LMDtv 1
Cyber threats are increasing in sophistication and frequency; and they’re pushing individuals, organisations and nations to rethink their cybersecurity strategies, according to the Group ICT and Digital Director of Brandix Lanka Oshada Senanayake.
He explained on a recent edition of LMD’s fortnightly digital TV programme that “today, cybersecurity is at the top of the issues we face as a country.”
Senanayake noted: “As opposed to what people think, hackers aren’t heavily armed individuals who are stealing your credentials to intrude into systems; instead, it is simple things such as phishing emails that trick people into handing over their information to criminals.”
“Phishing has advanced to what’s referred to as ‘spear phishing,’ where you can target a person with his or her name and designation. For instance, it can be used to spoof a CFO and request team members to transfer certain funds. This is done by first penetrating the CFO’s accounts to check whether he or she is vulnerable,” Senanayake noted.
Even though data protection has become a necessity rather an option, “many organisations are unfortunately not placing sufficient emphasis on ensuring that they have the right infrastructure that ensures that data and the interests of their people are protected,” he averred.
Senanayake elaborated on how cyber threats have become a significant issue, “specifically post-pandemic where many aspects have been digitalised.”
“The concept of work from home is prevalent today; and the reality is that when you start accessing systems across many environments, your threat landscape increases.” he cautioned.
The increasing use of AI is making things better and worse, in terms of both cyberthreats and cybersecurity. As he explained, “artificial intelligence has enabled ransomware and the latest reports claim that it can run 36,000 system scans a minute. The positive side is that you can also use AI to mitigate cyber attacks.”
“You can’t use traditional systems against AI driven attacks. Efforts are moving away from building major firewalls around the organisation or having other security systems. Currently, it’s about how you can fortify your radar to anticipate attacks. The trend is moving from assuming breaches to predicting and taking action on potential breaches. You need to use AI against AI,” Senanayake elaborated.
There’s a swathe of new technology that organisations have to be cognisant of, he said: “We also have to make sure that artificial intelligence is adapted to ensure that AI driven attacks are mitigated.”
While data protection isn’t at the top of the list of priorities for most local SMEs for many reasons including resource limitations, he believes it doesn’t require much complexity. There are certain things that even a startup can do to protect itself by ensuring that basic discipline is enforced.
He cited an example: “Ensuring awareness on cybersecurity among your team members and the organisation is critical. For example, making sure that your employees are aware of phishing emails will prevent them from clicking to open them. Spreading awareness will sort out 80 percent of major issues.”
Senanayake noted that it’s not about having the best of technologies but implementing efficient social engineering: “People are at the centre of cybersecurity so awareness is key, whether you are a startup or an established business. It won’t take a lot of resources – as people imagine – to ensure awareness. All it requires is sharing knowledge and ensuring that basic governance principles are in place.”
Another aspect is access to quality technology, he said – and he explained that “if you move your company’s systems from a self-managed data centre or servers (as you call them) to the cloud, there are plenty of managed services that you can build on, and costs could be reduced as well.”
Data protection can be optimised effectively without overcomplicating it, Senanayake concluded.
