Shawdesh Desk:

Inadequate IT auditing in government organizations has left data stored with various public and private entities susceptible to cyber-security breaches, according to sources from the Computer Incident Response Team (CIRT) of the government.

The situation casts doubt on the effective enforcement of the Digital Security Act that identified 29 organisations as ‘critical information infrastructure’ last October.

Nearly a third of these critical entities have not undergone any IT audit since then, revealing systemic gaps in digital security management.

Only 17 organizations have managed to conduct a yearly tech audit, even as fears over data privacy resurface.

In early July, an alarming US report indicated that approximately 50 million citizens’ data had been leaked from the government’s birth and death registration website during the Eid holidays, exacerbating concerns over data protection.

In response to the tech audit query, BGD e-GOV CIRT Director Saiful Islam reassured the public, stating, “We conduct annual audits. From CIRT, we resumed the audit from July.” Notably, organizations like the Bangladesh Bank and the Election Commission have sought the services of private agencies for their audits.

Meanwhile, the Dhaka Metropolitan Police’s (DMP) counter-terrorism and transnational crime unit maintains constant vigilance against cybercrime through specialized divisions for cyber-security.

Talking to Daily Sun, Md Najmul Islam, DMP’s Additional Deputy Commissioner, said, “There is no vacuum for breaching the security system as our cyber-security division works hand-in-hand with the computer incident response team 24/7.”

The DMP’s cyber-security division has successfully conducted tech audits across all related police agencies, according to Najmul Islam.

“We observe that numerous state and non-state actors become active in cyber space, especially ahead of general elections. Hackers are always looking for gaps in time. We employ cutting-edge technologies to combat cybercrime,” explained Najmul, who has a cyber-security degree from the University of Birmingham.

The cyber-security division is leveraging modern networking tools such as the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) to fortify defenses. Additionally, Bangladesh Police is striving to align all its cyber assets in compliance with ISO2700:1, an international standard for information security.

However, technology experts warn that government and private organizations remain at risk due to a surveillance void in annual auditing.

“Most organizations lack guidelines on cyber-security or tech auditing. To bolster surveillance over security controls, all organizations, particularly those deemed critical information infrastructure, should undergo a comprehensive tech audit,” urged Sumon Ahmed Sabir, an executive council member at the Asia Pacific Network Information Centre (APNIC).

He emphasized that until every single entity is covered by a cyber-security audit, the information system remains vulnerable to data breaches.

Consequently, an urgent need exists for a more robust audit framework to ensure the safeguarding of both public and private sector data assets.