General public should be cautious of cyber-attacks | Daily News


General public should be cautious of cyber-attacks

With the lockdown of the entire world against the COVID 19 outbreak for nearly six months, all sectors of a country experienced a major turning point. Almost all the sectors had to embrace technology to carry out the daily tasks.

However despite this pandemic situation, another group of people became more enthusiastic to gain monetary benefits and other with the misuse of technology. This was quite evident from the significant rise in cyber-attacks all over the world and Sri Lanka too experienced a few.

Speaking to the Daily News Finance, Associate Information Security Engineer, Sri Lanka CERT|CC (Computer Emergency Readiness Team |Coordination Center), Ravindu Meegasmulla said that it is vital for the general public to be aware of cyber-attacks and be cautious about the technological domain they are working with.

Q.Why is cybersecurity important to a developing country like Sri Lanka?

The main idea behind the importance of cyber security is to protect information available on the internet. Some of the information are sensitive and critical. If we as a country do not protect such information anyone with criminal mind can get hold of this information and use it for their own needs.

In 2006, with the project ‘eSriLanka Electronic Government’ initiative, most of the government organizations and departments were computerized and connected via networks enabling online services to the public such as the renewing of revenue license online. When these services were enabled, in order to secure information related to citizens the Sri Lanka CERT|CC was initiated.  So it is vital to have proper laws and government agencies to protect cyberspace in Sri Lanka.

Q.In your point of view does Sri Lanka suffer a lot of cyber-attacks?

Cybercriminals are always trying to attack websites, networks, organizations and Sri Lanka is not an exception. Daily we see these types of attacks but most of the time these attacks are not targeted attacks. What the cybercriminals do is they will scan all vulnerable websites and they will mount attacks on them and chances are there that some of these websites belongs to Sri Lanka.  Specifically, there is one incident as Sri Lanka CERT|CC very keen on which happened on May 18 which is only a web defacement and investigations are in the process to identify the perpetrators. We are expecting it and it has been there for the last couple of years and we have taken the necessary actions towards it.

We undertake the following steps to safeguard websites from such attacks.

I. Regular checking of and .lk websites,     

II. Monitor and take necessary actions against identified vulnerable websites through a task force created with the inclusion of Sri Lanka CERT, Air force and Internet Service Providers.

Q.What are the reasons for these attacks? Is it ignorance of public or poor network security maintenance within organizations?

Some of the reasons why cybercriminals do these attacks are for financial gain, send messages to the government or public based on hatred or other political reasons (hacktivists) and to tarnish the reputation of an organization or an individual.

And most of the time when deeper investigations are carried on into the incidents we have identified that, some of the websites that were developed and launched to the internet have vulnerabilities and such web site owners have not taken any actions to resolve the problems. Furthermore, the unawareness among website owners that there are vulnerabilities in their websites, not conducting any type of security assessments on some websites, not applying security patches released by vendors, use of default or weak passwords for administration login portals or Content Management Systems (CMS), lack of awareness among the employees, unavailability of technical expertise even to apply a security patch due to the lack of communication in between some of the government organizations and developers of the outsourced websites and lack of policies and rules also pave way for these attacks.

Q.Many organizations spend huge amounts of money to deploy various security systems and tools such as IDS, IPS, and SIEMS etc. Does spending a lot of money on network security of a company guarantees that it is beyond the reach of attackers?

No, a 100% security cannot be guaranteed in any scenario but there are steps that you can take to safeguard yourself from such attacks.  Main thing is to raise awareness among employees as they are the strongest asset in an organization but the weakest when it comes to cyber security. Not many of the issues can be addressed technically therefore any organization should implement policies and regulation for instance Data retention policies, Data backup policies, BYOD (Bring Your Own Device). Having a proper data retention policy would address issues like Dumpster Diving which means harvesting of information by people from dumped documents, CDs, DVDs from organizations.

Q.How can an organization state or non-state deploy proper security measures?

Here are some of the security measures that should be conducted by an organization:

I. Any person or organization should conduct website security assessment before launching the website to the internet. There are government and private organizations which provide such services and Sri Lanka CERT|CC is also one of the government organization providing this service.

II. After doing such assessment, the individual or the organization must remediate the issues identified in the security assessment report.

III. Maintain a contact point with the developer of the systems used within the organization.

IV. Have in-house technical expertise to implement security updates, data backups, etc.

V. Raise awareness among employees through workshops, training programs and seminars.

VI. Monitor your internal infrastructure network.

VII. Monitor your firewall logs, VPN logs and others.

VIII. Implement relevant policies and regulations to address cyber security issues.

Q.Some businesses mainly small scale ones access third party support in securing their networks. Is it a good practice? If so what are the features that a proper third party organization should have?

Surely it is a good practice as long as the third party organization is trustworthy and a registered organization. It is important to sign a Non-Disclosure Agreement (NDA) and a Memorandum of Understanding (MoU) with the third party organization to safeguard yourself. However it is not possible to make an organization 100% secure from cyber-threats, hence raising awareness among employees, maintain basic and good cyber hygiene such as updating virus guard, operating systems and third party software, maintaining strong password authentication schemes (Minimum of 10 characters including uppercase, lowercase letters, numbers and special characters), avoid downloading email attachments from suspicious parties, avoid downloading movies and software using torrents needs to be followed. However there are more that can be done to protect your network.

Q.Do you see Cybersecurity as an opportunity for local students for their career path in Sri Lanka? For roles like pen testers, digital forensic investigators, cyber security analysts etc.

Yes, if I take 6 years back there had been very less chances but now this is a high demanding area. Lots of private and government organizations are available in the country and most of the educational institutions provide internship programs where students can join with organizations and get hands-on industry experiences. So yes there are career paths in Sri Lanka for this domain.

Q.How do you think as the Sri Lanka CERT|CC, the public should be made aware of cyber-attacks?

As Sri Lanka CERT|CC we have a cybersecurity month where lots of activities related to cybersecurity are done and anybody willing to participate can join with us. This is regularly updated in our website and official Facebook page.

The general public can also subscribe to our alert services where they can get email notifications related to cyber security.  Sri Lanka CERT provides that facility and we have distributed over 15 alerts to the public during the COVID 19 lockdown period.

Awareness sessions are conducted to the public and also we participate in most of the technical exhibitions. It is vital for the public to participate in these in order to safeguard yourself from cyber-attacks.

Also it is important for citizens to embrace technology and be aware of the technologies they are keen on using and keep in track via reading articles and news alerts related to that domain.

Visit Sri Lanka's Largest online shop. Over 125,000 unique categories such as Fresh Flowers, Cakes, Food, Jewllery, Childrens Toys and other Sri Lankan e-commerce categories. Low delivery cost to most cities here and free delivery in Colombo.

Add new comment