Bangladesh Innovation Conclave hosted the Grameenphone Presents Bangladesh Cyber Security Summit Powered by Link3 Technologies and IDEA Foundation in association with bKash Limited and in collaboration with Smart Bangladesh Network on March 05, 2024 (Tuesday) at Le Méridien Dhaka. Organised by Bangladesh Brand Forum, the day-long summit brought together the country’s top Cyber Security and Tech Professionals from Corporate, Development, Technology, Banking & Finance Sectors, Government Employees, Policy Representatives and many more Cyber Security enthusiasts at home and abroad.

This year, the Summit is designed around the core vision of “Cyber Resilience for Bangladesh,” to explore the different cyber security challenges and opportunities of Bangladesh and provide a platform for critical dialogue and collaboration among government entities, industry leaders, cybersecurity experts, and stakeholders invested in Bangladesh’s digital future.

Zunaid Ahmed Palak, MP, State Minister of Posts, Telecommunications, and Information Technology for the Government of the People’s Republic of Bangladesh, honoured the event as the Chief Guest. MD. Abul Kalam Azad, MP, Vice Chairman, iDEA Foundation; Co-Chairman, Smart Bangladesh Network; and Former Principal Secretary for the Government of the People’s Republic of Bangladesh, also graced the event as the Special Guest.

The summit featured an engaging agenda comprising 04 Keynote Sessions, 02 Panel Discussions, 04 Insight Sessions, 01 Case Study, and 01 Policy Dialogue. The distinguished discussions have raised significant talking points and policy suggestions while shaping a framework for the country’s cyber security landscape.

OPENING SPEECH

The summit began with the Opening Speech of Shariful Islam, Founder, Bangladesh Innovation Conclave and Founder & Managing Director, Bangladesh Brand Forum. Addressing the occasion, Shariful Islam said, “As a nation, we have obtained the digital Bangladesh vision. Now, it is our responsibility to make the digital experience effective and secure for every other sector. Cybersecurity currently stands as both a challenge and an opportunity for Bangladesh. And our previous experiences prove that, as a nation, we have always dealt with challenges profoundly and made the best of the opportunities. Here, we have gathered to establish a cyber-resilient Bangladesh. I believe we will walk the path together, ensuring innovative solutions and sustainable outcomes.”

CHIEF GUEST’S SPEECH

In his speech, the Chief Guest, Zunaid Ahmed Palak, MP, emphasised the emerging importance of cyber security and appreciated the initiative by saying, “Cyber security is a crucial component in our way to establishing Smart Bangladesh 2041. With digitalisation comes the different aspects of cyber security. We have gathered here today to address those issues and showcase the opportunities that will guide us in strengthening our efforts to create a cyber-resilient Bangladesh.”

The discussions revolved around multifaceted and timely topics like the shifting landscape of cybersecurity threats in Bangladesh’s financial sector, cyber resilience in Bangladesh for critical infrastructure, and Bangladesh’s dynamic cybersecurity policies.

KEYNOTE SESSION BY MAJOR VINEET KUMAR

Major Vineet Kumar, Founder and Global President of the CyberPeace Foundation; led the summit’s first keynote session. His insights into the complex terrain of cyber threats and cybersecurity challenges set the tone for the event.

Major Kumar began by categorising cyber threats into technological, cyber content-related, and misinformation dissemination, emphasising the rising prevalence of these issues. He highlighted the manipulation of images into pornography through AI applications and the exploitation of AI voice cloning technology for scams. Misinformation and disinformation campaigns were also noted as common tactics in cyber attacks. One significant concern Major Kumar addressed was the threat posed to children, who are often approached by strangers seeking personal information for blackmailing purposes. He stressed that the dark web serves as a marketplace where cyber attacks can be orchestrated for a price, allowing attackers to target companies and individuals indiscriminately.

He underscored the potential damage from ransomware attacks, which could spy on companies and disrupt networks once a weakness is identified. Additionally, the automobile industry faces significant threats from hackers, with a projected cost of $10.5 trillion globally to ensure cybersecurity by 2025. While Bangladesh has established a national cybersecurity strategy, Major Kumar emphasised the need for these policies to be dynamic and evolve alongside technological advancements. He also expressed concern about the impact of cyber warfare as the fifth dimension of global conflict and noted the growing interconnectedness of smart devices and IoT networks.

Bangladesh has established 35 infrastructures dedicated to cybersecurity, yet future-focused strategies are still needed to address emerging threats. Major Kumar concluded his session by emphasising the importance of collaborative efforts to create a safer cyberspace for all.

