2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC)

21 - 23 Dec 2017, Dhaka, Bangladesh

Cybersecurity Awareness Survey:

An Analysis from Bangladesh Perspective

Nadeem Ahmed, Umme Kulsum, M. Ershadul Haque Mohammad Shahriar Rahman

Md. Imran Bin Azad, A S Zaforullah
Momtaz
Department of Computer Science and
Engineering, University of Asia Pacific,
Dhaka-1215, Bangladesh
{nadeem11, uktumpa}@gmail.com
{imranbinazad, zaforullah}@uap-bd.edu
Department of Statistics, University of
Dhaka, Dhaka-1000, Bangladesh
ershad_sbi@du.ac.bd
Department of Computer Science and
Engineering, University of Liberal
Arts Bangladesh, Dhaka-1209,
Bangladesh
shahriar.rahman@ulab.edu.bd

Abstract— In modern era digital devices are the part and
parcel in everyday life. Easy access to internet across the globe
has totally changed the pattern of life. Web has become the main
source of acquiring knowledge and information. Email is
replacing the postal mail system. Use of computer is a mandatory
from primary education sector to government level enterprise.
Facebook, twitter, whatsapp, viber are becoming main way to
social communication. All these developments made life of people
easier and comfortable but at the same time crimes associated
with technologies have also emerged especially in a developing
country like Bangladesh. Cybercrime has become a vital issue.
This study conveys an in-depth survey about the awareness of
cybercrime amongst the people of Bangladesh. Both online and
offline version of the survey were created to conduct this study.
The study finds that there is a patchy awareness level and it is not
satisfactory. The general people are unaware of standard
practices for cybersecurity. The government and respective
organizations is not vibrant regarding cybercrime related issues.
A proper guideline is required. Also it needs to be updated on
timely manner. Additionally, Pearson's Chi-squared test was
conducted for in-depth analysis. Finally, it can be said that there
exists an urgency to implement a prototype for cybersecurity to
combat with cyber threats.
Keywords—Cybercrime, Cybersecurity, Communication
Technologies, Awareness, Internet, Threats, Survey, Bangladesh;
I. INTRODUCTION
With the extensive use of Information Technology (IT)
and internet technologies the world has become real-time
borderless. The earth has turn out to be to a global village. In
parallel computer network crimes have emerged which is
known as cybercrime [1]. Constantly changing technology has
put the traditional security models in under pressure.
According to a report based on findings on nearly 300,000
complaints announced by the Federal Bureau of
investigation‟s Internet Crime Compliant Center (IC3)
claimed that U.S. lost over $1.3 billion in 2016 from
cybercrime which is 24% higher than previous year. The
common victims were senior citizens over 60 years old and
generally unaware of cybercrimes [2].
In 2014 the global economy annual cost was estimated
$400 billion while the maximum could be as much as $575
billion. To measure the loss from cybercrime is not easy to
measure. There are several sources for calculating the cost.
Statistical data are originated by the government, business,
industry and IT security firms regarding the present state of
cybersecurity threats in the U.S. and globally. G20 nations
affected by the major losses. The first four biggest economies
[3] in the world (the US, China, Japan, and Germany) had loss
$200 billion from cybercrime. Underprivileged nations have
faced meager losses, however this will grow up very quickly
as these countries are increasing internet and mobile platform
usages. Cybercrime is seriously impacting on employment
especially for the developed countries. The effect is to shift
employment away from jobs that create the most value. The
report presented that more than 200,000 jobs were vanished in
the U.S. due to cybercrime. It was also estimated that
European Union had loss as many as 150,000 jobs from
cybercrime [4].
In Bangladesh the rate of internet user is increasing
rapidly. Bangladesh Telecommunication Regulatory
Commission (BTRC) announced that internet subscribers have
reached 67.245 million in February, 2017 [5]. Cybercrimes are
gradually increasing in the country but Bangladesh has no
mechanism yet to combat this thing. The Mahmudur Rahman
case was one of the leading cases in terms of cybercrimes in
Bangladesh and may be referred as the first cybercrime case in
Bangladesh. Charges were brought against M. Rahman under
sections 57 and 58 of Cyber Crime and ICT Act -2006. On
February 15, 2012, „Black Hat Hackers‟, a alleged hackers‟
group in Bangladesh hacked more than 25000 Indian sites
including crucial websites such as the Border Security Forces
(BSF). Propaganda activities are also considered as
cybercrimes in some instances. Propaganda is biased and
misleading information that is used to publicize or promote a
particular ideology or political cause. It creates agitation and
panic among the public. For example, 2012 Ramu Violence in
Cox‟s Bazar can be mentioned. Someone with a fake account
gave a picture of desecration of the Sacred Quran on facebook
page. The fake account was under a Buddhist male name. This
post agitated the common Muslim people of that area and
they, without verifying the authenticity of the facebook
account, attacked innocent Buddhist dwellers of that area.
Many Buddhist temples, monasteries and households were
destroyed [6]. One of the biggest cybercrimes in Bangladesh
was occurred in February 2016. This incident is known as

