The advent of the digital age has ushered in a multitude of opportunities alongside significant challenges for Pakistan. The nation is witnessing an unprecedented growth in its internet user base. Internet connectivity has played a crucial role in revitalizing Pakistan’s digital economy. The rapid expansion of digital infrastructure and online activity has also exposed Pakistan to a host of serious cybersecurity threats. Recent incidents have demonstrated that the costs associated with these attacks, whether through financial losses, reputational damage or recovery expenses, are on the rise. This alarming trend underscores a pressing need for the implementation of robust cybersecurity measures.
The digital media landscape in Pakistan is experiencing rapid growth and expansion. Currently, the total number of internet users in Pakistan is 111 million. As of now, there are approximately 71.7 million social media users in the country and the number is on an upward trajectory. The popularity of Social Media platforms illustrates this growing engagement, highlighting a shift in societal interactions and media consumption. Among the various messaging applications, WhatsApp has gained substantial traction and now boasts around 52.3 million users across Pakistan.
Pakistan currently operates seven landing cables. The combined bandwidth capacity provided by these cables stands at 20 terabits per second (TBPS). The Gateway cable contributes with a capacity of 8 TBPS. However, the faulty, SMW-4 cable, led to a significant reduction in bandwidth capabilities, amounting to a loss of 1.5 terabits per second (TBPS). This disruption in critical underwater infrastructure severely impacted internet connectivity across various regions of the country.
Pakistan’s digital infrastructure is heavily dependent on content delivery networks (CDNs) that operate across 38 major cities. These CDNs facilitate efficient distribution of online content, ensuring that users can access websites and applications with minimal delay. In periods of heightened national significance, there is a marked increase in online activity. This surge in traffic can lead to overwhelming demand on the existing network infrastructure, causing what is commonly referred to as internet choking. Moreover, the rise in virtual private network (VPN) usage has introduced additional complexities to the current internet traffic landscape. While VPNs provide security and privacy for users, the encryption processes and longer routing paths inherently slows down connection speeds. This slowdown occurred at a time when internet speeds had already been compromised due to a submarine cable fault. The increased load on gateway internet traffic created by VPN usage led to a further decline in overall internet performance.
Compounding these challenges, a Distributed Denial of Service (DDoS) attack launched on August 15 from India further strained internet traffic. The timing of this incident, amidst existing bandwidth limitations, made the situation even more critical. Besides this in the past two years (2023 and 2024), Pakistan faced an alarming 34 million cyber-attacks, highlighting the severity of the cybersecurity crisis. The cyber security challenges in Pakistan mirror those found in other regions, including hacking, identity theft, cyberbullying, and cyberstalking. Additionally, issues such as spoofing, financial fraud, digital piracy, and attacks from viruses and worms are prevalent.
There are also significant concerns related to malicious software, breaches of intellectual property rights, money laundering, denial of service attacks, electronic terrorism, and vandalism. Notably, spyware attacks surged by 300 percent in the first quarter of 2024 alone. These attacks were not limited to any single sector but had affected various domains. The public sector saw a 22.9 percent increase in attacks, IT companies 15.4 percent, and the financial and industrial sectors had also been targeted, with increases of 14.9 percent and 11.8 percent, respectively. Alarmingly, human actions accounted for 25 percent of these incidents, indicating significant vulnerabilities in cybersecurity practices.
Cybersecurity is a critical concern for Pakistan’s businesses, individuals, and government. The current measures are insufficient to cope with the escalating threat of cyber-attacks, which pose significant financial and reputational risks. By implementing the proposed reforms and strengthening cybersecurity infrastructure, Pakistan can build a safer digital environment and support its growing digital economy.
The impact of cyber-attacks extends beyond businesses and government institutions. The Cyber Harassment Helpline Report 2023 from the Digital Rights Foundation recorded 2,473 complaints, averaging 206 per month. The situation is further exacerbated by rising concerns about online safety for children, with 1630 cases of child abuse reported in just six months, involving 962 girls and 668 boys. Such figures highlight the broader societal impact of inadequate cybersecurity measures.
Despite these challenges, there are opportunities for improvement. The government is taking steps to enhance its cybersecurity framework. Plans are underway to upgrade the web management system to better address cybersecurity threats and manage internet content. This includes blocking unauthorized applications and websites. However, these measures have faced criticism for causing internet slowdowns and economic losses. The installation of a firewall has been wrongly blamed for the decline in internet performance. Whereas reasons mentioned before substantiate that the slowdown in internet traffic is not directly connected to the firewall’s implementation. It is crucial to understand that the firewall is not merely a tool for regulation but a necessary deployment aimed at fortifying the digital frontiers of Pakistan which falls within the legitimate rights of any sovereign state.
Another significant challenge is the lack of strong cybersecurity laws and regulations in Pakistan. The Prevention of Electronic Crimes Act (PECA) Amendment Bill 2024 aims to address this gap by creating a Digital Rights Protection Authority (DRPA). This new authority will replace the existing PECA 2016 and oversee social media platforms. The recently established National Cyber Crime Investigation and Agency (NCCIA) will operate under the DRPA, taking over cybercrime responsibilities from the Federal Investigation Agency (FIA). The NCCIA will focus on tackling cybercrimes and enforcing new regulations once the DRPA is officially enacted.
Cybersecurity is a critical concern for Pakistan’s businesses, individuals, and government. The current measures are insufficient to cope with the escalating threat of cyber-attacks, which pose significant financial and reputational risks. By implementing the proposed reforms and strengthening cybersecurity infrastructure, Pakistan can build a safer digital environment and support its growing digital economy. The road ahead involves not just upgrading technology and legal frameworks but also fostering a culture of cybersecurity awareness among users and institutions.