Monday Nov 25, 2024
Monday Nov 25, 2024
Thursday, 27 June 2013 01:17 - - {{hitsCtrl.values.hits}}
Q: What are the options for companies to manage this threat?
Dayal: Moving into the cloud is like a journey and you need to make a start somewhere. There are a lot of things that companies have done today – how to move applications to the web one of the first steps you can look at. While you are doing that, look for a good development partner. It is imperative to have secure coding and apps as part of that step and this should give you a good start when taking your two or three tier app to the cloud.
Q: Has the BSA evaluated the success of original software in minimising attacks?
Ratwatte: The study I showed was very recent, conducted in 2012 covered the most active five countries in Southeast Asia and we found that most of the computers with pirated software posed threats of malware infection – pirated software poses a great threat. The threats are exhausting but genuine software helps with creating a stopgap and giving a certain amount of security.
Q: How fast is the adaptation of original software growing in Sri Lanka?
Ratwatte: There is a significant trend amongst organisations towards purchase and licensing of original software, active participation from the public sector and great cooperation from the regulators. We have had a unified effort and lots of effort from the Government to create a safe infrastructure. