16-05-2025
Pakistan's financial regulator alerts firms to cyber risks after conflict with India
KARACHI: The Securities and Exchange Commission of Pakistan (SECP) on Friday cautioned local companies about heightened cybersecurity risks, days after a brief but intense conflict with India that, for the first time, saw both nations engage in cyber warfare alongside traditional military exchanges.
The recent hostilities, which included missile and artillery fire, also featured the deployment of drones and coordinated cyberattacks, an unprecedented escalation in the long-standing rivalry between the two nuclear-armed neighbors.
A ceasefire was brokered and announced on May 10, though the digital threat persists.
'The Securities and Exchange Commission of Pakistan (SECP) has issued an advisory to all the companies, in light of the recent geopolitical situation and resultant heightened cybersecurity threat alerts, urging companies to adopt cybersecurity best practices,' the regulator said in a statement.
The advisory outlined potential risks such as operational disruptions, data loss and reputational damage, recommending measures including stricter access controls, vulnerability assessments, incident response planning and user awareness training.
During the conflict with India, Pakistan's economic affairs ministry and the Karachi Port Trust (KPT) reported that their official X accounts had been compromised.
The KPT account briefly posted claims of significant damage from an Indian naval strike before the post was deleted and the agency stated its account had been hacked.
Pakistani officials also acknowledged launching retaliatory cyber operations targeting Indian government and financial websites.
Indian authorities reported over 1.5 million attempted cyber intrusions during the conflict, primarily attributed to Pakistan-based hacker groups.
The SECP's advisory highlighted the ongoing digital risks in the aftermath of the ceasefire, urging companies to bolster their cybersecurity defenses to protect critical infrastructure and sensitive data.