978-1-5386-2175-2/17/$31.00 ©2017 IEEE

788

Bangladesh Bank robbery (Bangladesh Bank heist) where
hackers used Dridex malware. Hackers tried to withdraw
US$951 million from Bangladesh Bank but partially
succeeded. These culprits issued five transactions (each worth
of $101 million) and withdrawn from a Bangladesh Bank
account at the Federal Reserve Bank of New York. Later $20
million was discovered in Sri Lanka and restored and $81
million in the Philippines where only about $18 million
restored. The New York Fed blocked the rest of the thirty
transactions ($850 million) as per request of Bangladesh Bank
[7-9]. It is obvious that cybercrime is growing up and if not
controlled it might be the cause of greater harm in near future.
To control the cybercrime, cybersecurity awareness is
mandatory amongst the users. Moreover, different
cybersecurity awareness programs are widely conducted in the
developed countries. This study conducts a survey about
cybersecurity awareness amongst the users in Bangladesh.
This study reflects the awareness level of the users and the
programs that can be taken to improve the awareness.
II. METHODOLOGY
This research strategy is based on survey questions named
as “Security, awareness and incident reporting – A Survey of
Users knowledge, Attitudes and prevention” to explore and
find out the cybersecurity awareness level among the people
of Bangladesh. All answers are treated confidentially and
respondents were anonymous during the collection, storage
and publication of research material.
A. Settings of the Survey and Tools
In this research, a questionnaire [10] was used as a method
for gathering data to get the results for users‟ awareness level.
This survey was created on online and stored on a secure
database for data collection and analysis. But both online (web
URL) and offline (printed) version were distributed to the
users for data collection. Later offline (printed) version data
were uploaded on online by the authors for analysis. An
enormously useful data analysis package SPSS was used in
analysis plans and to produce results in this study. The
descriptive statistics were computed which includes
frequencies and percentage. Each of the section used in the
questionnaire contains two or more questions and
consequently a data reduction technique (factor analysis)
employed for each of the section to produce a single factor
score (continuous score with zero mean and unite variance).
These score for cybersecurity practices, cyber awareness,
experienced cybercrime, concerned about cybercrime and
responsible bodies are such that higher values indicate more
activities. Finally Chi-square test for association among the
cybercrime activities were employed.
The survey is divided into four sections as A. Participant
Demographics (9 inquiries) B. Cybersecurity Practices (6
inquiries) C. Cybercrime Awareness (7 inquiries) and D.
Incident Reporting (2 inquiries). The section A asked about
the basic demographics and internet usage policy of the users.
The section B asked the users about the usages of software,
devices, antivirus and general security practices. The section C
asked about users‟ thinking and opinions which reflected
awareness level about cybercrime. The section D asked the
users about their reaction and taken measures when they faced
789
2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC)
21 - 23 Dec 2017, Dhaka, Bangladesh
cybercrime incident which reflects how the users are aware
about the present rules for cybercrime reporting.
B. Selection of Respondents
The questionnaire was distributed amongst the people of
different sectors. Help from individuals and social networking
platforms were taken to reach the audience. A nonprobability
Snowball sampling technique (also known as chain sampling,
chain-referral sampling, referral sampling) was also used to
reach the audiences. Audiences were cordially requested to
circulate the survey (printed copy/web-link) to their family
members, friends and colleagues. In this way, the Snowball
sampling technique was acquired to increase the study
participants. A total of 802 questionnaires (644 online and 158
offline versions) were collected and analyzed to find out
results. The survey was targeted to the audiences who are at
least 18 years old and have minimal schooling education with
computer literacy as this research was targeted on the level of
cybersecurity awareness among users.
III. CYBERSECURITY ANALYSIS AND FINDINGS
This survey was mainly divided into four sections, analysis
and findings were also kept into four different sections as well.
All the floating data were approximated to the closest number.
Afterward correlation studies had been conducted between
different sections for in-depth investigation.
A. Analysis of Participants Demographics
Out of 802 surveys male participants are the majority 67%
with compared to female participants 33% which is expected.
According to World Bank report [11] male working force is
64% whereas female working force is 36%. Thus male
participants are more accessible than female participants. Also
studies by Grameenphone, in collaboration with Brac [12]
found that male and young generations dominate the internet
usage. This study also reflected the above findings. Out of 802
participants age-group 18-29 is the majority 49%. The rest of
the participants are in the age-groups: 30-39 (36%), 40-49
(12%) and 50+ (3%). The participants of this survey are well-
educated. 54% had either been pursuing Bachelor or Diploma
Degree and 45% had higher Degree (Master‟s or PhD). People
from versatile professions had participated in this survey. The
major participants groups are undergraduate students 30%.
This younger generation was willing to participate in the
survey and easy to access. The rest of the populations (per
sector population<10%) are from different sectors like
Engineering, Education, Business Management, Lawyer,
Communication and Journalism, Architecture, Biological and
Biomedical Science, Computer Sciences, Legal, Liberal Arts
and Humanities, Medical and Health Professions, Agriculture,
Physical Science, Visual and Performing Art. This study was
tried to reach every possible sector which increased the
reliability by providing true outcome. Usage of internet and
related services (E.g. email, whatsapp, viber, news, youtube,
facebook, tweeter) is quite impressive. 73% participants are
using it on frequent basis throughout the day. 23% participants
use it once or twice in a day. The rest of participants are
infrequent users, use internet in weekly or monthly basis.
Approximately half of the participants (48%) feel that they
have Intermediate technology skill (e.g. able to install and run

