Menu Close

Are we still paying enough attention to security?

It should come as no surprise that cybersecurity risks have surged during the past couple of months. Given that many continue to work from home, the internet has also witnessed a steep uptick in traffic in recent times. This in turn leaves many, if not all, at risk as our digital lives consume the bulk of our time.

Even in Sri Lanka organizations like the Sri Lanka Computer Emergency Readiness Team (SLCERT) has been actively issuing warnings.  SLCERT issued 16 warnings, 14 at high risk level, within the past 2 months alone. Whether you are tech savvy or not, it is vital that these warnings are taken into serious consideration. This leads to one of cybersecurity’s biggest challenges. We still do not give enough priority to the subject.

A surge of attacks

Before COVID-19 there were as much as 480 new threats every minute. Hiscox reported that cyberattacks cost companies around $200,000 on average. As a result, 60% of the victims go out of business following such an incident. The pandemic has only accelerated the numbers.

The situation might not be so dire in Sri Lanka. But that does not mean we are immune. Far from it. About a month back, MAS Holdings fell victim to the Nefilim ransomware. The hackers claimed to have stolen 300GB worth private data from the company. MAS has refrained from commenting on the matter.

Following COVID-19, there has been an uptick in security compromises.
Following COVID-19, there has been an uptick in ransomware attacks

A more recent incident saw the REvil ransomware target Sri Lanka Telecom (SLT). However, SLT states that “there is no risk to any services offered to our (SLT) customers and also there is no risk to the customer information.”

But the issues extend far beyond the corporate environment. Individuals are a key part of solving the cybersecurity puzzle. In fact, human error remains one of the biggest attributes to security breakdowns. Simply put, how many of us follow basic security protocols? The fact that banks in Sri Lanka had to officially notify customers not to share their OTPs puts things into context.

Minimizing human error

There are many reasons for the lack of attention towards cybersecurity. Among them includes the convenience factor. People are willing to achieve convenience at the expense of security. Still, that does not mean we cannot do better in our personal capacity.   

So, how can one mitigate security threats from an individual level? Some of this comes down to simple tasks. For starters, its unwise to use the same password for multiple accounts. Best way to go about it is to use different strong passwords to each online account you maintain. Here, a strong password usually refers to one that includes a combination of uppercase letters, lowercase letters, numbers, special characters, etc. Remembering such passwords for all your accounts is difficult. Thereby, a password manager like LastPass would help.

Zoom still has security vulnerabilities
British Prime Minister Boris Johnson conducts a Zoom meeting

The current pandemic has pushed the average person to adopt more digital tools. Each of these tools pose their own security vulnerabilities. For example, video conferencing software Zoom has already raised one too many red flags. Thereby, it’s important that tools and software you use are often kept up to date. If not, consequences can be catastrophic.

When it comes to emails, you should always verify sender details as well as the content. Most email clients like Gmail will block spams and potentially harmful emails. But there are still ones that creep through to gullible people. Particularly during a pandemic.

But perhaps the most important and obvious of them all, do not share sensitive information anywhere under any circumstance. There is a reason why scam messages and emails are still common.

Corporates, government, and the need for cybersecurity-savviness  

When it comes to the corporate side of things, companies need to be more proactively engaged. Ideally, every company should have a security policy in place. Employees need to be trained in cybersecurity while working remotely. VPNs should be used when accessing company networks. The list goes on.  

SL President Gotabhaya Rajapakse addressing a gathering about the eNIC program
As the Sri Lankan government continues to push for digital, security needs to play a pivotal role (Image credits: Gotabhaya Rajapakse Official Facebook page)

But where does the government fall into the picture? The government plays a pivotal role in prioritising cybersecurity. The fact that there have been more digital initiatives in the works raises the concern even higher. Most notably, the recent eNIC initiative is already leaving a few unanswered questions on the security front.  

Thereby, from a government standpoint, this starts from simple measures such as securing government digital properties. The President’s own website was hacked just a few years ago, by a schoolboy. Recently, a group calling itself “Tamil Eelam Cyber Force” defaced several websites including government website “Office of The Cabinet of Ministers – Sri Lanka” and “Sri Lanka Bureau of Foreign Employment”.

The Sri Lankan government’s cybersecurity shortcomings have been a talking point for years. But on the bright side, there’s a Sri Lanka Data Protection act currently underway. This legislation aims to define “measures to protect personal data of individuals held by banks, telecom operators, hospitals, and other personal data aggregating and processing entities.”  The bill is yet to be passed but at least it is a step in the right direction.

In the end, all of us are responsible in creating a more digitally secure environment around us. The government, corporates, and we as individuals have all roles to play. Globally, cybersecurity costs are expected to be as high as $5.2 trillion in the next 5 years. That will only get worse if we continue to ignore the need for better cybersecurity standards.

%d bloggers like this: