News
Most Lankans sleepwalking into cyber-attacks ignoring the obvious
By Rathindra Kuruwita
A large number of Sri Lanka’s small and medium scale enterprises (SME) faced regular cyber-attacks but there was minimal societal attention given to the threat, Cyber Security Advisor, Asela Waidyalankara said on Wednesday, addressing a webinar organised by the Centre for Journalism and Education on cyber security and Sri Lankan media.
Waidyalankara said that the media had an important role to play in educating the people and keeping the policy makers alert to the threats posed by cyber security breaches to individuals and to the nation.
“There are many cyber attacks, especially on SMEs and government institutions. SMEs are in danger because they do not have the capital to invest in new technology. On the other hand, diaspora groups attack government websites targeting Independence Day and Victory Day. There is some media hype when these attacks happen but we soon forget this and each year, as scheduled these attacks happen and we are caught off guard,” he said.
Sri Lanka was behind many countries on cyber security alertness and the Computer Crimes Act, the only existing law on cybercrimes was outdated and was not effective in dealing with new threats posed, Waidyalankara added.
Meanwhile, science writer Nalaka Gunawardene said that close to half the population was now using the Internet and that it was a rapid increase from 2015. The trend was exacerbated since COVID-19 and Sri Lanka should bolster internet security as digitalization increased.
“People are going digital. Public, private and media institutions are going digital. There are a lot of web-only media. If we look at media, the main focus is getting more hits and search engine optimisation to achieve this goal. However, little has been done to assure the safety of the digital assets. There has been little staff training and smaller media organisations hardly take any cyber security precautions,” he said.
Gunawardene said that between 2018 and 2019 an audit was conducted on the digital security awareness of Sri Lankan journalists, in Colombo and at the provincial level. During the research it was found that most journalists did not follow the most basic digital security protocols. That posed a great threat to their personal safety as well as the company’s, he said.
“Most journalists share their Google, Facebook or computer passwords with others. We have looked at small digital media offices and everyone in the office knows each other’s Gmail passwords. Email and Wi-Fi password are on a white board that can be seen by anyone that comes to the office. This is not something only some journalists do. A lot of people think it’s okay to share digital passwords with friends. But what happens if the friendship ends? There are many cases of angry people hijacking their former friend’s accounts. This is seen among couples too. They share Facebook and Google passwords and when they break up, there are many unpleasant experiences,” he said.
Manik Gunawardana, founder of Media Horizon Company that provides firewalls to many digital media organisations said that each year Sri Lanka Computer Emergency Readiness Team (SLCERT) received hundreds of complaints from the above mentioned categories. “SLCERT’s mission is national and it’s there to react to attacks and by proactively strengthening defences against potential attacks. However, as complaints lodged by individuals who are facing digital security threats by former friends and lovers skyrocket, SLCERT has to allocate some of its limited resources into solving those”, Manik Gunawardana said.
Waidyalankara also says that there has been a 300% increase in Facebook related complaints received by SLCERT in the last few years. He adds that he is surprised that a lot of young couples share their personal as well as official passwords with their lovers.
“There have been many occasions where people share their company passwords with their boyfriend or girlfriend and when they break up, often the other party uses these passwords to cause trouble. I have seen this when I have been hired to look at various cyber security breaches. When I investigate the issue, I find that these attacks are not done by hackers but by angry exes. I would like to advise people to think of your digital passwords as your toothbrush. Don’t share them and change them periodically,” he said.
The panelists agreed that a lot of Sri Lankans pay very little attention to following basic cyber security protocols. Often employees think cyber security is the sole purview of the IT Department. However, as an increasing number of people are working from home, time has come for everyone to learn about cyber security.
Nalaka Gunawardene said that people did not need to study computer science for their university degrees to learn about and use effectively digital safety. “It’s like driving. You may not be a mechanic but you are expected to know the basics. You know how to read your dashboard. You don’t go to the mechanic when petrol or diesel runs out. This is the same with cyber security,” he said.
Waidyalankara also said that with COVID-19, millions of children were now using smart devices and the internet. However, no one had taught them about the basic security steps needed to protect themselves online.
“In developed countries there are books for children to teach them about cyber security because they understand the threats children face. However, in Sri Lanka we hardly pay attention to this. In the future the biggest threats faced by our children will be digital. We have to prepare them to face these threats,” he said.