You are here
Home > Tech > Security > DEVELOPING LOCAL RESOURCES IS THE KEY IN CYBER SECURITY

DEVELOPING LOCAL RESOURCES IS THE KEY IN CYBER SECURITY

Among many seminars held at the Softexpo in February the issue of security was clearly among the most highlighted. This has good reasons too. With the IT systems worldwide gasping to keep up with the technological advances and by extension advances in hacking mechanisms, the threat of cyber security breach has long ceased to be theoretical.

BASIS, the organiser of Softexpo, also felt the need to initiate discussion on the subject as was apparent from the numerous seminars arranged during the fair to put a hard focus on digital security. Held on February 2, the second day of the four day-long fair, a session on “Addressing Cyber security from global and local perspectives” featured a panel of professionals and academics in the field.

Held in the Green View seminar hall at Bangabandhu International Conference Centre, Syed Almas Kabir, former Senior Vice President and current Director of BASIS, moderated the session. The panelists included Shahzada Redwan, CTO of SSLWireless, Omar Farooq Khandakar, Head of IT, Eastern Bank Ltd. Professor Em Pannah, associate professor at University of Maryland, Tapan Kanti Sarker, President CTO Forum, and Professor Mohammad Mahfuzul Islam, Head of the Department of Computer Science and Engineering, BUET.

The panel discussion started with the keynote speech from Shahzada Redwan, the CTO of SSL Wireless, which also sponsored the panel discussion. Redwan started his speech by raising the question how prepared Bangladesh is for potential security breaches. “Recent Bangladesh Bank heist has proven that we are not at all prepared to counter cyber attacks coming from global actors. Then we had one of the largest ATM Skimming from six ATM booths at three banks, which again proved that we are not prepared to counter such attacks coming from even local actors,” he said.

Redwan noted that Bangladesh still lacks strong cyber security laws. “Even compared to India, our cyber security laws are quite immature. Although we are rallying around the concept of Digital Bangladesh but when it comes to formulation of policies and laws regarding cyber security, we are again far behind. We do not have any data privacy laws in practice which could mean our private data can be leaked or exploited by cyber criminals having no fear of punishments,” Redwan said.

He also emphasized on the importance of Vulnerability Assessment (VA) and Penetration Testing (PT) saying “In my last 10 years of experience of meeting so many clients and customers, I have seen a great lack of awareness regarding software vulnerabilities.” Redwan ended his keynote speech saying that local organisations like banks need to acquire cyber security visibility. “Even in the case of Bangladesh Bank heist, all the activities of the hackers have been logged in their different IT assets and they had cyber security visibility, they could have detected them long ago and taken proactive measures to protect themselves,” he said.

Professor Mohammad Mahfuzul Islam said that the world has advanced immensely in IT security. Bangladesh does not necessarily lack the physical resources but suffer from a lack of appropriate policy, he said. Professor Islam related a humorous personal anecdote, where he went to visit a college in 1992 and the principal at that college showed him newly acquired computers wrapped up in covers to “save them from virus.” “The situation has not changed much since then in terms of understanding what kinds of policy we need,” he added.

One of the main problems that still remains, said Professor Islam, is problem in database designing. “All the big systems we are running here locally lack proper database design. Security is not like buying a software and then it is solved. I recently visited a bank to review its security policy. All they did was that they added a few points with the Bangladesh Bank guideline. You cannot call that a policy,” said Professor Islam.

“Since the Prime Minister announced her plan for a digital Bangladesh we have improved a lot in IT. However we invested a lot in hardware development. In contrast we haven’t invested a lot in software development,” Professor Islam added.

Syed Almas Kabir asked Tapan Kanti Sarker what extent the local banks are prepared to prevent local as well as global hacking.

Responding to the question the president of CTO Forum said “Our banks do not distinguish between IT and security. Banks still do not have separate department for security. It is thought of as part of the IT department. We have been urging from the CTO Forum to create the post for a chief security officer, just like there is a CTO and CEO in all banks.”

“Bangladesh Bank has mandated that every bank must have an IT policy. As Mahfuz bhai said, it hasn’t happened. I know for a fact that about eighty percent of the banks only added a few things to the Bangladesh Bank guideline,” Sarker said.

“Banks tend to think that they have a cyber security firewall and that will protect them. What we need most is that everyone concerned, starting from the board members, must commit to ensuring security. Even a small vulnerability can cause damaging attacks,” he added.

“And from the global perspective, it’s not just us who are open to threats. The whole world is going through a cyber security alert,” said Sarker. He cited incidents in the Philippines and other places where data breach occurred and emphasized on developing the tools necessary for detecting vulnerability.

Syed Almas Kabir commented that one of the Bangladeshi laws, which require banking data must be kept within the geographical boundaries of Bangladesh, limits us to use cloud servers located outside, such as Singapore. But, he said, there is bit of a contradiction in policy because foreign security experts are consulted for ensuring security. Kabir asked Omar Farooq Khandakar why there is a mentality to rely on foreign resources so much.

Syed Almas Kabir commented that one of the Bangladeshi laws, which require banking data must be kept within the geographical boundaries of Bangladesh, limits us to use cloud servers located outside, such as Singapore. But, he said, there is bit of a contradiction in policy because foreign security experts are consulted for ensuring security. Kabir asked Omar Farooq Khandakar why there is a mentality to rely on foreign resources so much.

“We also need proper laws as well as proper implementation. Technology is nothing without the people. You have to have the right human resource to be able to use the technology, which is a tool and not the solution itself,” he added.

“There has to be law in place to compel the board of directors to ensure security. If the law says that the board of directors will be responsible, then you will see a change,” said Omar Farooq
Khandaker.

Dr Em Pannah, who recently moved to Bangladesh from the US and signed memorandum with the Dhaka University to teach cyber security there, said that he intends to help create cyber security resources so that in future Bangladesh can export cyber security to foreign countries. “As a part of this, I have founded cyber security centre in Banasri. I have rented a six thousand square feet space and I am going to offer twelve courses on cyber security there,” Dr Pannah informed the audience.

“IT and information security must be separated. America has done it, Canada has done it and other western countries did it. Previously there was only a CIO or Chief Information Officer position in those countries. But in the last five or seven years, a new position has been created and it is titled CISO or Chief Information Security Officer. And they have completely separated security from IT operation, so that CISO can independently implement security,” he added.

All speakers acknowledged the necessity for building institutions that can provide ethical hacking services. They also unanimously stressed on developing human resources and making careful policy planning. With a room full of audience staying for the full two hour length of the program the panel discussion ended with a short question and answer session and participants were given a gift bag containing notebook and t-shirt from SSL Wireless.

 

 

Leave a Reply

Top

Click Here To Buy Magazine 


Connected with us