Thursday Nov 21, 2024
Thursday, 26 October 2023 00:00 - - {{hitsCtrl.values.hits}}
By Hiyal Biyagamage
In a world that is rapidly embracing digitalisation, the recent Daily FT-CICRA Cyber Security Summit CEO Forum shed light on why cybersecurity is poised to become the new crisis of the modern world. In an era marked by the rapid advance of technology, the digital revolution has become an unstoppable force. From how people communicate and work to how individuals shop and entertain, people’s lives are increasingly reliant on digital systems and networks. The widespread adoption of smartphones, the Internet of Things (IoT), and the migration of essential services to online platforms have all played a pivotal role in this transformation.
The domino effect: Growing reliance on digital systems
Delivering the keynote address, Cybersecurity Evangelist and EC Council Master Trainer Belly Rachandianto said as people delve deeper into the digital age, they are entrusting more aspects of their lives to technology.
“Personal data, financial transactions, healthcare information, and even critical infrastructure, like power grids and transportation systems, now depend heavily on digital networks. These digital systems’ convenience and efficiency are undeniable, but they come at a cost: our growing vulnerability to cyber threats.”
“The inherent paradox in this digital age is that as our reliance on digital systems increases, so does our exposure to cyber threats. Malicious actors, ranging from state-sponsored hackers to cybercriminal organisations, continually evolve tactics to exploit vulnerabilities in our digital lives. Cyberattacks can range from data breaches and ransomware attacks to the compromise of critical infrastructure, and the consequences can be devastating, both on an individual and societal level,” said Rachandianto.
Cybersecurity will be the next crisis
The convergence of these factors has set the stage for cybersecurity to become the new crisis that the world must grapple with, Rachandianto emphasised. Cyber threats pose risks not only to personal data and financial assets but also to the very fabric of the interconnected society. The potential fallout from large-scale cyberattacks on essential infrastructure, such as power grids or financial systems, can disrupt entire nations and compromise national security.
“The call to action is clear. Business leaders, governments, and individuals must prioritise cybersecurity as essential to our digital lives. Investment in robust cybersecurity measures, education on digital hygiene, and international cooperation are all crucial steps to mitigate this impending crisis. Failure to do so could leave us vulnerable to a new form of warfare and chaos in the digital age.”
“The time for action is now. The world is becoming increasingly digitalised, and our dependence on digital systems is growing. This, in turn, is making us more vulnerable to cyberattacks. If we fail to address this, we risk falling prey to a new form of crisis that can be just as destructive as any traditional threat. Let us take the responsibility today to secure our digital future and safeguard against the cybersecurity crisis that is knocking at our digital door,” said Rachandianto in conclusion.
Insights from top panellists
Rachandianto’s keynote address was followed by an insightful panel discussion where several top cybersecurity experts from the region shared their views on what causes the cyber pandemic, the role of CEOs in an evolving world of cyber threats and the importance of cyber awareness.
Google Cloud Security Regional Lead Anubhav Wahie said the cyber pandemic is becoming the perfect storm. He also said that it is compelling for organisations to realise how they define their postures within enterprises and how they have been running security operations if organisations still want to look at digital transformation.
“We must understand how this cyber pandemic is becoming the perfect storm. For example, ransomware attacks are becoming a common issue for organisations. E-crime actors drive those. But there is something called the nation-state pivot, where nation-state actors bring down State infrastructure and focus on nation-state attacks. They are also interested in bringing down enterprises. We need to up our game and improve our security operations to handle those sophisticated attacks. Additionally, we need to accept that there is a whole data deluge and work towards it. With digital transformation, you will generate more data.”
“Detection has always been an issue. You may go back to the world of security and look back at all the security controls you have; ask yourself how efficient you have been with your detection capabilities. Are you generating false positives? The answer is yes. Has it drastically changed? No. Imagine how this problem gets amplified when you are now looking at a data deluge in your organisation with so much data coming in. How will you scale and drive detections in that large data sphere created? It would be best if you had better analytics and better capabilities to scale with more data and syphon out those meaningful threats,” said Wahie.
