Cyberspace, whilst providing tremendous benefits, also present new risks, with no business being ‘too small’ to becoming vulnerable from hackers, leading to crime, terrorism, industrialespionage and warfare.
Therefore businesses today cannot afford to be blissfully ignorant of this changing environment. The new risks and threats are real, making cyber security necessary as it is no longer a clear-cut technical issue but instead needs to be a strategic, political, and social phenomenon that must be examined with a scientific rigour .
This was the thought process behind the recent panel discussion held by ACCA ((the Association of Chartered Certified Accountants) for Sri Lanka’s leading business entities at the Kingsbury, addressing some of the key issues pertaining to this topic.
The key note speaker for this event was Sujit Christy, Director, Professional Services of Layers-7 Seguro Consultorίa Private Limited .
Sujit Christy is an experienced Governance, Risk and Compliance Professional who is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), certified in Risk and Information System Control (CRISC) and a certified IT Disaster Recovery Professional. He counts over 20 years of experience in Financial & Information System Auditing, ERP Implementation, Governance, Risk Management, and Compliance& Information Security Consulting. Sujit is a regular invited speaker in security conferences and seminars .Sujit is also a Board Member of (ISC)2 Colombo Chapter and Secretary of (ISC)2 Chennai Chapter
Citing examples of recent attacks Sujit, touched on the topics of how Mobile Apps can be the new frontier for Cybercrime. Explaining the threats affecting current mobile platforms he said that more consumers are shifting to smartphones, tablets and other similar devices, signifying it being a viable target for several cybercriminal attacks to infect these devices and gain unauthorized access to corporate network and data.
He also spoke about how the Internet of Things (IoT) is changing the Cybersecurity landscape and noted that IoT has led to a world where just about anything can be connected and communicated, with the world becoming one big information system . He said this means that more personal information and business data will exist in the cloud and be passed back and forth through thousands of devices that may have exploitable vulnerabilities.
He stated that one weak link in the security chain could provide hackers with nearly limitless doorways that could potentially be unlocked, leading them to data. He noted that privacy is a serious concern today not just in the IoT, but in all applications, devices or systems where we share information.
Sujit recommended organizations should therefore assume they are a target and have their systems and defences in place to prevent data loss and to also take steps to educate their employees on managing these functions. He said Cyber security is not a technology concern but rather a critical business issue and the current motto should be to “see everything, protect what matters and find risk before it finds you.”
The presentation was followed by a panel discussion on the same topic , participated by ParakumPathirana, President - ISACA Sri Lanka Chapter, Principal Consultant - LOLC Technologies , Buddhika De Alwis - Senior Manager - KPMG Cyber Security, Kumar Manthri - Assistant Manager – IS Audit SJMS Associates and Independent Correspondent Firm to Deloitte Touche Tohmatsu.
They discussed the importance of protecting networks of information and how crucial it was for organizations to have trained information professionals who are able to meet and counteract cyber security threats .They felt that Cyber risk should be at the top of the boardroom agenda and that there was a need to bring together government, academia, industry, business, trade bodies and users, to devise a secure cyber environment ,making the Internet a safe and trusted place to conduct business and communicate with both family and friends.