Phub Dem

The security of individuals in cyberspace is a concern with an abrupt increase in online users, mainly due to the pandemic.

According to the Bhutan Computer Incident Response Team (BtCIRT), the country saw an unprecedented number of phishing attacks such as scams related to courier services, and the purchase of masks and hand sanitisers. Mobile banking users are the highest hit, losing money to scammers.

While BtCIRT, in collaboration with banks, shared advisories and carried out numerous awareness programmes, people are still falling victim to the same phishing attacks, according to a press release from BtCIRT.

During the week-long Cybersecurity Awareness Programme, the relevant agencies discussed the emerging cybercrimes, cybersecurity risks, and the country’s preparedness.

According to the head of the BNB IT department, Yonten Jamtsho, cybercrime is a lucrative business for cyber-criminals, and they are increasingly targeting financial sectors.

He said that there had been a few Whatsapp scams where the scammer called local people asking for their bank details such as their account number, mobile number, and other related information to take control over the mobile banking application.

After the scammer convinced the victim that they had won a lottery worth Nu 2.5 million, the victim shared the OTP and other details. Instead of crediting the amount, the victim’s account was debited with the same amount.

However, the amount was transferred within the banks in Bhutan, as mobile and internet banking doesn’t allow money transfers outside Bhutan. “BNB immediately alerted the banks and froze the transaction.”

While the bank is doing everything to prevent such scams, he urged the public not to share OTP personal and financial details over emails. “Banks will never ask for such details.”

He said that such an awareness programme is timely to correct the human vulnerabilities and educate people regarding the scams.

BtCIRT head Dechen Chhoden said that there is a lack of cyber threat awareness in the country, adding that with cybercrime on the rise worldwide, it is imperative to be prepared.

She said that such incidents occur due to a lack of awareness, as 90 percent of the time, human error contributed to cyber-attacks. “We started the week-long awareness programme to reach out to more people and make them aware of the various risks in the online space.”

Studies show that 95 percent of cybersecurity breaches are due to human error, meaning unintentional actions or lack of action, such as downloading malware, failure to use a strong password, or use of insecure software.

She said that a few organisations are facing ransomware attacks, but BtCIRT responded before it was too late. She said a lack of cyber hygiene practices encourages scams and hacks. “The cyber or IT professionals should update to the latest software and adapt other cyber hygiene practices.”

Dechen Chhoden added that BtCIRT doesn’t have the human resources to handle significant attacks, but is gradually getting there through various initiatives. “We are talking with the RCSC for more human resources and to build capacity.”

The panel also discusses other cybercrimes such as pornography, business email fraud, lottery win scams, and preventive measures.

With the theme ‘Be Cyber Safe – A step towards building the human firewall’, the cybersecurity week aims to achieve cybersecurity awareness among the general public, educate and inspire students in the cybersecurity field, and upskill ICT professionals to secure their workspace.

The programme targeted students, non-IT professionals, ICT officers and the general public.

The cybersecurity week campaign included basic cybersecurity practices, network security, MANRS for Network Operators and Web Applications security.

BtCIRT in collaboration with Bank of Bhutan, Bhutan National Bank Ltd, GIC-Bhutan Reinsurance, Royal Monetary Authority as part of the Financial Institutions Cyber Response Team (FICRT), along with other key partners such as Bhutan Telecom, Tashi Infocomm, Royal Bhutan Police, Thimphu Tech Park (TTPL), Department of Law and Order, Department of Information and Media, Media Council of Bhutan, Department of School Education and Bhutan Power Corporation Ltd, carried out a week-long cybersecurity awareness programme in December last year.