Sri Lanka requires to expand much more effort on building overall human resource capacity to combat emerging cyber threats.
In Sri Lanka, to date there is a distinct lack of initiatives to address the domestic shortage of cyber security experts, as per the Information and Cyber Security Strategy of Sri Lanka 2019-2023 published by Sri Lanka CERT|CC.
In 2016, skill gap analysis from ISACA , an international professional association focused on IT governance, estimated a global shortage of 2 million cybersecurity professionals by 2019.
Over the past few years, Sri Lanka CERT|CC has experienced a rapid increase in the number of cybersecurity related incidents reported to it. Reported incidents rose from 71 to 222 from 2010 to 2017. The number of reported social media related incidents, have also increased exponentially. It has ballooned from 80 incidents in 2010 to 3685 incidents in 2017.
Currently, the number of cases on stealing customer data is on the rise. However, Sri Lanka lacks appropriate laws to protect customer data. We will, therefore, introduce a data privacy and protection law which governs the collection, use, and disclosure of citizens’ personal data by government and private sector organizations. Through this act, it is planned to ensure that all government organizations and private sector firms which maintain citizens’ data have adequate security controls in place and make them liable for privacy violations, the report stated.
In addition a data sharing policy for government organizations will be introduced.
Baseline Security Standards. In addition, Sri Lanka Standards Institute will develop baseline information and cyber security standards for information systems, hardware, and software applications.
“We will introduce Critical Infrastructure Protection Policy which will identify and declare infrastructure as critical infrastructure and provide measures necessary for protecting, safeguarding and increasing resilience of critical infrastructure. We will facilitate organizations to develop security policies based on the maturity of their information systems. The information security policy of each organization shall be developed aligning with international standards.
We will therefore aim to implement appropriate strategies to facilitate our workforce to gain and maintain knowledge, skills, experience and technological capabilities needed to effectively work in the cyber environment. We will advocate for inclusion of information and cyber security into the school curriculum with the aim of creating a talented pool of cyber security professionals in future. We will facilitate career guidance workshops at schools across the country to raise awareness of the emerging career opportunities in this domain, Students who are completing GCE/AL shall be the target group.” the report said.
The reported also noted that women are globally underrepresented in the cyber security profession, Globally it is at 11%, much lower than the representation of women in the overall workforce .Special attention will be given to creating an interest in cyber security among female school students as there is inadequate women participation in this domain.
In Asia Pacific region, women only represent 10% of the overall cyber security workforce.
Add new comment