26 C
Dhaka
Wednesday, December 7, 2022

The Future issues of Cybersecurity in Bangladesh

Cybersecurity education is a problem that must be addressed from the top down. Despite rising cybersecurity expenditures and self-assessed the maturity in South Asia and Pacific organizations over the previous year, just 52% of Bangladeshi companies surveyed believe their board genuinely understands cybersecurity.

The top two threats of concern for APJ organizations are addressable by ongoing education and awareness campaigns: phishing or ransomware attacks, and weak or compromised employee credentials.

Survey respondents say the key cybersecurity challenges organizations in Bangladesh face are ransomware, phishing, and data breaches. The trends in Bangladesh match global trends, including the worldwide surge in ransomware attacks. Various reports claim that businesses globally lost an average of $8,500 per hour as a result of ransomware-related downtime.

“With ransomware attacks continuing to become more complex organizations need a genuine, actionable cybersecurity education program. The current reactionary tendencies we’re seeing have created an ‘attack, change, attack, change …’ cycle regarding cybersecurity strategies, which is putting cybersecurity teams constantly on the backfoot. Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organizations,”

The single biggest obstacle to improving cybersecurity posture is a lack of budget, the survey shows. Other key obstacles include a lack of skilled workers and a lack of support from the management. The skills shortage is still wreaking havoc. Fifty-one percent of Bangladeshi  IT companies questioned expect some difficulty finding cybersecurity workers in the next 24 months. Fifty one percent anticipate a significant obstacle. With recruiting continuing to pose issues, companies have identified the priority areas they feel skills and capabilities need to be increased for internal security specialists. These include: Cloud security policies and architecture
‘Train the trainer’ employee and executive cybersecurity training skills
Software vulnerability testing
Staying up to date with the latest threats
Policy compliance and reporting

Cybersecurity professionals’ top frustrations
The survey also highlights that cybersecurity professionals face challenges and frustrations in their roles, most of which are related to awareness, perception, messaging, and education. The top three frustrations in Bangladesh are:

1. Cybersecurity is frequently relegated in priority

2. There is not enough budget for security

3. Executives assume cybersecurity is easy and cybersecurity personnel over exaggerate threats and issues

Additional frustrations experienced by cybersecurity professionals across the region include:

1. Executives thinking there is nothing that can be done to stop attacks

2. Inability to keep up with the pace of security threats

3. Not enough investment and time into training general staff

“Cybersecurity professionals continue to face many frustrations in their roles this year, with many feeling their warnings and messages fall on deaf ears. Apart from lacking skilled security specialists, many of the other frustrations are directly addressable through education and awareness programs, starting at the executive and board level. The challenge for cybersecurity professionals faced with low levels of security understanding among company boards is that many are unlikely to invest in the necessary programs to alleviate these frustrations

“Increasing spending on cybersecurity won’t help unless organizations understand from the top down the true nature and critical threat that cyberattacks constitute to their organizational capabilities, their customers and their own existence.”

Cybersecurity education must become a focus. The following is a five-step approach to help bring organizations up to speed on cybersecurity education:

1. Boards need help to understand it’s impossible to protect everything, and learn to prioritize the most critical information, data, and systems to protect.

2. Education courses on basic principles, the genuine likelihood of an attack, attack vectors, threat actors, and other terminology should be available to all staff.

3. Once basics are clearly defined, organizations need to develop strategies and integrate them with digital transformation programs.

4. The focus then becomes more operational in nature: applying legislation, breach response protocol, ransom payment policy, gap assessments, and future roles and obligations.

5. Businesses need to clearly understand compliance, the regulatory environment under which the business operates, what’s legally required when breached and what are the appropriate controls around data security and management.

Not many Bangladesh enterprises are cloud mature. If institutions want to improve the user experience, cloud adoption is no longer an option – it’s a must-have. More than 60% of organizations in the survey said they either did not know or could not show return on investment to the board. Practitioners should be able to show return on security investments to the business as only then will the management value security decisions and allocate more budget.

The nation’s National CIRT and the central bank have taken the lead by releasing revised IT security guidelines for institutions, requiring organizations to develop an actionable cybersecurity road map that’s approved and monitored by management. Key steps organizations need to take include:

  1. Go beyond a focus on compliance. In Bangladesh, government regulations drive many security decisions. A proactive defense strategy is essential. Experts recommend adopting the Security Access Service Edge, or SASE, model to build an aggressive defense strategy.
  2. Give cybersecurity-related decision-making power to the CISO. Organizations need to give their CISOs the power to make decisions on their security strategies as well as lead incident response efforts. Ideally, CISOs should report to the board rather than the CIO, because security is not only an IT function but also a risk function and the board can relate to risks appropriately.
  3. Implement secure software development best practices. Organizations in all sectors need to adopt secure software development best practices, such as secure coding and code review, when using agile development methods and DevSecOps practices.
  4. Continue the shift to the cloud. COVID-19 has fueled cloud adoption to support the remote workforce. Close to 35% of enterprises are in the process of making a shift to the cloud, and the chances of other enterprises following suit are good. But adoption of the zero trust model to help ensure security in the shift to the cloud is essential.
  5. Adopt the “security as a service” model. According to a research report from MarketsandMarkets, the global market for MSSPs will grow from $24.05 billion in 2018 to $47.65 billion by 2023. The security as a service model enables organizations with limited budgets to gain 24/7 security coverage supported by skilled professionals and advanced tools.
  6. Build awareness-raising programs. The BGD e-GOV CIRT designs awareness campaigns and publishes relevant information. Unfortunately, these programs have not gained much traction. An information-sharing platform as part of a global community forum would help in enhancing practitioners’ cybersecurity skills.
Tamim Ahmed

Related Articles

Cyber-Security-and-Outer-space

Cyber Security and Outer space security, A tale of two realms.

0
The functioning of a large portion of the world's essential infrastructure depends substantially on space, more especially, space-based assets. Communication, air travel, maritime trade,...
Puneet Gupta, Executive Director and Country Head – India & SAARC at Virsec

Why banking and financial organizations need to adopt a deterministic approach towards threat protection

0
Banking and financial institutions are a threat actor’s sweet spot. For one, these enterprises have a vast spread of applications that are in various...
Dr. Mir Masoom Ali

TECHNOLOGICAL TRANSFORMATION IS SO RAPID THAT IT IS DIFFICULT TO PREDICT WHAT THE WORLD...

0
Dr. Mir Masoom Ali, a Bangladeshi-American, is considered as one of the top statisticians in the globe. He is a Fellow of the American...
Rezaul Hossin

DIGITAL BANKING-The Way Forward for Bangladesh

0
Chinese people identified us (Bangladeshi people) as “Manjala” – meaning low and flat land people. This is one of the major benefits of our...