special software, make modifications to the settings of the
computer, have a good understanding of hardware and
software). 38% participants feel that they are novice users
(e.g. start computer and phone, go to specified web page. Use
Word. Use social media). 13.7% participants think that they
have expertise in computer engineering, database
administration, network engineering. The people use mostly
smart phone (69%), laptop (56%), desktop computer (36%)
and tablet (15%) to access internet either in combined manner
or solely. In case of internet connectivity, 63% use Private Wi-
Fi (e.g. in home), 48% use Mobile/cellular phone network
(e.g. 3G/4G), 42% use Public Wi-Fi (e.g. in coffee shop,
restaurant), 28% use Broadband (wired) connection. The
common purposes of using internet are Education or
information seeking (69%), Social networking (61%),
Communicating with email, skype, viber and others (52%),
Entertaining e.g. playing games (51%), Professional reasons
such as remote access VPNs (39%), Government services,
online banking, e-commerce, and others (22%). Above results
support the outcomes in [13,14] and which indicate that
findings are both valid and reliable.
B. Analysis of Cybersecurity Practices
Participants varied in Cybersecurity Practices. Most of
the people of Bangladesh rely on Windows Operating System
(OS) and run different version of OS at the same time. It is
found that 47% people use Windows 10, 42% people use
Windows 8 and 48% people use Windows 7. Few people, 19%
people use old version of Windows OS (XP) and 22% people
use free-open-source OS Linux. For mobile phone people
mostly use Android phone 80%, also a significant number was
found for iOS as well as some other varieties. People use
mostly free antivirus which is a major security flaw. Also
people use paid antivirus, firewall, authentication, encryption
and others. In terms of cybersecurity practices, there are some
good security practices. 61% people always aware, 29%
people are sometimes aware and 10% people are never aware
about the legitimacy of a website. 74% people are always
aware, 21% people are sometimes aware and 4% people are
never aware about the danger when clicking on banners,
advertisements or pop-up screens that appear when surfing the
Internet. 76% people are always also very conscious about the
privacy settings on social media while 21% people are
somewhat and 4% people are never conscious. There are some
bad practices are followed by the people. 69% people are
always, 16% people are sometimes and 14% people are never
use personal information (e.g. last name, date of birth) for
passwords. 59% people are always, 29% people are sometimes
and 11% people are never use USB devices/pendrives in
multiple devices. The result indicates that there is an
immediate need to create awareness program to increase good
cybersecurity practices.
Fig. 1. Participants‟ opinion about future of cyber threat
790
2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC)
21 - 23 Dec 2017, Dhaka, Bangladesh
C. Analysis on Cybercrime Awareness
People are informed and updated about cybercrime by both
offline and online sources. Online sources are from internet
(63%), electronic media (57%), ISPs (27%), government
(33%). Offline sources include Newspapers and magazines
(72%), conferences and meetings (41%). 7% participants feel
that there is no need to keep them updated about cybercrime.
The participants have different opinions about cyber
awareness. The mainstream respondents (91%) acknowledge
that people must not disclose private information on the
internet. Also there is a strong feeling of the participants
