Defending the nation from cyber attacks

By Sanjee Balasuriya

The recent cyber attacks and web site defacement in web portals indicates that we have approached a critical stage pertaining to our country’s online reputation.

We, as citizens have a vital role to play to prevent such attacks and defacements to minimise damage to high risk high stake firms such as national security, electrical power generation, banking and finance or healthcare, the need of secure cyber space is even more a secure environment for stored and shared information enhances consumer benefits, business performance and productivity to a great extent while adhering to national security.

Conversely, an insecure environment creates the potential for serious damage to governments and corporations that could significantly undermine consumers and citizen’s trust.

It is vital that an economy depends on a secure flow of information within and across organisations, secure from cyber attacks and threats.

A cyber attack is an attack initiated from a computer against a website, computer system or individual computer that compromises the confidentiality, integrity or availability of the computer or information stored on it.

Cyber attacks take many forms, including; gaining or attempting to gain unauthorised access to a computer system or its data, unwanted disruption or denial of service attacks including the take down of entire web sites, installation of viruses or malicious code (malware) on a computer system, unauthorised use of a computer system for processing or storing data, changes to the characteristics of a computer system’s hardware and firmware or software without the owner’s knowledge instruction or consent, and inappropriate use of computer systems by employees or former employees.

Cyber-criminals are taking advantage of the rapidly expanding attack surface found in today’s ‘any-to-any’ world, and they use any device to access business applications in a network.

If even a single link is weak, the country network Infrastructure could be vulnerable to an attack. Governments across the world are concerned about the security of their digital infrastructure thus today several countries have established skilled cyber units to secure their core IT systems and networks.

It’s time the country needs a strong cyber security system to prevent these various kinds of sophisticated cyber attacks by hackers and cyber terrorists.

From that perspective, the national cyber security architecture if planned and implemented strategically can secure the country’s confidential data and network platforms.

It is also necessary to build a national cyber security framework which will highlight and robust the current government network architecture.

Many modern countries adopt security operation centres which will monitor 24-hour network traffic for uncommon activities in national network infrastructure to minimise such attacks.  

As part of this program, the government organizations should work with the IT, human resources and other appropriate departments to restrict employee access to information. Employees should only have access to information related to their job functions.

Every company/government entity should develop a written plan (cyber incident response plan) that identifies cyber attack scenarios and sets out appropriate responses.

Effective information security helps maintain the integrity of valuable corporate assets, enables compliance with industry regulations, and helps ensure the integrity of a trusted brand image and sustain business continuity.

An effective level of security requires a combination of state-of-the-art technology, experienced personnel, proven processes, and continuous threat intelligence are assets only few organisations possess.

Security technologies including firewalls, network and host intrusion detection, and prevention systems have created a tremendous volume of information, and handling that information only makes a company’s security problems more challenging.

Application penetration testing/source code reviews also play a vital aspect of this process which will help to understand the security posture of the systems and the applications.

(The writer is eCyberSec CEO/MD and founder of and counts more than 13 years of experience in the field of IT, with a main focus on Information Security. He accounts to over two years of active involvement in key projects in an IT Security Consultation firm in Singapore, appointed by the Government Data Centre IT systems Audits and gained immeasurable amount of experience by working closely with the Monetary Authority of Singapore for Compliance Regulatory Requirements which needed to comply for all financial intuitions across Singapore)