Make cybersecurity topic of boardroom, says Central bank

• Asserts every organisation should implement preventive measures for cyber attacks
• Notes many organisations have lost focus on information security since focus is mainly on trying to cope up with surge in demand
• Need for collective approach at organisational, sectoral, national and international levels to fight cybercrimes emphasized 

As cyber threats have continued to mount during the pandemic due to alternative work arrangements, cybersecurity should be made a topic of the boardroom and given extra attention, the Central Bank of Sri Lanka (CBSL) said.

“While going through the second wave of the pandemic and with concerns of a possible third wave, every organisation should implement preventive measures for cyber-attacks while strengthening cyber-attack detection, response and recovery capabilities, the CBSL asserted.

With the sudden increase in demand for WFH arrangements, remote access and other needs, many organisations have lost focus on information security amidst trying to cope up with the surge in demand.

The CBSL asserted that when information security professionals also work from home, focus is diverted towards new and upcoming challenges that general work related to cybersecurity go unattended paving way for circumstances that provide a good opportunity for the cyber-attackers.Common areas that get overlooked are; system updates, patch management, log monitoring, and forensic investigation of security 
incidents.

 Calling on every individual and management to protect themselves and their workplaces from cybercrimes in today’s connected world, the financial sector regulator stated that a collective approach is required at organisational, sectoral, national and international levels to fight against cybercrimes and build a safer world for the present and future generations.

The need for improving user awareness was highlighted as it is always the users who create system vulnerabilities that pave way for the entry of cyber criminals to enter into organisational systems.

“The demarcation between official and personal tasks seems to have disintegrated as observed in the use of personal devices for official work and vice versa. Hence, this too, is a risk to cybersecurity if such devices are not maintained properly with the required security features,” the report pointed out.

During the initial lockdown, in May 2020, a series of cyber attacks were launched on at least five national websites with the top-level domains of .gov and .com. Attacks were also launched on a leading local news website of Sri Lanka, the website of the Chinese Embassy operating in Sri Lanka, and the website of Cabinet Office.