(83%) that risk of cybercrime is increasing from the previous
years. (37%) participants feel that online personal information
is not secure enough. (83%) Participants agreed to accept
increased Internet surveillance from the government if it can
enhance Internet security. 65% participants feel that laws in
effect are effective in managing the cybercrime problem. This
is a primary matter and crucial discovery that should be put in
consider in instigating stakeholders to enhance security
awareness in Bangladesh.
77% participants have experienced and fallen victim of
phishing emails (such as asking for money/personal
information/bank account credentials). 71% participants
experienced identity theft (stealing and impersonating in
facebook/tweet accounts). 80% participants are infected by
malware. 78% participants encountered hatred and religious
extremism materials. 62% participants are encountered online
extortion (a demand for money to avert or stop extortion or to
avert scandal by spreading video/audio files, harassment).
79% participant are both concerned and worried about
accidentally encountering material that promotes hatred,
identity theft, pornography, security about internet banking,
religious extremism, human rights violation, privacy
infringement via online activities.
Most of the participants (over 50%) strongly believe that
the government, media and education system are main
responsible bodies to create cyber awareness program.
Participants further believe that user himself is also
responsible for cyber awareness. Participants have
expectations from the government. 60% participants expect
that government should impose stricter laws and punishments
for cybercrimes. 49% participants wanted the government to
work towards providing a global cybersecurity framework.
38% participants also prefer that the government should create
monitor organizations for combating with misuse of consumer
information.
D. Analysis on Incident Reporting
Around 40% of participants have been sufferer of cybercrime
from whom around 60% have reported. Participants mostly
reported to the police stations (around 80%). The rest of files
had been reported to the BDCERT (Bangladesh Computer
Emergency Response Team), BTRC (Bangladesh
Telecommunication Regulatory Commission) complaint
centre, BGD e-GOV CIRT. There are multiple reasons behind
the unreported reports (around 40%). The reasons include
participants did not know what the crime was (46%),
participants did not know who to write report (44%),
 2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC)
participants were afraid of impact afterwards (27%), [2]
participants did not know how to describe or write reports
(32%), participants feel it is waste of time (32%), I think that [3]
there is no value of reporting (32%), participants did not trust
the third party (17%), participants independently fixed the
problem without outsiders‟ interference (25%). From the study [4]
findings it can be realized that comparatively low number of
participants have faced cybercrime yet those who suffered
[5]
very few reported about the incidents. This indicates lack of
awareness, familiarity about these organizations and complaint
centers among the mass people and there are problems in the [6]
incident reporting process which indicates proper initiatives
are required by responsible organizations to create awareness.
[7]
E. Analysis on Correlation Studies
The analysis of the coefficient of the correlation reveals
[8]
that there exists positive correlation between all the
cybersecurity practice activities. The degree of correlation is
