-Riffat Ahmed and Khaled Khan
A few decades ago, the Internet was first perceived as a luxury commodity enjoyed by a few in Bangladesh. Slowly, this perception was changed, and the Internet was viewed in the same way as water and electricity services in our homes. A vast number of the population in Bangladesh currently is using IT-related devices. In 2019, the total number of mobile phone subscriptions in Bangladesh was 165.57 million as reported by Statistica.com on Oct. 29, 2020. Apart from mobile phone users, a significant number of the population regularly uses other computing devices such as laptop, tab and desktop. As more individuals are connected to the Internet, an increasing number of devices become the targets for exploitation by adversaries. Users of devises are becoming vulnerable too. It is highly likely that most users do not have the opportunity to become cyber security-aware, and this is alarming for individuals, organizations they are associated with as well as the nation. Bangladesh is a developing country and has limited resources, but these should not prevent the nation from turning its vast population into cyber security-aware.
The term cyber security defines the protection of IT-related devices and information against deliberate malicious activities. Cyber attacks to personal devices can have far-reaching consequences such as losing money, wealth, identity, disruption of business, even threats to national security. IBM’s Cyber Security Intelligence Index report shows that 95% of all cyber security incidents involve human ignorance, preventable error, behavioral weakness, and negligence. Undoubtedly, humans are smart living devices, but they can be influenced through the sciences of motivational behavior. Attackers provoke exploitable errors of victims and manipulate weaknesses in their behavior to steal sensitive information or disrupt services.
Currently, the most significant threats are social engineering and phishing; both are behavior-related. In phishing, victims are lured by email to click on an attachment or a website link that appear genuine, but that is actually designed to steal sensitive information of the victim. Deception, of various kinds, is another serious threat to cyberspace, often called social engineering.Attackers call or send email the victim under a false pretext, usually pretending to be an authorized person to steal confidential information. Social engineering uses deception, persuasive messages, pretexting, authoritative language, fear tactics, along with time-pressure to lure victims. Psychological manipulation is the primary weapon in social engineering and phishing attacks. It is easier to launch such attacks by attackers but harder for us to stop them with available technical means.
The global Wanna Cry ransomware attack in 2017 demonstrated that cyber attackers often launch attacks against vulnerable targets such as poorly cyber security-aware individuals and organizations. In cyber security chain, humans are the weakest link. Cyber criminals are using sophisticated non-technical means to by-pass our technological defences. All it takes is one email from the attacker and one click from us on a malicious link, and it’s game over! To protect our huge population against such attacks, we do need a different solution.
According to the media reports, new threats and vulnerabilities are emerging all the time, and we can no longer rely entirely on technological protections to keep ourselves safe. Cyber security threats posed to a large population of Bangladesh cannot be tackled with technical solutions alone because the human element plays a significant role in cyber security these days. Technical solutions to cyber-attacks often disregard even sometimes ignore our tendencies of self-preservation, cognitive and perception biases which could often lead to incorrect assessment of security threats.
Security of devices depends much on the general knowledge and perception of the user about security risk and threats. Cyber security awareness can change, even improve these perceptions and knowledge. The general population is the first line of defence of a nation against cyber crime; therefore, the population must be reasonably equipped with the necessary knowledge they need to protect their computing and mobile devices. In this context, we propose launching a national initiative augmented with a cyber security awareness program for masses. It is essential to continuously make the population aware of new threats by initiating cyber security campaigns at the national level. Mass awareness is a vital component of countering cyber security issues, in particular against phishing and social engineering attacks. It is crucial that the population should know what-to-do, and more importantly, what-not-to-do with their devices and the Internet concerning security. A cyber security awareness initiative at the national level is the best way to educate the population of a culture of security-first.
To achieve a cyber security-aware Bangladesh, we can offer open online lightweight awareness program, aided with short videos with realistic scenarios, game-based materials, phishing simulation, animation and graphics. The program contents should ensure that individuals find the materials exciting and easy-to-understand, regardless of their educational background. The program can offer everyone in Bangladesh the key concepts and knowledge needed to understand the fundamentals of cyber security, which is indispensable for everyone with an IT device. The program does not require any prior knowledge in any subject or any educational program. The awareness program will include practical-oriented basic concepts of cyber security such as information confidentiality, integrity, privacy, common social engineering tactics, recognizing malware, password management, mobile device protection, common security threats, phishing, Internet security, and cyber laws of Bangladesh. Most of the materials should be presented in non-textual forms, namely using animation, graphics, mini-drama clip, fun-games, etc. The delivery of such programs could be made through non-centralized organisations such as schools and institutes.
The entire initiative should be an ongoing process and conducted at regular intervals throughout the year to keep the awareness campaign active. To create a culture of cyber security awareness, Bangladesh can launch a cyber security day every year as a broad effort to help all Bangladeshis stay safer and more secure online. The program should be developed in such a way that the population in Bangladesh should not be called “the weakest link” in the cyber security chain any more.
An awareness program is expected to provide our population with basic knowledge of the potential threats to their devices, and how to avoid situations that might put their information as well as devices at risk. The Government of Bangladesh will have every reason to be proud of initiating such a program and leading the nation by contributing to building a cyber security-aware nation. The population equipped with basic cyber security knowledge would take Bangladesh as a nation to a new height. People from every sphere of life taking this program will contribute to the cyber security awareness of Bangladesh. The program will have a significant impact on society, business, workplace, and nation. People would be able to contribute positively in their workplace as well as in their personal life if they are cyber security-aware. Perhaps we will never be able to build complete practical secure systems; however, we can at least learn how to adapt and live with cyber security threats if we are cyber security-aware.
Riffat Ahmed is the Chairperson of Siddiqui's International School, Treasurer of Bangladesh English Medium School Forum and a Psychology graduate from the University of Dhaka
Dr. Khaled Khan is an academic with an interest in computer security, history, and civilization. He regularly writes on these topics. He currently teaches cyber security at Qatar University