PANEL DISCUSSION ON “UNVEILING THE SHIFTING LANDSCAPE OF CYBERSECURITY THREATS IN BANGLADESH’S FINANCIAL SECTOR”

The panel discussion was moderated by Hussain A Samad, Lead Researcher at the iDEA Foundation and Consultant at The World Bank. The panelists included Md. Saiful Islam, Chief Technology Officer at Bank Asia Limited; Md. Mahbubul Alam, Head of Information Security Division at Prime Bank PLC; Major General Sheikh Md Monirul Islam (retd), Chief External & Corporate Affairs Officer at bKash Limited; and Engr. Md. Mushfiqur Rahman, Chief Information Technology Officer at First Security Islami Bank PLC.

The discussion centred around the vulnerabilities of Bangladesh’s financial sector due to the increasing use of digital platforms. Topics included cybersecurity threats, the importance of trust, and the need for comprehensive training and awareness.

The panellists discussed the shortage of skilled professionals in cybersecurity and the need for comprehensive training programs. They emphasised the importance of integrating cybersecurity courses into university curricula. The discussion also touched on the challenges of implementing and assessing solutions and the reliance on imported cybersecurity software. Customer-centric solutions were emphasised, including the balance of innovation and customer convenience, especially in rural areas.

INSIGHT SESSION ON “SECURE TELCO-TECH JOURNEY TOWARDS FUTURE”

The session focused on the secure telco-tech journey towards the future, led by a panel of Grameenphone executives: Mohammad Shahadat Hossain, Principal Engineer; Moinul Momen, Head of Adjacent Network Business Innovation; Zahiduz Zaman, Head of Digital Channels & Distribution; Abul Kasem Mohiuddin Al-Amin, Head of Network Services; and Farhana Islam, Head of Social Impact.

Mohammad Shahadat Hossain emphasised the importance of cyber security as the fundamental aspect of all operations at Grameenphone. The company serves 80 million customers and assesses people, processes, and technology risks to ensure data security. The company’s zero-trust principle involves initiating an authentication process to secure the system in case of a network breach.

Abul Kasem Mohiuddin Al-Amin discussed the three layers of accountability approaches at Grameenphone: stakeholder, operation, and management levels. He highlighted that continuous monitoring, vulnerability detection, and preventive measures are internally managed to enhance security.

Zahiduz Zaman mentioned the three-layer authentication process implemented in Grameenphone’s app to prevent network breaches and improve cyber security. Customer data access is strictly monitored with customer consent, forming part of a multi-layer security approach.

Moinul Momen discussed the security measures necessary during app installation to avoid sacrificing data safety. He emphasised the importance of updating apps to maintain the latest versions and effectively combat threats.

Farhana Islam highlighted the company’s commitment to ensuring customer security, particularly for youth and marginalised communities with heavy internet users. Grameenphone aims to train and build awareness in 25 lakh youths through various organisations, encouraging them to learn and exploit cyber security. By 2025, they aim to reach 30 lakh marginalised people to help them protect themselves against cyber crimes.

KEYNOTE SESSION BY A. S. M. SHAMIM REZA

A keynote session on “Cybersecurity Threats and Challenges in Bangladesh” was led by A. S. M. Shamim Reza, Chief Technology Officer of Pipeline, Inc. He laid the foundation for an insightful discussion on cybersecurity in Bangladesh and the necessary steps to secure the country’s digital infrastructure.

Reza began by emphasising the lack of baseline cyber hygiene in Bangladesh. He pointed out that the cyber threat landscape consists of three components: context, asset weakness, and the tactics used. The dark web was highlighted as a part of the deep web where illegal activities occur, and access to it is limited for most people. Like many other countries, he noted that Bangladesh must still fully deploy Internet Protocol version 6 (IPV6). Reza stressed the urgent need for cyber awareness training, community knowledge transfer, security guidelines and policies implementation, and proactive programs to check effectiveness continuously. These are critical steps to secure Bangladesh against emerging cyber threats.

Reza also drew attention to the significant financial impact of cybercrime, projecting that global cybercrime damage will reach 10 trillion USD by 2025. He noted the infamous Bangladesh Bank heist as one of the largest cyber heists worldwide and emphasised the risks government organisations face as primary targets of cyber attacks. The discussion then transitioned to the experience of Estonia, a pioneer in digitising its infrastructure, underscoring the importance of proper security measures. As Bangladesh transitions from Digital Bangladesh to Smart Bangladesh, security and preventive measures against cyber threats must be assessed and enhanced.

He described the three layers of the cyber threat landscape: the attacker, the targeted infrastructure, and the attacker’s techniques. Reza mentioned the dark web’s primary marketplace, Silk Road, which facilitated the sale of financial data, cookies, and other illegal items. People are increasingly shifting from the dark web to mainstream channels like Telegram.

