Pakistan is looking for multibillion dollar funding from the World Bank after the Federal Board of Revenue’s (FBR) main data centre was subjected to a cyberattack. While the attempt was not successful this time, the incident only highlights the frequency with which our agencies are targeted. Clearly, there are always those on the hunt for certain gaps within our security system which make us an easy target. The government must rectify the situation and install rigid barriers that promote cyber security.
The FBR’s database contains vital information pertaining to transactions worth trillions of rupees, private information about the wealth of citizens and the financial records of businesses. Any successful infiltration, and the subsequent access to information, is a violation of the promise of security and privacy made to all the stakeholders involved. Furthermore, in the wrong hands, this data could be used to manipulate the government or individuals involved.
Already, Pakistan has had its fair share of cyberattacks. As recently as August 14, hackers were able to bypass the protection software used by the FBR and took over a fair percentage of the data. It was only after they started to alter the cyber environment that the authorities took notice. This points towards an ineffective surveillance and management system that must work more proactively considering the kind of sensitive information at stake.
Those within these institutions are failing to grasp the urgency of the situation entirely. In July, the Indian government was allegedly able to hack our system and tap the mobile phones of politicians, including PM Imran Khan. For an external country, particularly India, to be able to carry out such cybercrimes is a reflection of our own failings. The government must take action now before we have more grievances to voice.
More often than not, human error and lack of knowledge enables countless breaches of data. The solution is to automate the system by improving ICT infrastructure, providing digital education, frequent technological updates to the staff and limiting access to government agency accounts. Rather than engaging in damage control, prevention is the best strategy that the government must focus on.