Interview - Saira Iqbal
Pakistan needs to work on infrastructural security; the long term prospect can help to reduce impact of future threats.
Rozeena Saleha is Co-Founder of QUMAQ is trying to address the unique needs of the Pakistan most complex health and logistics problems. QUMAQ is developing an indigenous drone platform that is less costly, effective, locally developed, locally assembled, fully automated and multi-purpose. It is indigenous product which is locally manufactured so we are saving lot of money and creating lot of opportunities in the country and using this technology across the sectors. Rozeena Salehais graduated from Founder Institute, also Speaker at OSFP. Rozeena has been part of National Incubation Center since 2017. She has done her software engineering from UET Taxila and later on Masters in Information Security from Ripha institute of system Engineering (RISE). Rozeena Saleha loves Community and deeply understands the pain points and solves them through technology. She believes that life is also learn unlearn and relearn and one should stay humble and strive for excellence.
Q). What are the major cyber security challenges in Pakistan? How these challenges can overcome?
Ans. Cyber Security is the world 5th generation warfare set and modern world challenge and there is no denial in its importance. An aggressive Approach is approach is required to deal with modern day cyber financial frauds, fake digital identities and access control policies. Modern day equipment in different Govt, and non govt. entities should be highly scrutinized. Proper laws and regulation should be implemented and developing the deep understanding about cyber attacks and safe use of technology.
Q). Many corporate and security institutions are facing confidential data leakage problem. How this data leakage can prevent?
Ans. Around 90% organizations partially implemented one form of data loss prevention (DLP). Content inspection and content analysis of transit data can help to reduce data leakages.
Q). Do you think cyber risks should address in corporate governance? What should be the role of information security in governance?
Ans. With the increased adaptation in digitalization, there is exponential increase in cyber risks as well. The recent attacks on banking sector emerges the need to take instant measures at Governance level. Firms should take Cyber Security very serious and take measures accordingly. There must be a good balance between meeting the functionality, limiting the resources or budget and securing the core assets in any organization.
Q). Do you think social media is secure?
Ans. No, I don’t think so as it use to manipulate your interest or capture your activity over web. Every click is your digital foot print over web and once it’s there it would always be there. So I always advice people put only those updates which you can share with the whole world. Never share extreme personal details with anyone and never click suspicious links. Snooping and sniffing or malicious code
Q). What are the risks involved in using public Wi-Fi?
Ans. We notice and see public Wi-Fi everywhere we go, in offices, coffee shops, malls and restaurants. People use it as a free treat but we are unaware of risk associated with it. One of the most common threats associated with it is Man in the middle attack (Mitm). By default router send information in the form of plain text. Malwares or malicious code can easily be inserted in any device over the network.
Q). Do you think organizations should develop cyber security risk management system? Will cyber security risk management affect the performance of business?
Ans. Well Cyber Criminals are becoming more and more sophisticated day by day and the cost of cyber breach is intolerable. So at this point of time all stake holders including
Board members, regulators, investors, analysts and business partners and customers should have a deep understanding of all potential risk involve in transaction based systems. Implementing risk management system is essential to protect your brand and reputation in the market. It’s also critical for advancing your brand in the marketplace by empowering executives, including boards and audit committees, to make better informed and strategic decisions.
Q). Cyber Security is still not mature in Pakistan. Why it is lagging behind?
Ans. Things are getting better day by day as people are getting more aware of its importance in businesses globally. The GCI revolves around the ITU Global Cyber security Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation) so we really don’t have to reinvent the wheel but follow the footsteps of first world practices and standards. We are still many years behind policy making and implementation of Novel Ideas to overcome the cyber risks. Why? Various factors are involved like lack of awareness, laws and lack of decision making at governance level.
Q). We are observing an increase in Cyber Crime rate. Are you satisfied with the current Cyber Crime Law in Pakistan? What government should do to deal with the Cyber Crimes more effectively?
Ans. Well Cyber Crime is global challenge as if we look closely only very few countries have mature cyber Crime bill and its strict implementation. We as country in phase of learning and experimenting and things take time to get matured. The Electronic crime bill has various flaws which can be addressed by lawmakers and technologist should fix it. Vague statements can lead to some of very critical prosecutions for example section 3 4 of CFAA (2015) where “Unauthorized access” of data need more clarification as one needs to understand that intent matters during a crime. In Section 16 says that whoever changes, alters, tampers with or re-programs the unique device identifier of any communication equipment and starts using or marketing such device for transmitting and receiving “information” can be jailed for up to three years, a fine up to one million rupees (around 9,500 USD) or both. Now for me this is a very broad statement and it can also include those who alter MAC addresses of their devices for legitimate purpose. Similarly data retention data retention policy in section 28 and 29 has some serious concerns in my mind. Section 30 allows unauthorized arrest warrants entering in any unauthorized space. Similarly Section 36($), 38 (2) requires revision.
Q). Is there any Cyber Security institution in the country to deal with cyber security challenges in this digital age? What is the responsibility of Government regarding it?
Ans. Yes National Response Center (www.nr3c.gov.pk) is been established to deal with all types of crime. Well digital identity protection and strict laws for cyber protection are required to meet the modern world challenges.
Q). Do you think Cyber Security Research & Development (R&D) Centers are required to deal with latest cyber threats proficiently and effectively? Is there any R&D Centre in Pakistan competent enough to deal with modern Cyber Attacks?
Ans. Yes our Defense organizations building various research centers to deal with various cyber security challenges. In recent years various universities have initiated the Information Security Program so I believe it if IS isrightly taught to many students, ultimatly can help to solve many cyber challenges.
Q). What is the future of Information Security you are seeing in Pakistan?
Ans. Well According to the snow den’s revelations Pakistan is the 2nd the most targeted nation / country so Cyber security has some core importance in future objectives of Pakistan.
Q). Would you encourage fresh graduates to learn and make their career in Information Security?
Ans. Yes at first place one needs to follow his/her passion and if this field attracts someone, one must peruse his/her career in information security as it is the most emerging field in current scenario.