ISLAMABAD: Minister of finance Shaukat Tarin has informed the National Assembly that on a mean the Federal Board of Revenue (FBR) portals were subjected to 71,000 cyber attacks monthly .
This volume has, over a few of years, increased sharply as tools and methods available with the hackers are more powerful and complicated , Mr Tarin said during a written reply to an issue from PPP MNA Raza Rabani Khar placed before the assembly on Wednesday.
This was the primary detailed reply from the minister of finance regarding protecting the info of taxpayers.
The minister said FBR had been authorised to acquire cyber and knowledge security-related hardware, software and services to guard the organisation from future attacks.
“The breach in 2019 wasn’t detected till the investigation into the newest breach in August 2021. The breach was minor in nature and therefore the infrastructure hosting the FBR website was hardened. Therefore, a cyber breach-related audit wasn’t administered so far .”
However, Mr Tarin said there was an ongoing investigation into the present breach with the assistance of a 3rd party. This third party helps scan the whole FBR network, including all machines located within the field formations, so as to work out the possible point of the initial breach.
He said once this has been determined and remedial actions are taken, a full third-party security audit are going to be administered to work out any remaining vulnerabilities.
A full action decide to counter the vulnerabilities are going to be put together and its execution monitored.
“Therefore, a cyber breach-related audit wasn’t administered so far . Technology continues to evolve at breakneck speed and requires constant reinvestment.”
Historically, investment into technology at the FBR has remained restricted to specific periods directly associated with financing being made available by donor agencies.
This method of investment creates technology debt in between such periods which may cause vulnerabilities going unaddressed, which may consequently create opportunities for malicious actors like what transpired during this recent event.
The minister said it had been highly recommended that an annual allow technology refresh be allocated to FBR, which might allow the organisation to stay its technology up so far and take full advantage of advancements happening therein space. this could be like 0.05pc of the revenue collected which might have amounted to Rs2.4bn last year.
This amount would are sufficient for the FBR to possess upgraded much of its information security infrastructure which can have prevented the recent incident.
The threat landscape is usually evolving at a faster pace as compared to organisations trying to guard themselves. Therefore, this first procurement may protect the FBR for the immediate and medium future. However, a continued investment must be put in situ to guard and permit the FBR to evolve into a data-driven digital organisation, he added.
