90% of cyberattacks due to poor IT hygiene, say Sri Lankan infosec experts – ET CISO
“Despite the efforts that the organizations are taking, the level of sophistication and the capabilities of the hackers are growing rapidly. To understand and protect the organization and its environment, the key thing is to understand the threat actors and the levels of sophistication and determination,” says, CISO, , Sri Lanka.
Therefore, the need for robust security is even more pressing than ever before, as the world becomes more connected than ever. This is particularly important looking at the consequences that may unfold due to cyber attacks, for example the Solar Winds Attack, during which a number of supply chain elements were compromised.
“Given the interconnected nature of the supply chain and the increasingly seamless digital commercial ecosystems, the managing supplier and third party risk has become a very important aspect because sometimes, the weakest link, in terms of cyber information security come in the form of your supply chain, as we have seen in the near past, whether it be solar winds or 4G, so supply chain can have a huge impact on your infomration security,” Sunari Dandeniya, CISO, Commercial Bank of Ceylon PLC, Sri Lanka.
Experts also duly emphasise on the importance of maintaining basic hygiene and say that taking the basic steps thwarts a majority of the attacks.
“If you take the typical scenario in an organization, more than 90% of the attacks are actually taking place due to poor IT hygiene,” adds Emmanuel.
In such a situation, the role of the chief information security officer (CISO) becomes crucial in managing the threat landscape and keeping the organization safe. The domain has come to acquire such an importance today that cybersecurity is being looked at as a key enabler of technology.
“Earlier, security leaders or CISOs were traditional guardians of technology. A CISO was supposed to come up with a security strategy and execute that strategy for multiple years to enact or fix some data breach problem. But, currently, the role has changed. Today, it is more about how as a security leader or a CISO enables business growth,” says Lakshan Gunawardhana, Head-Technology Risk, AIA Sri Lanka. He also adds that cybersecurity is fast emerging as a strategic advantage for businesses.
Understand the data to comply with privacy regulations
On the other hand, with the kicking in of stringent data privacy regulatory laws such as the General Data Protection Regulation (GDPR), noncompliance can cost companies millions of dollars in penalties if they don’t abide by the regulations. Data needs to be protected at all costs. However, the first step in that direction is to understand it.
“All of us, knowingly or unknowingly, process data in one way or the other, that’s the simple answer. But then you have categories of industries that have access. So, we need to ask ourselves some basic questions: Do we understand the data that we have in our position? Whether we are an individual or an organization? Do we have a good understanding of our data or the data that we have processed or the data that we have accessed?” says Shalini Ratwatte, Board Director, Sunshine Holdings and Chief Legal & Governance Officer, 99X Technology Ltd, Sri Lanka.