Cybersecurity Threats and Vulnerabilities

A news report caught my attention the other day about a cyberattack on Biman Bangladesh's email server. The attackers reportedly demanded a ransom and threatened to release compromised data if their demands were not met. However, the airline's authorities have denied these allegations and have assured that the situation was swiftly contained as it was just a regular malware attack.

Cyberattacks have become increasingly common in Bangladesh, with several high-profile incidents reported in recent years. In 2016, hackers stole $81 million from the country's central bank in what was one of the largest cyberattacks in history. A 2021 survey by Kaspersky ranked Bangladesh as the sixth most at-risk country for local infections and the top country for Trojan virus attacks. According to The Financial Express, around 240 government organizations and commercial banks have recently been targeted by coordinated cyberattacks.

No matter what the attack is, cyberattacks are a growing threat to organizations of all sizes, and even major companies are not immune. Local businesses are particularly vulnerable, and it's crucial for everyone to take basic cybersecurity measures seriously. This includes being cautious about clicking on unknown links, downloading from trusted sources, and not sharing personal information online. For on-premises systems, it's essential to invest in proper anti-ransomware software, keep software up to date, and maintain robust internet security protocols.

Although on-premise devices are very susceptible to hacking and cyber-attacks, the case is a little relaxed with cloud computing. Hyperscalers and big cloud providers have achieved enterprise-grade cloud world load protection from breaches, data leaks, and targeted attacks in the cloud environment. AWS, Azure, and GCP have strong security and protection layers since most of their data is encrypted and heavily watched over. Cloud platforms can be secure if they are designed and configured correctly. However, no system can be completely secure, and there is always a risk of a security breach or vulnerability.

Cloud platform providers typically invest heavily in security measures and have teams dedicated to monitoring and improving security. They also provide tools and features to help customers manage their own security, such as access controls, encryption, and logging.

However, it is important to note that security is a shared responsibility between the cloud platform provider and the customer. Customers must also take steps to ensure the security of their data and applications in the cloud, such as implementing strong passwords, regularly updating software and applications, and monitoring for unauthorized access.

Cloud service providers (CSPs) offer varying degrees of control over cloud deployments, but many organizations lack adequate security measures, leaving them vulnerable to cyber threats. According to IBM, misconfigured servers are responsible for 86% of compromised records. If the user is not careful with their passwords and credentials and if end-point security (e.g., on laptops and PCs) isn't ensured then there will always be a risk of the devices being infected no matter how intense the cloud security is.

That’s why implementing strong security measures is crucial to protect cloud data. This includes adopting the principle of least privilege, using a password manager, properly configuring accounts, embracing two-factor authentication, implementing encryption in the cloud, controlling access for third-party apps, educating yourself on best practices, and regularly backing up cloud data.

In the face of a growing number of cyber threats, businesses must prioritize cybersecurity to safeguard their sensitive data and intellectual property. This requires implementing strong security measures, such as firewalls, antivirus software, and intrusion detection systems, as well as regularly monitoring and updating these measures to ensure they remain effective. With a robust cybersecurity strategy in place, organizations can maintain the trust of their stakeholders and avoid the financial and reputational damage that comes with a data breach.