Like the rest of the world, cyber security risks are rapidly increasing in Bangladesh. According to the 2026 Active Adversary Report by cybersecurity company Sophos, most cyberattacks today occur by stealing users’ identities or login credentials.

The report, published on Monday (March 9), states that 67 percent of the incidents investigated last year by Sophos’ Incident Response and Managed Detection and Response teams were directly or indirectly linked to identity-based cyberattacks.

How Organizations Are Being Attacked

According to the report, attackers mainly exploit stolen passwords, weak security systems, and the absence of multi-factor authentication (MFA). By using legitimate user accounts, hackers can easily gain access to an organization’s network.

Sophos’ analysis shows that in about 59 percent of the incidents, multi-factor authentication was not enabled, making it much easier for attackers to enter systems using stolen credentials.

Why the Risk Is Higher in Bangladesh

Technology experts say that although digital services are expanding rapidly in Bangladesh, many organizations still do not invest enough in cybersecurity. The growing use of banking services, mobile financial services, e-commerce, and government digital platforms has also increased the risk of cyberattacks.

Hackers are often able to take over accounts by collecting personal information through phishing emails, fake websites, and social media platforms.

Active Ransomware Groups

The report also revealed that 51 different ransomware groups were active last year, including 24 newly emerged groups. Among the most active were:

• Akira (Gold Sahara)
• Killin (Gold Feather)

Other well-known groups such as LockBit, MedusaLocker, Phobos, and BitLocker have also been carrying out cyberattacks worldwide for several years.

Use of Artificial Intelligence

According to Sophos, artificial intelligence has not yet introduced entirely new attack techniques in cybercrime. However, generative AI is increasingly being used to make phishing messages and social engineering attacks more convincing.

Steps to Stay Secure

Cybersecurity experts suggest several measures to strengthen protection:

• Enable multi-factor authentication for all important accounts
• Avoid clicking on suspicious emails or links
• Regularly update software and systems
• Maintain 24/7 cybersecurity monitoring within organizations

Experts say Bangladesh is moving rapidly toward a digital economy, making it essential for both individuals and organizations to increase awareness and preparedness regarding cybersecurity. 💻🔐