Saturday Jan 04, 2025
Saturday Jan 04, 2025
Thursday, 2 January 2025 02:35 - - {{hitsCtrl.values.hits}}
From left: Visa India and South Asia Head of Risk Service Vipin Surelia, Lanka Pay CEO Channa De Silva, Peoples Bank Chief Information Security Officer Lasantha Thenuwara, SLCERT Information Security Engineer Avishka Bandara and Moderator Daily FT Editor and CEO Nisthar Cassim
Peoples Bank Chief Information Security Officer Lasantha Thenuwara
Visa India and South Asia Head of Risk Service Vipin Surelia
SLCERT Information Security Engineer Avishka Bandara
By Hiyal Biyagamage
In a world increasingly reliant on digital technology, the risks of data breaches and leakages have never been more pressing. LankaPay CEO Channa de Silva, a prominent figure in Sri Lanka’s cybersecurity initiatives, and Visa for India and South Asia Risk Services Vice President and Head Vipin Surelia, recently engaged in a thought-provoking discussion on the vulnerabilities of digital ecosystems and the critical need to protect sensitive information.
Both Channa and Vipin discussed these insights at the 10th Annual Cyber Security Summit, organised by Daily FT and CICRA Holdings.
A simple app with devastating consequences
Channa de Silva began by recounting a chilling case that underscored the dangers lurking in our everyday digital interactions. A Sri Lankan professional had downloaded a seemingly harmless discount app to his smartphone, unaware that it carried a hidden payload of malware. For weeks, the software quietly monitored his activities, eventually allowing hackers to empty his bank account.
“What’s more frightening,” de Silva explained, “is imagining this compromised device being used to access sensitive corporate systems or even a national data centre.” His anecdote resonated with Sri Lanka’s increasingly connected population, where smartphone usage exceeds the number of residents, and nearly 7.5 million people actively engage on social media platforms.
A nation at risk
Sri Lanka’s digital transformation has brought tremendous opportunities but also glaring vulnerabilities. With nearly 90% of the population holding bank accounts and 12 million internet users relying heavily on smartphones, the country has become a prime target for cybercriminals. Social engineering attacks, which exploit human psychology, have become especially prevalent.
“Greed and curiosity remain our greatest weaknesses,” de Silva observed. “It’s alarming how quickly people fall for messages promising lottery wins or deliveries from phantom couriers. Even the most educated individuals aren’t immune to these traps.”
The global cybercrime surge
Vipin Surelia offered a broader perspective, painting a grim picture of the global cyber threat landscape. He cited projections estimating that cybercrime costs will surpass $ 10.5 trillion annually by 2025, a figure that dwarfs the pace of global economic growth.
The culprits behind this surge are sophisticated and resourceful. Many now use artificial intelligence to automate phishing scams, uncover system vulnerabilities, and execute data breaches with precision. The advent of digital currencies has further complicated the battle, providing a convenient conduit for laundering ill-gotten gains.
“The days of amateur hackers are long gone,” Surelia warned. “Today’s adversaries are organised, well-funded, and relentless.”
A history of breaches in Sri Lanka
Sri Lanka has not been spared from these dangers. De Silva highlighted several high-profile breaches that have rattled the nation’s institutions.
In 2016, a major bank faced a catastrophic data leak when hackers infiltrated its website, exposing 6.7 gigabytes of sensitive information on the dark web. A few years later, one of the country’s largest manufacturers suffered a devastating attack, with 300 gigabytes of internal data stolen and released online.
Even smaller-scale incidents have had far-reaching consequences. In one case, a bank employee accidentally emailed an Excel sheet containing details of affluent clients to an external party, leading to reputational and financial losses.
“These incidents are just the tip of the iceberg,” de Silva noted. “Many organisations choose to stay silent, fearing the reputational damage that comes with public disclosure.”
The human weakness in cybersecurity
Amid discussions of advanced hacking techniques, both de Silva and Surelia emphasised the critical role of human error in cyber breaches. In one particularly sobering example, Surelia described how a government employee unwittingly opened a phishing email that granted hackers access to sensitive data. The breach resulted in the loss of four months’ worth of government records, underscoring the devastating impact a single mistake can have.
“Even the most advanced systems are only as strong as the people operating them,” Surelia remarked. “Awareness and vigilance are our first lines of defence.”
Building a legal framework
Sri Lanka has taken significant steps to address these challenges, enacting the Personal Data Protection Act and proposing the Cyber Security Act. These measures aim to standardise how sensitive information is handled, mandate reporting of breaches, and impose penalties for non-compliance.
However, de Silva was quick to point out that legislation alone is not enough. “We need enforcement, collaboration, and a culture of accountability,” he said. “The laws are a foundation, but their success depends on how rigorously we implement them.”
The growing influence of social media and AI
The speakers also touched on the role of social media and artificial intelligence in shaping today’s cybersecurity landscape. De Silva shared research illustrating how misinformation campaigns on social platforms have influenced everything from stock markets to election results.
“Social media is a double-edged sword,” he warned. “While it connects us, it also amplifies disinformation, creating fertile ground for cybercriminals.”
Surelia echoed these sentiments, adding that artificial intelligence, while a powerful tool for detecting and responding to fraud, also equips bad actors with new capabilities. From crafting hyper-realistic phishing emails to exploiting AI-generated vulnerabilities, the technology has expanded the cybercriminal arsenal.
The need for collective action
Both experts emphasised the importance of collaboration in combating cyber threats. Organisations must share information about emerging risks, breaches, and mitigation strategies to collectively strengthen their defences.
“Cybersecurity is not an individual battle—it’s a shared responsibility,” de Silva stressed. “When one institution is attacked, it creates ripple effects that can impact others. By working together, we can stay one step ahead of the attackers.”
As Sri Lanka continues its march toward digital transformation, the stakes in cybersecurity have never been higher. The threats are real, diverse, and rapidly evolving, but so too are the tools and strategies to counter them.
“Cybersecurity isn’t just about technology—it’s about people, policies, and preparation,” Surelia concluded. “By fostering awareness, investing in training, and staying vigilant, we can secure our digital future.”
In a world where data is currency and trust is fragile, Sri Lanka’s ability to safeguard its digital infrastructure will determine the success of its journey toward modernisation. De Silva and Surelia’s insights serve as both a cautionary tale and a rallying cry, urging individuals, businesses, and governments to rise to the challenge before it’s too late.
Strategic partners of the CEO Forum and the 10th Annual Cyber Security Summit were Visa, Belkasoft, the platinum partners were Huawei and Google Cloud, Gold Partner was Sysco LABS, and Silver Partners were Millennium IT ESP, NCinga, and Just In Time Group. People’s Bank was the Banking Partner, LankaPay was the Official Payment Network Partner whilst Platform Provider was HashX. Electronic media partners were Sirasa TV, TV1 and NewsFirst, while the Podcast Partner was TechTalk360, and Brand Communications Partner was MullenLowe Sri Lanka.
– Pix by Upul Abayasekara