INSIGHT SESSION ON “THINGS AUSTRALIA CONSIDERED FOR ITS CYBER SECURITY ACTION PLAN”

An insight session on “Things Australia Considered For Its Cyber Security Action Plan” was led by Dr Arif Jubaer, Founder of Daily Positive (D+), Arif Systems, Babatye, and BERI. Dr. Jubaer provided a comprehensive overview of Australia’s 2023-2030 cyber security strategy, emphasising the importance of a clear, involved, and robust plan that engages the entire Australian ecosystem.

Dr Jubaer began by explaining that the Australian government’s cyber security plan encompasses protection, detection, and implementation strategies across various areas. He noted that Australia employs six protective layers, or cyber shields, to safeguard its digital infrastructure. The plan prioritises the development of skill sets and resources, emphasising the need for adaptability in response to changes in the cyber landscape. Regarding threats, Dr. Jubaer identified four major sectors: federal government, local government, professional services, and education. He also highlighted the importance of ensuring global standards and compliance to achieve cyber security beyond borders.

Australia’s strategy, described as clear, involved, and robust, is adaptable to current and future threats. The country focuses on strong business and citizen protections and engages both the public and private sectors in its initiatives. Dr. Jubaer emphasised the need for continuous evaluation and adaptability in response to the ever-changing cyber landscape.

CASE STUDY ON “CLOUD NATIVE APPROACH TO CLOUD SECURITY: CHALLENGES AND MITIGATIONS”

A case study on “Cloud Native Approach to Cloud Security: Challenges and Mitigations” was led by A K M Nazmul Karim, EVP & Head of IT Governance at bKash Limited. He emphasised the importance of adopting a cloud-native approach to secure data in modern times, focusing on the need to develop and deploy services with this methodology.

Nazmul highlighted the significance of maintaining inventory visibility to pinpoint problems and mitigate them effectively. Cloud security posture management, he noted, is crucial for securing cloud environments and addressing visibility issues. Adopting microservices, containerisation, streamlined software delivery, and automated infrastructure are essential for securing cloud environments.

DevOps and DevSecOps were discussed as modern processes providing higher security than traditional methods. DevSecOps ensures authorised access and stable configuration, while runtime protection secures security postures throughout an application’s lifecycle. Nazmul also stressed the critical aspect of regulatory compliance in security.

INSIGHT SESSION ON “CYBER SECURITY CHALLENGES: MONITORING AND COUNTERING VIOLENT EXTREMIST ONLINE NARRATIVES IN BANGLADESH”

An insight session on “Cyber Security Challenges: Monitoring and Countering Violent Extremist Online Narratives in Bangladesh” was led by Rob Stoelman, Project Manager of Partnerships for a Tolerant Inclusive Bangladesh (PTIB) at UNDP. The session delved into the rising challenges of monitoring and countering violent extremist narratives online.

Rob emphasised the increasing prevalence of violent extremist content, noting a significant rise in subscriptions from 2.7 million in 2020 to 17 million in 2024. This alarming increase demonstrates how violent extremism has manipulated social media platforms to build a larger support base. Stoelman noted that Facebook leads with 55% of monitored channels and 75% of subscriptions, followed by Telegram with 25% and then YouTube. The impact of violent extremists on marginalised groups, including female entrepreneurs, is particularly concerning as they are targeted with digital harms such as cyberbullying and hate speech.

To counter these challenges, PTIB implements the Digital Peace Movement, Diversity of Peace, and alternative narratives advocating tolerance and diversity. The approach also includes social listening to monitor online conversations and trends. Building resilience is essential for cybersecurity longevity, Stoelman stated. He highlighted the need to leverage AI and machine learning to recognise Bengali to protect native speakers from violent extremist narratives.

PANEL DISCUSSION ON “STRENGTHENING CYBER RESILIENCE IN BANGLADESH: SAFEGUARDING CRITICAL INFRASTRUCTURE”

Syed Ahsan Habib, Chairman of Hoplon Limited, moderated this panel discussion. The panellists included Dr Shahjahan Mahmood, Chairman & CEO of Bangladesh Satellite Company Limited; Shahee Mirza, Co-Founder and Chief Cyber Operations Officer of Beetles Cyber Security Ltd.; Rakibul Hassan, Chief Technology Officer of Link3 Technologies Limited; and Jamil Uddin Bhuiyan, Cyber Security Specialist at Cisco Technology Bangladesh Ltd. They discussed strategies for enhancing cyber resilience and protecting critical infrastructure in Bangladesh.

Dr. Shahjahan Mahmood highlighted four major problems facing the world today: pandemics, weapons of mass destruction, climate change, and cybercrime. He emphasised the need to build an ecosystem around cybersecurity, as individual organisations alone cannot address these challenges.

Shahee Mirza emphasised the importance of allocating budgets to cybersecurity, noting that the impact of cybersecurity issues is often hidden, which can lead to underinvestment. He stressed the importance of rigorous auditing and collaboration between industry and academia to increase the number of cybersecurity experts.

