The Federal Board of Revenue (FBR) system has faced approximately an average of 71,000 cyber-attacks in a single month.
According to the FBR’s report on Pakistan Raises Revenue Project (PRRP), in recent years, FBR has also undergone a major menace of data theft due to constant cyber attack attempts by hackers. Reports highlight that the threat landscape is evolving at a faster pace than the organizations trying to protect themselves. Due to the use of obsolete/ outdated software and hardware.
Over time these cyber-attacks have primarily affected the virtual environment of the data center. Mainly, the virtual machines are being attacked and the attackers managed to exploit the weakest link, which is the Hyper-V software by Microsoft Inc. As per the reports, the hackers made attempts to break the data rooms and there were also several warnings issued beforehand.
The published data also highlights that FBR will be carrying out third-party audits and will devise a comprehensive strategy and monitoring plan in addition to ICT up-gradation to evolve into a true-data-driven digital organization. The reported data also reveals that although initial procurements may protect FBR for the short and medium-term, continued investment in the IT system is required to ensure data security and protection in a sustained manner in the long term.
The FBR report stated that cybercrime/hacking and data security threats are emerging with the transitioning of key public services /fin-tech services to electronic regimes. Thus, for the data analytics, business intelligence tools/software extra security will be ensured for data security of the FBR clients and to avoid situations of disharmony and tension building in the FBR client over their data protection and security.
It has been noted in the baseline that FBR has faced threats to data security with cyber-attack reported in past. Although the project itself addresses this issue through component 2 majorly but following measures could be adopted to avoid any grievances or panic among the FBR staff and clients.
Firewalls will be erected to protect data centers with independent cloud services (already proposed in the project) to prevent the risks of cybercrime, hacking and data thefts. The hiring of competent staff to provide oversight management, and data protection. Backup ICT facilitation plan in case of system failure or cyber-attack especially to facilitate consignments clearance at the sea and airports to avoid any conflicts and frustration among clients, FBR report added.