Sri Lanka will not be spared from cyber attacks which will increase over the years if steps are not taken to enhance awareness and invest in education and precautionary measures to ensure security, cyber security experts said.
Experts said Sri Lanka was spared from the Ransomware attack recently due to the Vesak holidays as a large number of computers were switched off during that week-end.
“Sri Lanka was lucky enough to escape once which is not a reason to be complacent. There has a to be a national plan with adequate allocation of funds to combat cyber crime which could cause a colossal damage to institutions and individual computer users,” a cyber security expert said.
However, though there was no widespread attack from Ransomware. There has been one case reported from Colombo according to cyber security experts.
Computer Emergency Readiness Team (CERT) Principal Information Security Engineer Roshan Chandragupta said there was a case reported from an organisation in Colombo where it contained certain features of a ransomware attack.
“Having figured out the nature of the attack and whether it could propagate we have taken steps to ensure there would be no further attacks,” Chandragupta said.
CERT has requested computer users to have back up data in case there would be similar attacks the data would be protected.
“We are geared to prevent future attacks. However, internet users must be cautious about their data. Malware and Ransomware attack data but there could be those involving fraudulent activities such as requesting an initial bank payment to claim a lottery win,” Chandragupta said. He said in cases similar to Ransomeware even though payment is made there is no guarantee that one could get back his or her data. CICRA Holdings Director/CEO Boshan Dayaratne said Ransomware had been there for the last couple of years and added that the number of attacks will increase.
“Hackers are no more concerned about attacking servers but rather the ignorant end users who are not aware of cyber attacks. Apart from ransomware many yet do not know what are cyber attacks or hacking is. Therefore the first steps to battle the culprits is to increase awareness among end users,” Dayaratne said.
Cyber experts said education must start at grass root levels and from school curriculums for which there has to be a national plan and a concerted effort by the policy makers who need to encourage and facilitate programs with the support of the private sector.
“As private sector organization, CICRA has initiated many educational programs across the country and overseas to increase awareness on the need and ways to prevent cyber attacks which is on the rise world over,” Dayaratne said.
Cyber security experts said there are no short cuts to combating hacking and other forms of cyber attacks which has caused enormous damage to information security and loss of revenue world over.
‘Unless the government has a separate fund if not through the budget to combat the menace and ensure security to vital information the country is certainly to lose heavily in the coming months and years,” a cyber security expert said.
Ransomware which is the generic name for WannaCry hit around 150 countries mid this month. Global experts on cyber security have called on governments to take the recent attack as wake-up call.
It has been revealed that software vulnerabilities ignored by governments had caused the damage.
The hackers took control of the files of users s and demanded $300 in payment to restore access. Software experts said while many are working round the clock in the rest of the world, there is no seriousness in Sri Lanka to address the issue and take precautionary measures to avert such attacks in the future.
Global experts warn that the spread of the virus had slowed down but the respite might only be brief.
Estimates show that over 200,000 computers have been affected so far.
He added: “The governments of the world should treat this attack as a wake-up call.”
Dayaratne said among other preventive measures are to use licensed and not pirated software which is vulnerable to cyber attacks. End users need to also upgrade the systems constantly. Computer users should get rid of old versions.
“There is no solution to cyber attacks other than being aware of it and take measures to avoid attacks,” Dayaratne said.
“CICRA conducts a cyber security summit for the corporate sector each year and an ethical hackers forum with the facilitation from global experts in the cyber security sphere.
We will conduct a summit on cyber security for youth will be held for the first time on June 28 this year,” Dayaratne said.
No complaints have been made by any Sri Lankan as of now in connection with the global ransomware attack which had affected at least 99 countries including China, Russia, the US and the UK, the Computer Emergency Readiness Team (CERT) said.
CERT Chief Information Security Engineer Roshan Chandragupta said they were attempting to figure out how the attack was being spread. “Usually, ransomware is spread via emails but we don’t think this attack is spreading via emails. No definite technical report has been made so far to arrive at a conclusion,” he said.