high between cyber awareness with concern followed by [9]
experienced cybercrime with concern and so on. It indicates
people with the cyber awareness are more concerned and
worried about ongoing cyber threat. The association indicates [10]
people who already suffered from cybercrime have higher
degree of concern and worriedness.
TABLE I. Correlation coefficient between cyber related activities [11]
[12]
[13]
[14]
Thus this study provided separate finding for each
combination which proves study findings are relevant and
reliable. Also Chi-Square test has given significant value
which also shows that survey respondents filled up the data
with care and time.
IV. CONCLUSION AND FUTURE WORK
Based on the survey results, this is obvious that measures
should be taken to escalate the cyber awareness level amongst
people of Bangladesh. If Bangladesh fails to combat with
cybercrime the goal and purpose of „Digital Bangladesh‟ will
also fail. Therefore, People‟s Republic of Bangladesh with the
help of all responsible bodies should take proper measures to
create effective cyber awareness amongst users. Therefore,
future research might consider developing a concrete model of
cyber awareness coupled with mobile technologies in this
country and analyze its usability, dynamicity, efficiency,
affordability and reliability.
V. REFERENCES
[1] H. Elkhannoubi and M. Belaissaoui, " Assess developing countries‟
cybersecurity capabilities through a Social Influence Strategy," 7th
International Conference on Sciences of Electronics, Technologies of
Information and Telecommunications (SETIT), 2016.
791
21 - 23 Dec 2017, Dhaka, Bangladesh
Internet Crime Report: [Online]. [Cited 2016 April 12]. Available from:
https://www.scmagazine.com/loss-from-cybercrime-exceeded-13b-in-
2016-fbi-report/article/671047/.
Largest Economy: [Online]. [Cited 2016 April 20]. Available from:
https://www.weforum.org/agenda/2017/03/worlds-biggest-economies-
in-2017/.
Global Cost of Cybercrime: [Online]. [Cited 2016 May 29]. Available
from: https://www.mcafee.com/ca/resources/reports/rp-economic-
impact-cybercrime2.pdf.
Bangladesh Internet Subscriber: [Online]. [Cited 2016 June 04].
Available from: http://www.btrc.gov.bd/content/internet-subscribers-
bangladesh-february-2017.
CBC news: [Online]. [Cited 2016 June 08]. Available from:
http://www.cbc.ca/news/world/bangladeshi-buddhists-attacked-over-
photo-of-burned-qur-an-1.1223650.
Inquirer Net Report: [Online]. [Cited 2016 August 14]. Available from:
http://newsinfo.inquirer.net/807690/ex-rcbc-branch-manager-free-on-
bail.
New York Post Report: [Online]. [Cited 2016 August 14]. Available
from: http://nypost.com/2016/03/22/congresswoman-wants-probe-of-
brazen-81m-theft-from-new-york-fed/.
The Straits Times Report: [Online]. [Cited 2016 August 14]. Available
from: http://www.straitstimes.com/business/dridex-malware-linked-to-
bangladesh-heist.
F. Alotaibi, S. Furelli, I. Stengeli and M. Papadakii, "A Survey of
Cyber-Security Awareness in Saudi Arabia", The 11th International
Conference for Internet Technology and Secured Transactions (ICITST-
2016), 2016.
Women workforce: [Cited 2016 August 20]. Available from:
http://www.thedailystar.net/frontpage/women-workforce-growing-fast-
155149.
Daily Star Report: [Cited 2016 August 22]. Available from:
http://www.thedailystar.net/business/students-drive-mobile-data-growth-
gp-study-179512.
Alexa Report: [Cited 2016 October 25]. Available from:
https://www.alexa.com/topsites/countries/BD.
Daily Star Report: [Cited 2016 October 25]. Available from:
http://www.pewinternet.org/2015/10/29/technology-device-ownership-
2015/.