The world has now become truly a borderless territory with the rapid growth of Information and Communication Technology (ICT) in every sector of social and economic life. While the developed countries are very much concerned regarding ICT modernization and cybersecurity yet surprisingly most of the developing countries like Bangladesh are unaware of the maturity of their ICT use and the risk of cybercrimes. Cyber Security is a security system to protect computing devices and computer networks where important data are stored, retrieved, and interchanged against any kind of attack or intersection. Cyber Security includes application security, network & infrastructure security, data security & privacy, disaster recovery or planning, operational security, and, so on. All over the world most organizations and enterprises are using computers, cloud and many systems, servers, and devices. All the data which belong to that companies are saved in the database. They are supposed to be seen only by the employees and other members who are related to that organization. Sometimes they have to send their secret data from one place to another over the internet. Here professionals are engaged in the art of secret communication; i.e., have developed mechanisms to ensure that confidential information is not leaked to unauthorized parties. The more people are trying to access any program or system in an unauthorized way, the more information and data need to be saved in a secure and protected way. Cybercrime is a byproduct of the ever-increasing development in the areas of information and communication technology (ICT). The attackers mainly attack the confidential data of the organizations or personal information thereof. The most targeted organizations are banks, hospitals, financial institutions, government offices, police stations, research and development (R&D) organizations, and other telecommunication firms, etc.
The cyber trends of 2022 in Bangladesh match global trends, including the worldwide surge in ransomware attacks. Various reports claim that businesses globally lost an average of $8,500 per hour as a result of ransomware-related downtime.
COVID-19 has fueled cloud adoption to support the remote workforce. Close to 35% of enterprises are in the process of making a shift to the cloud, and the chances of other enterprises following suit are good. But adoption of the zero trust model to help ensure security in the shift to the cloud is essential. Also due to the pandemic, organizations were fighting with survival issues and had to run in a cost-efficient way. So big investment in cyber security was not a profitable choice at the moment. Also, Manufacturing was impacted enormously by the pandemic.
Later this year, banks reduced LC opening due to a dollar price hike. All these factors reduced the import of security products. Due to lack of investment in cyber security banks and other big organizations, and government offices faced an increased amount of cyberattacks such as DDoS attacks, ransomware attacks, etc.
We have also faced geopolitical effects on the cyber landscape. Following the start of the Russia-Ukraine war, we’ve seen a significant rise in hacktivism. Researchers found that out of a total of 57,116 DDoS attacks discovered in 2022, the majority seemed to be politically motivated.
The key cybersecurity challenges organizations in Bangladesh face are ransomware, DDoS attack, phishing, and data breaches.
Predicting the cyber image of 2023 is not a very hard task. Experts can clearly anticipate that 2023 will bring more evolved ransomware, a push toward stronger cybersecurity within organizations, and many other trends, some extrapolated, others novel.
Ransomware will continue to be an issue. Cybersecurity teams need to focus not on the flashiest ransomware activity, but on the real risk likelihood from issues that ransomware and other attacks exploit. Attackers will continue to find novel approaches for infiltrating organizations and malware may not always be what it appears to be.
Geopolitics will continue to play a part in cyberattacks. MIT Technology Review believes that cyber operations against Ukraine from Russian government-affiliated hacker groups will continue. Miles Hutchinson, Jumio CISO, says that he believes that more foreign governments will bring third-party hackers into their employment to target other nations. In the coming year, we can expect to see military groups around the world increasingly rely on expert hackers to attack other nation’s critical infrastructure and private business operations. To defend themselves against politically motivated cyberattacks, both government agencies and private sector organizations will need to deploy robust network defense tools that can detect suspicious activity and vulnerabilities.
The Security as a Service model will be on the rise in 2023. According to a research report from MarketsandMarkets, the global market for MSSPs will grow from $24.05 billion in 2018 to $47.65 billion by 2023. The security as a service model enables organizations with limited budgets to gain 24/7 security coverage supported by skilled professionals and advanced tools.
The uncertainty regarding the dollar hike and LC opening is expected to become stable as international loans are being sanctioned which is supposed to normalize the economic environment of the country. Thus increased manufacturing and import will enhance investments in cyber security. As a result, banks and other sectors will buy more security products such as SIEM, PAM, Firewall, etc. Organizations will opt for international certification such as ISO 27001:2013, PCI DSS, etc. If the country’s economy becomes stable, the number of new local service providers will increase and the scope of local and international business related to cyber will enhance.
To address the security talent shortage, organizations will adopt automated security tools, which will offer cost efficiencies. But managing these tools requires specialized skills. While automation may solve the current security skills gap, it may create another one by requiring a level of specialization that many security workers don’t currently have. So the need of skilled cyber professionals will increase all over the world. To enhance the capability of cyber professionals and of newcomers, BGD e-GOV CIRT is arranging cyber drill programs regularly and participation in these programs will increase gradually.
Cybercriminals will diversify their dark web infrastructure in the coming year. It is expected to see more diversification in the dark web infrastructure that cybercriminals use next year. So dark web monitoring for data breaches affecting our organizations is critical to preventing hackers from using exposed data to move into our systems.
Companies will focus on the assurance of Data Privacy to prevent sensitive information from being captured or stolen by ransomware attackers. Also, Artificial intelligence and machine learning are anticipated to become models of automation in data privacy such as network Behavior Analysis (NBA), etc.
The current cyber-attack trend in Bangladesh demands prompt attention for creating and maintaining robust and workable cyber security strategy to keep our cyberspace safe and secure against any potential cyber-attack. Our country’s economic capacity, availability of skills, and resources need to be considered. The government has prioritized this and invested a lot in the ICT sector. But a strong cyber security strategy is yet to be established and put into action in our country. Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organizations.
The government of Bangladesh through ICT Ministry and BGD e-GOV CIRT has taken various initiatives to confine the people risk regarding cyber issues of the country to a minimum level through educating the citizen and professionals by designing awareness campaigns and publishing relevant information and holding nation wide cyber drill programs. These programs are gaining momentum gradually and people are becoming more aware of cyber crimes and best cyber practices. But these initiatives should also be introduced in granular level such as schools, colleges, and other organizations and everyone should be encouraged to educate themselves with cyber security knowledge to avail the full benefit of these implantations.
Writer: Md. Faisal Hossain; Chief Information Security Officer (CISO); Mercantile Bank Limited