users in the country. According to Bangladesh Telecommunication Regulatory Commission, the number of internet users almost doubled in the last two years. In Bangladesh, the overall situation now calls for a cyber-security legal framework and that of an IT skill framework. It has to be a thorough assessment of the cyber security capacity, taking into account the existing capacity, availability of relevant skills training and education institutes, security companies, IT industry representatives, associations, professionals and multi-stakeholders.

Total views: 10412