By Kurulu Koojana Kariyakarawana
Since 2019 to-date Sri Lanka experienced a series of cyber attacks on leading and top level State and private business establishments including media houses. The hackers who launched ransomware, malware, viruses and spyware attacks proved only one thing, that cyber security is not anymore a secondary security feature in an organisation but something, which should be seriously taken into consideration. 

When everything turning into an online-based ‘work from home’ or ‘order from home’ necessity owing to a worldwide pandemic, cyber security has become a critical component today. 
Cyber security expert and Board Member of CREST, Associate Professor Daminda Senewirathne of the Sydney Macquarie University, who visited Sri Lanka recently in an exclusive interview told the Mirror Business, how public and private sector institutions should rethink their approach towards cyber security. 

“As the pandemic is not over yet, people are reluctant to be at offices, thus creating a hybrid workforce is a new norm for most organisations. Conditions are forcing us to embrace the remote working conditions and rely on the internet more than ever. 

During my visit to Sri Lanka, I realised that digital adoption is very much faster than in Australia, where I live. Most organisations are building E-commerce platforms to support the demand, and ‘Telcos’ are trying to develop the infrastructure to cater for internet usage. Digital transformation is already heading towards industry 4.0, and cybercriminals are also highly active in the island nation,” Senewirathne said. 

Asst. Prof. Senewirathne who is also serving as Board member of the home-grown Cyber Security Companies Safeculcha (Pvt) Ltd., said Sri Lanka is a high target for many ransomware attacks and the threat cannot be underestimated. The recent attacks on local websites which were published in main stream media are evidence that attackers are actively exploiting opportunities in Sri Lanka.

Ransomware attacks impacted large organisations, where business operations have shut down over a long period. It was painful for the Technology Team. While the awareness is improving among the technology teams, Board and Executives have a lot to catch up on. 

“I have observed that most critical websites maintain with minimum level of securities in public and private sector organisations attracting even non sophisticated attackers. Organisations must bring the Cyber Risk Management as an agenda for the Board level conversation as it requires highest level of priority to mitigate the risk exists today. 

A cyber attack can cause organisation a significant loss in terms of revenue and business continuity and recovery is very costly and cumbersome. Therefore, cyber risk must be mitigated proactively not treat as afterthought, he said.

Also, maintaining Security Framework such as ISO27001 and developing governance forums where organisation’s executives take accountability for cyber risk mitigation will deliver value to the business to gain trust from the customers. 

Sri Lanka is well-positioned to bring cybersecurity outsourcing work to meet the demand of other parts of the world with the talent growing here. They certainly can compete with other outsourcing markets in Philippines and India on quality and cost,” he further said.

Chief Operations Officer of Safeculcha (Pvt) Ltd. Manjula  Wimaladasa told the Mirror Business the company aim is to educate senior level officials in any business sector to consider cyber resilience in higher priority level. 

“We are partnered with Baidam Solutions in Brisbane, Australia which is an indigenous company. Our intention is to provide global experience to our employees. In addition, we are the sole reseller for “Evolve by Threat Intelligence” products in Myanmar, Bangladesh, Malaysia and Sri Lanka.

Primarily our intention is to provide unique services and new experience to our customers by consistently educating them. “Zero Cyber Harm” culture will help you to boost your business in many ways,” Wimaladasa said.