Rakibul Hassan discussed AI’s challenges to cybersecurity, including detection and credibility issues. He advocated for controlling AI developments and ensuring the availability of digital devices and networks for security purposes.

KEYNOTE SESSION BY HABIBULLAH N KARIM

The third keynote session of the summit, titled “Strengthening Cybersecurity: The Crucial Role of Stakeholders,” was presented by Habibullah N Karim, Founder & CEO of Technohaven Company Ltd. His session addressed the challenges and opportunities of ensuring cybersecurity in the modern digital age.

Karim emphasised the need to involve all stakeholders, from developers to end users, in cybersecurity efforts. He outlined common threats such as malware infestation, data breaches, phishing attacks, and advanced persistent threats (APTs) driven by AI. Karim noted that security should not be treated as an afterthought but should be integrated from the design phase.

Karim discussed the evolving threat landscape and vulnerabilities created by APIs, access-level issues, token validity, and cross-site scripting (XSS). He stressed that more than relying solely on the goodwill of individuals is required to secure computer systems. The role of the government in providing matching grants and incentives to businesses to enhance cybersecurity was also highlighted. Karim pointed out the importance of third-party management, given that no company can handle security threats alone.

INSIGHT SESSION BY AZADUL HAQ

Azadul Haq, Chairman of Bridge 2 Bangladesh (B2B), delivered an engaging insight session highlighting cybersecurity’s critical importance in our daily lives. He emphasised the ongoing challenge of password management, pointing out how we often store passwords in places easily accessible to hackers. To combat this, Haq recommended creating strong passwords and changing them regularly, preferably on a monthly basis.

He discussed the significant role of socially managed and challenging conversations on an individual level in raising awareness of information sharing through apps. He stressed the need for more family and societal discussions on cybersecurity, paralleling the awareness raised during the COVID-19 pandemic.

Azadul Haq also mentioned the risks of social media photos, often used to create fake videos and spread defamation. He advocated for the government to establish a credit and rating system for cybersecurity to help detect the level of protection afforded by devices. This system would enable tenders to price their offerings accordingly and help organisations invest more money in cybersecurity.

KEYNOTE SESSION BY ANWAR S. KAZI

Anwar S. Kazi, CISA, CISSP, SVP & Director, Corporate Information Security, KeyCorp, USA; delivered a compelling keynote session on “Third-Party Security: Managing Risks for Optimal Business Continuity.” He began by emphasising the critical role of third-party security in today’s interconnected business world. Kazi underscored the delicate balance between leveraging third-party partnerships to facilitate business and the associated risks that can arise from granting them access to cyber assets.

POLICY DIALOGUE ON “DYNAMIC CYBERSECURITY POLICIES: BRIDGING GAPS AND STRENGTHENING RESILIENCE”

The Policy Panel was moderated by A.K.M. Fahim Mashroor, the CEO of Delivery Tiger, Bdjobs.com, and AjkerDeal.com; it featured panellists Md. Shamsul Arefin, Secretary, Information and Communication, Technology Division, Government of the People’s Republic of Bangladesh; Abu Sayed Md. Kamruzzaman, Director General, National Cyber Security Agency; Sayeda Silma Tamanina, Managing Partner, Khan Tamanina & Co.; Barrister-at-Law, Advocate, Supreme Court of Bangladesh; and Dr. Shaikh Shamsuddin Ahmed, Commissioner, Bangladesh Securities and Exchange Commission. The dialogue centred around the evolving landscape of cybersecurity policies and their impact on strengthening resilience in Bangladesh.

The panel discussed the significant changes that have taken place in the Cybersecurity Act between 2018 and 2023. The panellists emphasised the importance of raising awareness across all organisational levels to bridge the existing gaps. The Information and Communication Technology Act of 2006 and the Digital Security Act of 2018 provide the legal framework for regulating ICT activities and combatting cybercrimes. Additionally, the Constitution addresses all cybercrimes, making it essential to understand the laws and definitions to avoid loopholes.

The panel highlighted the three main types of cybercrimes: against individuals, governments, and property. They also stressed the importance of establishing cyber tribunals nationwide to handle cybersecurity cases effectively. Panelist Kamruzzaman noted the critical need for higher officials in both ministries and organisations to understand the security levels of their organisations and take appropriate measures.

Partners

Bangladesh Brand Forum organised Grameenphone Presents Bangladesh Cyber Security Summit 2024 Powered by Link3 Technologies and IDEA Foundation in association with bKash Limited and in collaboration with Smart Bangladesh Network. Supported by: Summit Communications Ltd.; UCB Stock Brokerage Ltd.; Aspire to Innovate (a2i); National Cyber Security Agency; Bangladesh Satellite Company Limited; Strategic Partner: Nammcon;  and PR partner – Backpage PR. Bangladesh Cyber Security Summit 2024 is an initiative of Bangladesh Innovation Conclave.