Compiled by Yamini Sequeira
BUSINESS SECURITY AT RISK
Suresh de Silva urges business houses to invest in data security and IT
Q: How do you view the level of data and IT security – in terms of both Sri Lanka’s public and private sector?
A: Sri Lanka’s level of IT security varies from one industry to another and between organisations as well. Many large enterprises have understood the importance of IT security and data protection – and therefore, they follow a clear implementation strategy.
However, there are companies that continue to implement basic security and data protection policies for mere compliance, which could be a result of budgetary constraints or simply due to not having the resources to set up and implement IT security and data protection policies.
We observe the emergence of the chief security officer’s (CSO) role in certain enterprises, which is a clear indication of the seriousness with which these organisations take IT security and data protection.
In the public sector, financial institutions and telecom companies are taking steps to ensure IT security and that data protection is implemented to the hilt.
The government’s proposed National Digital Policy and the Cyber Security Bill will help bring these institutes that work in silos under a single entity, which will reduce state expenditure and improve efficiency within the system – and ultimately help citizens.
Q: The work from home (WFH) directive has given rise to information security concerns for many businesses. How could this issue be addressed?
A: For organisations that had already implemented BYOD or WFH policies, it was a smooth transition. Others have found it to be a challenge.
Companies need to ensure that the devices and networks used by employees during WFH are secure. Some may use their own personal devices that might already be compromised.
Employees tend to take the secure IT environments of offices for granted. With WFH becoming part of the new working standard, it is time that employers conduct training for their teams on the dos and don’ts when connecting to office environments from home.
If companies do not have a proper IT policy, this is the time to formulate and implement one.
Q: There has been a rise in data breaches at the hands of hackers – can this be prevented and how real is the risk, in your assessment?
A: Cyber-attacks have increased in recent times. Phishing messages have surged by more than 600 percent over the past few months; malware and distributed denial-of-service (DDoS) attacks have affected certain government and private entities in the recent past.
But there are many organisations that are oblivious to the fact that their networks are compromised, and the data is deleted, modified or stolen over time without anyone’s knowledge. Companies need to adopt a proactive approach rather than a reactive one.
In the age of WFH, businesses have to ensure that they ramp up IT security in networks by setting up VPNs from reliable vendors, and upgrade devices that come with standard firewalls and antivirus protection to business efficient solutions.
Q: What are the new growth avenues that you foresee in the IT industry?
A: The IT industry is growing at a rapid pace with the emergence of many employment opportunities. Robotic process automation, cybersecurity, IOT, AI and big data analytics are the growth areas that I foresee.
Q: By when do you expect to witness a recovery in the industry?
A: The recovery has already begun. As with the economy, everyone did go into panic mode. During this period however, IT has been an enabler for many industries – increased digital banking, online education platforms and rising e-commerce are good examples.
Q: What are the main challenges or roadblocks for the IT industry in Sri Lanka even in the best of times (pre-COVID-19)?
A: One of the key obstacles is the lack of talented resources.
Smart city projects, the government’s initiative for a digital Sri Lanka and other digitisation projects that the private sector has in mind require a qualified IT workforce. Improved opportunities and employment prospects abroad have lured Sri Lankan talent to migrate, leaving us with a dearth in the IT industry.
Moreover, the rupee depreciation has posed a challenge. We rely on other countries for products and sometimes even services when it comes to large IT projects. The instability of the rupee does not help companies budget appropriately and more often than not, projects exceed their budgets.
In addition, ad hoc policy changes among government bodies also deter investment in long-term plans. While lauding the Information and Communication Technology Agency’s (ICTA) initiatives to transform Sri Lanka into a digital hub, the relevant authorities also need to embrace this process.
Q: And last but not least, what are the critical challenges of operating a business amid a pandemic – including the crucial aspect of staff well being?
A: It is challenging to run a successful business while striving to ensure the well being of employees.
Whereas pay cuts and layoffs have become a reality, finding ways to protect employees from these harsh realities – as well as redefining the business to meet these changes particularly weigh on my mind.