A myriad of attitudinal and government hurdles are exposing this vital industry to ruthless cybercriminals, reports our Bangladesh correspondent.

Digital technologies have revolutionized several sectors in recent times, including the way textile manufacturing processes are being outsourced across the globe. When digital interactions, communications and networks are the norm, strong cybersecurity becomes an obvious necessity.

Bangladesh—the South-east Asian hub for textile manufacturing—seems to be lagging in this aspect. The country is the world’s second largest exporter of ready-made garments after China. Its textile industry accounts for nearly 2% of the country’s GDP and employs around 20 million people. 

Notwithstanding this fact, the industry has done abysmally in implementing robust IT systems. A few of them are equipped with structured LAN cabling, high bandwidth Virtual Private Networks (VPNs) and application layer firewalls, but these are not adequate for data protection and defensee against cyberattacks.

The COVID-19 pandemic period has been witness to a slew of cyberattacks there, further shifting the focus on cybersecurity in the Bangladesh textile industry. The sector currently lacks the skilled workforce and necessary investment for enhanced cybersecurity.

Scarcity of skilled IT talent

Mitun Chandronath, who owns the ABA Group in Dhaka, said that every tenth Bangladeshi textile business owner is exposed to the threat of phishing, spamming and other technical breaches: “Many textile business owners run on a tight schedule and have no time to look into the micro needs of an organization. For them, tech infrastructure is just another expense, like purchasing spares for their machines,” he quipped, adding that the major pain point textile owners face is the availability of skilled cybersecurity staff. “While it is a global problem, Bangladesh has more scarcity of personnel to deal with tech and cyberattacks,” he pointed out, insisting that companies should focus on training students about managing cybersecurity threats.

Mitun cited some instances wherein small textile business owners had lost critical customer data, after which many companies started taking network security seriously. “Now, I see many business owners purchasing email security and protecting their firewalls using perimeter-level security.”

Low awareness, high risk

The CEO of Dhaka Distributions, one of the key cybersecurity service providers, in Bangladesh, Prabeer Sarkar, felt that it is not that the textile and garments industry has not been implementing security measures, but that it is not visible or being discussed widely. “The cybersecurity industry is also not sensitizing them in the way the other sectors are being educated.” His clients are primarily from the financial sector, government, telecommunications and defence: high risk industries in the face of cyberattacks.

In February 2016, Bangladesh bore the brunt of the largest cyber heist in the history of global financial forgery when its central bank’s reserves from the Federal Reserve Bank of New York transferred US$81m to accounts in Sri Lanka and Philippines.

In 2013, Bangladesh’s Sonali Bank fell prey to an attack, where US$250,000 got siphoned off from its network. After this incident, the Bangladesh Computer Council (BCC) was constituted to combat further intrusions and security breaches. However, this team does not investigate sector-wise, but oversees only the overall cybersecurity needs of the country. This is because the industries do not evince interest in building a proper IT infrastructure to safeguard their networks. 

Today, the financial sector there is still vulnerable to cyber threats, despite the 2016 heist. Only four banks have security operation center to oversee security measures, which is a part of the guidelines issued by the Bangladesh bank. The reason quoted for this is “lack of official information”.

“Lack of official information”

Past cyberattack cases in the financial industry involving system breaches and ransomware may have been under-reported. This means there is still a lack of awareness in data protection. “You don’t get any news on such attacks. IT and IT security are not an extensive point of discussion in the sector yet. But growth and more dependency on technology will bring it to the fore. It is just a matter of time,” observed Prabeer.

He also believed that awareness has to be raised by the government, industry associations, IT companies and OEMs. “The onus is also on the professions in the cybersecurity domain. Ideally, more news on cyberattacks, proactive measures by the government and the cybersecurity community will improve the situation in the country,” Prabeer hoped.

External factors

Foreign players that outsource garments from the country have not been pushing for better cybersecurity. The textile sector does not feel the need to have data protection either.

According to A.K.M. Fazlur Rahman, Managing Director, Smartdata Technologies: “They follow what their buyers tell them. They do not have the compliance push on data protection, cybersecurity and safety from their buyers. If this does not come through, the owners are not going to realize the need.”

Also, lack of news reports about cybersecurity threats has resulted in foreign players underestimating the prevailing risk. This has led to inadequate or low budget allocation to bring in the necessary IT teams or to educate the industry. “The companies can’t even identify any data breach, as they do not have the technology to raise alarms,” Fazlur said. He cited a project in which his engineers could access all the data of a company when they were deployed to install antivirus software. 

Only some big companies have an antivirus or a firewall installed as a part of their IT infrastructure. This is only about 20%–30$ of the industry. “Education, skill sets and human resource development are the main problems existing throughout the country, as very little importance is given to cybersecurity,” Fazlur concluded.

Comparison with other countries

Bangladesh’s neighbor India is also a large exporter of textiles. According to some circles, cybersecurity awareness in more-developed India has also not gained momentum yet.

Apparently, the Indian industry suffers from being “partly unorganized”. It also lacks proper infrastructure for quick recovery in case of cyberattacks. While some sectors there realize the vulnerabilities and are taking the necessary precautions, there are still not enough funds being allocated.

Said an official spokesperson from Twin Birds, a women’s wear brand from India: “We still have a long way to go in data protection; many industry players don’t have a fully-functional IT team. Only now, we have manufacturing units going digital. It is important that we are more prepared and resilient as we move into the digital era.”

Interestingly, Vietnam, a relatively small player in this sector, is emerging as a quick learner in IT adoption. “As we go forward, it is not about whether somebody ‘can’ change, but more about ‘ought to’,” said Prabeer.

The textile industry in Bangladesh, in particular, is highly vulnerable to cybercrime. It is imperative that the industry rolls out stringent cybersecurity measures for seamless business continuity.