The pandemic has led to the acceleration of the process of digital transformations and with that comes the risk of cyber-attacks.
In the current times, it is important for organisations to focus on the cybersecurity aspect of the organisation.
But the questions is how do you improve the cybersecurity of an organisation?
This was discussed in the panel discussion at W.Media’s Digital Week South Asia edition titled ‘Why the importance of Enterprise cybersecurity should never be misjudged in Sri Lanka’. Moderated by Sujit Christy, Board Member, Colombo Chapter & Group CISO, John Keells Holdings PLC, Sri Lanka. The panellists included Roshan Razik, Head of Technology Operations & Information Security, Pearson Lanka. Nirosh Ananda, Chief Information Security Engineer, Sri Lanka CERT. Sunari Dandeniya, CISO, Commerical Bank of Ceylon PLC.
Not many cases of cyber-attacks are reported.
“There has been an increase in the number of cyber-attacks on organisations. But there are still certain things which have to be fixed when it comes to cyber security”, Sunari Dandeniya.
She further pointed out that sometimes it gets difficult for organisations to get it right and spending more does not mean an increased protection.
Getting it correct is hard because it’s just not a technical problem and also the cyber security laws and practices are not yet developed to handle all the breach and attack. These in turn make things difficult.
Cyber security should not be misjudged as people tend to take certain things for granted. She gave an example of how we might have the protection for our systems in the office but do we have the same protection on our mobile phones.
Amongst the few things that organisations can do to prevent cyber-attacks organisations should decide as to what is the most important data that they want to protect and prioritise their assets and evaluate the kind of impact that a cyber-attack could possibly have on the organisation and accordingly take a risk based approach, added Dandeniya
She further pointed to the importance of building security solutions and it should be made a part of the process and not be kept for the last. It should be built in. Training and awareness is also an important factor of cybersecurity.
Why aren’t organisations taking cybersecurity seriously
In Sri Lanka alone there were more than 100 ransomware attacks during the pandemic.
“Cybersecurity earlier was not taken seriously as it is in the current times. The magnitude and the probability of the cyber-attacks has increased in recent times and the impact has also higher”, said Nirosh Ananda
He further added that people at times don’t take cybersecurity seriously because they think that a simple firewall will be enough to prevent the attack and monitor the possibilities.
Creating awareness amongst the employees is extremely important because in the current times when people are working from home from different areas. Awareness with regard to possible cyber threats would benefit the organisation at large.
Nirosh further added that times organisations only invest in cybersecurity only when they have experienced some sort of cyber-attack, otherwise many times organisations don’t think critically about the possible threats to the organisations.
Understanding what is critical to the business and accordingly building a cybersecurity plan. Every organization has different priorities and works accordingly.
“With organisations moving towards digital transformation from the last twelve to eighteen months and organisations adapting to the cloud. IoT devices are coming in people are working from home, we need to ensure that our cybersecurity platforms cover diverse aspects or possible threats”, said Razik
He further added that it is important for organisations to have a strong IT service management system and the ability to resolve the issues as soon as possible.
It is also important to invest in areas and people who are experts in advising the organisations with regards to the possible ways of preventing a threat. There should be more CISO’s for the number of technical people present on ground.
The adaptation of the cloud environment is accelerating the process of digital transformation and there is a constant need of delivering fast to the market and the business requirements are driving the fundamental changes in the organisations.
It is important for the organisations to give the priority to the cybersecurity aspect of an organisation.
“As security professionals we need to change and adopt a new mindset and build relationships with the internal stakeholders and find innovative ways to achieve security requirements without becoming a blockage for the organisations in delivering the objectives”, stated Roshan.