With the recent cyberattack on Federal Board of Revenue (FBR) database and a few such incidents of cybersecurity breach in the past couple of years, a debate has emerged over what stringent measures must be taken to ward off the threat in future.
In the new normal following the outbreak of Covid-19 pandemic around the world including Pakistan, which has prompted ordinary people as well as government officials to increasingly utilise online resources, cybersecurity and protection of online data has become all the more important.
Growing popularity of cryptocurrency among investors also underlines the need for steps to thwart cyberattacks in order to save people’s hard-earned money.
“Causing monetary damage of billions of dollars to the world economy, cybercrime has now become one of the major global concerns,” remarked Noman Ahmed Said, CEO of SI Global.
Moreover, the pandemic also increased the risk of cybercrime as Pakistanis had started using online facilities across the country, he said.
Owing to the growing threat, worldwide spending on cybersecurity is forecast to reach $133.7 billion in 2022. Pakistan is no exception and it has to spend significantly as well.
The federal cabinet has given the green signal to the National Cyber Security Policy 2021, under which a cybersecurity response framework would be created, he said.
The government has already established Cyber Governance Policy Committee for proper implementation of the new policy.
“Cyber space is an evolving subject for Pakistan as our reliance on digital systems increases and digital interactions become more and more intrinsic to everyday life. At the same time, our understanding of cybersecurity must increase as well,” commented Saquib Ahmed, Managing Director of SAP Pakistan.
“In recent months, we have seen a wave of cyber breaches both at the corporate and public levels, catalysed by the pandemic, as people increasingly tap digital platforms for everyday routine work,” Ahmed said.
“Cyber threat is a big reality in Pakistan, however, understanding such a threat is still not where we may want it to be,” he pointed out.
“From an awareness and competency point of view, I would consider this to be lagging behind,” said Affan Syed, Director Cloud and Network Solutions at Emumba, which provides services mainly to US-based companies.
“In our digitised world, it is of utmost importance that we take meticulous steps to protect our data,” cautioned Noman Ahmed Said. “With heavy involvement of phones and the internet digitising our spaces, we are now more vulnerable to attacks than ever before.”
He pointed out that lack of awareness was leading to serious security lapses and there were reports of critical databases being compromised. Similarly, large utilities were being targeted.
The only sector that focused on cybersecurity was the banking industry, however, that too was now under great pressure as end-consumers needed wider access to financial services from multiple and diversified endpoints, he said.
Lack of public care
“It seems that we are much more lax in data privacy; the feeling is not as strong as we see in the West,” remarked the SAP Pakistan MD.
There were many reasons for this and a major one was the tendency to still consider physical documents or identities as the primary resource for engaging in any formal activity, he said.
Saquib Ahmed said that people felt that their private information might not hold much value to others, however, a very fast-paced information or Internet of Things (IoT) revolution was taking place where not understanding privacy would mean opening the doors to others who would dictate what to do and what to see online.
“We can now see the government is moving in this direction by establishing multiple FIA cells and the National Response Centre for Cybercrime to counter the misuse of private data,” he said. “We also hope to see a swift approval and application of the new cybersecurity policy.”
Data theft and solutions
Criminals might take multiple actions – they could sell identities or accounts of people on the dark web, which might damage not just email or social media accounts but also reveal the banking credentials, resulting in financial losses, warned the SAP Pakistan MD.
Such theft could also lead to demand for critical personal and business information and only in the last one year such incidents increased exponentially, he pointed out.
Data privacy breach for any enterprise could lead to trade secrets being leaked, which could impact shareholders’ perception of a public company, said Affan Syed.
According to Noman Ahmed Said, five steps should be taken after a security breach.
First, don’t panic. If people react to a breach by panicking and reacting too quickly, they can make some costly mistakes. Second, contain the breach. Third, determine the severity of the breach. Fourth, notify the victims, and fifth, take precautions to prevent future breaches.
Cyberattack was one of the top 10 risks faced by almost all evaluators such as insurance companies, big consulting firms and global risk alliances, said the SAP Pakistan MD.
“We must make a conscious effort to understand and educate how threat actors are hitting organisations on a daily basis. There are multiple methods employed by hackers. In a couple of recent instances, we have seen even state-sponsored cyber criminals going after critical Pakistan government and private IT systems.”
In this backdrop, he emphasised, companies must impart training to their employees. Organisations must also invest in tools and technologies, which help prevent and identify such criminal activities as early as possible, as losing digital control of the business can bring it to a standstill or lead to bankruptcy.
“The predicted loss to be caused by cybercrime this year is estimated at $6 trillion globally,” said Affan Syed.
At the national level, cybersecurity should be made part of the dedicated IT curricula in colleges and universities, with focus on guarding the IT systems as a pillar of national and corporate security, he stressed.
“I feel we may be already late in our efforts, however, there is hope that with a dedicated push, we can bring our knowledge and systems on a par with global standards to safeguard our cyber space – where most of the future wars will be fought,” he said.
The writer is a staff correspondent
Published in The Express Tribune, August 30th, 2021.
Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.