Regarding the importance of cybersecurity discussions at the board level, Visa India and South Asia Risk Services Head Vipin Suralia said, “More than ever, cybersecurity discussions at the board level are imperative for CEOs. First and foremost, it’s a matter of risk management. In today’s digital landscape, cyber threats pose significant risks to an organisation’s operations, finances, and reputation. Board-level conversations comprehensively understand these risks, their potential impact, and mitigation strategies. These discussions also address the financial implications, ensuring resources are allocated to safeguard the organisation and developing strategies to manage the financial fallout from a cyber-breach.”
Suralia said, “Furthermore, cybersecurity is integral to an organisation’s strategic goals, and board-level discussions guarantee alignment between security strategies and broader business objectives. Decisions regarding resource allocation and investments are critical for boards, and cybersecurity necessitates investments in technology, staff training, and risk mitigation measures. By discussing cybersecurity at this level, CEOs ensure adequate resources are directed towards protecting the organisation against evolving threats. Emphasising accountability is also crucial, as board-level discussions underscore the responsibility of all stakeholders to prioritise security and risk management. Moreover, these discussions promote transparency, enabling board members to provide oversight and ensure the organisation takes necessary steps to protect itself from evolving cyber threats effectively.”
PCI Security Standard Council South Asia and MEA Regional Director Nitin Bhatnagar said fostering cyber awareness within organisations and among employees is paramount in an ever-evolving landscape of cybersecurity threats. “Human-centric vulnerabilities make employees a critical target for cyberattacks, as they can inadvertently facilitate breaches. Cyber awareness programs play a vital role in mitigating this risk by empowering employees to recognise and respond to threats effectively. From phishing and social engineering to compliance and data protection, awareness training equips employees with the knowledge and skills to safeguard sensitive information and maintain legal compliance. Such training reduces the human factor’s susceptibility to cyber threats. It instils a culture of cybersecurity within the organisation, shifting it from reactive to proactive.”
“Cyber awareness is instrumental in crisis preparedness, insider threat mitigation, and adapting to new technologies, ensuring that employees are well-prepared to respond to incidents and leverage digital tools securely. By fostering a cybersecurity-conscious culture, organisations create a dynamic, cost-effective line of defence that prevents data breaches and financial losses and builds resilience in the face of an ever-changing threat landscape. Continuous learning and adaptability are essential in this digital age. Cyber awareness is the linchpin that empowers employees to protect the organisation’s digital assets, making it an indispensable element in modern cybersecurity strategies,” Bhatnagar said further.
During the panel discussion, CICRA Holdings Group Director/CEO Boshan Dayaratne said companies focusing solely on business continuity during the COVID-19 pandemic faced substantial challenges and risks without parallel attention to strengthening cybersecurity measures.
“Rapid transitions to remote work arrangements, while essential for maintaining operations, created new vulnerabilities as employees operated from less secure home environments. These exposed organisations to a surge in cyberattacks, with malicious actors capitalising on the increased attack surface. Phishing, ransomware incidents, and data breaches became more frequent, especially targeting remote workers who were often less versed in cybersecurity best practices.”
“The consequences of neglecting cybersecurity were significant. Data breaches, unplanned downtime, financial losses, and damage to an organisation’s reputation were among the outcomes. Companies grappled with the fallout of cyber incidents, often unprepared to respond effectively. Non-compliance with data protection and privacy regulations added financial penalties and legal complications. The lesson learned from this experience is that a holistic approach, encompassing business continuity and robust cybersecurity measures, is vital to navigate the challenges an evolving digital landscape presents, especially during extraordinary events like a pandemic,” opined Dayaratne.
The CEOs Cyber Security Forum was followed by a full-day summit which focussed on three critical areas: Payment Card Industry Data Protection, Cloud Security, and Zero Trust. Strategic partners of the summit were Visa and Huawei. Official Payment Network was LankaPay, Official finance company partner was People’s Leasing and Finance PLC, Knowledge partners were PCI Security Standards Council and ISC2 Chapter Sri Lanka, Creative Partner was Mullenlowe and Hospitality partner was Cinnamon Grand.
Pix by Upul Abayasekara
and Ruwan Walpola