In 2016, hackers stole $81 million from Bangladesh Bank through the SWIFT network — one of the largest cyber heists in history. That incident put Bangladesh on the global cyber security map. But the threat has not diminished since then — it has grown, and it has spread far beyond the banking sector.
Small and medium businesses, schools, hospitals, and NGOs are now regular targets. Here is what the threat landscape looks like in 2025 and what every Bangladeshi business needs to do about it.
The Threat Landscape in Bangladesh
- Ransomware — Malicious software that encrypts your files and demands payment for the decryption key. We have seen this hit hospitals, schools, and manufacturing companies in Bangladesh. The average ransom demand is $10,000–$50,000. Many victims pay — and still do not get their data back.
- Phishing — Fake emails that trick employees into revealing passwords or clicking malicious links. The most common entry point for cyber attacks. A single employee clicking the wrong link can compromise an entire organization.
- Website Defacement — Hackers replace your website content with their own messages. Common against government, educational, and NGO websites. Embarrassing and damaging to credibility.
- Data Theft — Customer databases, employee records, and financial data stolen and sold or used for fraud. Particularly damaging for businesses that hold sensitive customer information.
- Business Email Compromise (BEC) — Hackers impersonate executives or suppliers via email to trick finance staff into making fraudulent payments. This has cost Bangladeshi businesses millions of taka.
The Most Common Vulnerabilities
Most successful cyber attacks exploit basic, preventable vulnerabilities:
- Weak or reused passwords
- Unpatched software with known security vulnerabilities
- No multi-factor authentication on email and critical systems
- Employees who cannot recognize phishing emails
- No regular data backups — or backups that have never been tested
- Web applications with SQL injection or XSS vulnerabilities
What Every Business Should Do Now
- Enable multi-factor authentication on all email accounts and critical business systems. This single step prevents the majority of account takeover attacks.
- Keep software updated. Most ransomware exploits known vulnerabilities in unpatched software. Regular updates close these doors.
- Train your staff. Employees are the most common entry point for attacks. Regular phishing awareness training dramatically reduces risk.
- Implement proper backups. Daily automated backups stored offsite or in the cloud. Test your restore process regularly. A backup you have never tested is not a backup.
- Conduct a security assessment. You cannot protect what you do not know is vulnerable. A professional security assessment identifies your specific risks and prioritizes what to fix first.
Bangladesh Bank's Cyber Security Guidelines
Bangladesh Bank has issued cyber security guidelines for financial institutions that represent a good baseline for any business handling financial data. Key requirements include network segmentation, access control, incident response planning, and regular security audits. Even if your business is not a financial institution, these guidelines provide a useful framework.
The Cost of Inaction
The cost of a cyber attack — ransom payments, data recovery, system rebuilding, reputational damage, and lost business — is almost always far greater than the cost of prevention. Cyber security is not an IT expense. It is business insurance.