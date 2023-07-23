Sumon Ahmed Sabir, the chief technology officer of international internet gateway Fibre@Home, has voiced serious concerns over Bangladesh's cybersecurity framework after a data breach exposed the personal information of millions of citizens on a government website.
The leak, first reported by TechCrunch, included the full names, telephone numbers, email addresses, and national ID numbers of Bangladeshi citizens.
In an exclusive interview with bdnews24.com's 'Inside Out', Sabir stressed the gravity of the leak and its potential ramifications amid debates surrounding the potential risks facing individuals whose sensitive data has been compromised.
"Actually, the leak was there for quite some time," he said, highlighting the lack of security protocols on the website to prevent unauthorized access and data retrieval.
Sabir believes the data breach revealed a failure of the 'entire system' of cybersecurity protocols. According to him, when dealing with essential services and sensitive information, a robust security framework should be in place for the protection of the data itself and the people it affects.
This includes stringent measures for data storage, access control, and encryption to prevent unauthorised breaches, particularly when information, such as NID data, passes through multiple organisations, Sabir said.
He also called for proper training of personnel handling the data, as they must be well-versed in data sensitivity and security practices.
'A HARD LESSON'
Despite the fallout from high-profile cyber attacks, such as the Bangladesh Bank heist, Sabir believes that security measures are often not adequately implemented. These shortcomings, in turn, expose vulnerabilities in the system, leaving data and individuals at risk.
The implications are far-reaching as such data is utilised extensively for a myriad of activities, including opening bank accounts and accessing online services.
One of the potential consequences of the data falling into the wrong hands is that malicious actors can easily impersonate individuals, leading to identity theft and fraudulent activities, such as unauthorized credit card usage and unauthorized access to bank accounts, said Sabir.
The ramifications extend beyond individuals, as service providers offering digital services that rely on this information for authentication and identification purposes also face significant challenges to their security processes.
"So, it's a two-fold problem, one for the users and one for the service providers. So both parties should be a little bit careful on this so that nothing happens like that."
In light of a string of data breaches affecting banks and other organisations in recent years, Sabir believes it is high time that the authorities learn "a hard lesson" and implement the best practices of cybersecurity.