close
Sunday December 22, 2024

Cyber security: Pakistan’s biggest weakness

By Ali Moeen Nawazish
May 18, 2017

I want to bring your attention to three major headlines over the past 7 or so months. 1) “Russian Hacking Involved in Helping Donald Trump’s Win.” 2) “French Presidential Candidate Marcon Campaign Emails Hacked.” 3. “New WannaCry ransomware Cripples Companies and Organisations Worldwide.”

What these three headlines tell you beyond anything else is that the world we live in has changed and it has changed fast. We all know that. We use computers more than we use another thing (your smartphone is also a computer). We store more things on computer systems and depend on them more than we depend on anything else in the world. What we don’t know is that these systems also make us increasingly vulnerable. We protect ourselves from thieves, we lock our doors. However, because these devices and systems are so new, that we haven’t completely learned to protect ourselves.

In the US presidential election and the French election, through hacking it is alleged that Russians leaked emails which made material difference to the outcome of elections. What matters is the data. In the past, when someone wanted to steal data, they would have to physically access files and copy them to get data. Now, in the world we live in you can be thousands of miles away, literally, the other side of earth, and get access to data. Data that is compromising and data that can influence people.

The WannaCry virus, which has made headlines all over the world, is a type of virus called ransomware. What ransomware does is it makes your data unreadable. It turns it into gibberish that only it knows how to decode. Then it asks you for money to decode it for you. The money is paid in bitcoins, a digital untraceable currency, kind of like cash which currently trades for 1,723 dollars for 1 bitcoin. The WannaCry virus can infect your computer if you open any email with a link to the virus, or through any software you can install. It is currently spreading at a rate of 5 million computers a day.

The key is to be careful with what emails you open. Always open emails that you know are from a trusted sender. Don’t open emails that sound too good to be true and don’t install software you don’t know where it is from. It is always worth it to invest in a good antivirus (software which removes harmful viruses from your computer), but there are many free anti-viruses available that can still protect you. It is also very important to update your computer regularly. Viruses or harmful software exploit security holes or weaknesses in your computer. Updates fix these weaknesses as they are discovered.

We store so much personal data, including photos, conversations and business data on computers and on the internet that we take the protection of this data for granted. Protecting this data is very important. It is the same as protecting ourselves.

But, the sad part is that it just doesn’t end here. While we store personal data on our computers and devices. It is not just us. Our government and various state institutions also make use of this data. While it is safe to assume that our sensitive agencies and organisations protect their data and take steps to ensure its integrity, it is not always true of most organisation.

For example, imagine if someone hacked the Islamabad or Punjab excise and taxation database. They could change ownership of cars or change tax liabilities. They could mark millions and billions in taxes paid without paying a single rupee. Imagine someone hacking into power stations and crippling electricity supply to millions of Pakistanis? Imagine enemy agencies getting access to logistics movements of country assets and sabotaging or intercepting movements? The possibilities are endless. That is what makes it scary and alarming.

Most of our state bodies still use emails on low security servers. There is no proper protection for passwords and no proper security of the data that holds key and vital information. What if someone breaches the NADRA database? What kind of havoc can someone create? What if someone hacks the ECL and adds or removes names from it?

The problem is not just prioritizing cyber security. The problem is in understanding it. Currently, very few people in our government understand the sensitivity and true scale of the problem. How we as a country are exposed and vulnerable? Not just our people but our state bodies too. We need to understand and prioritize cyber security at the highest level. I will write more about this and the various connected issues in the weeks ahead. However we need to learn, we must learn from these international crisis and incidents - we are vulnerable and the worst part is we aren’t doing anything to fix it.

The writer is a columnist for ‘The News’, and General Manager for Strategy and Innovation for Jang Media Group. He can be reached at am.nawazish@janggroup.com.pk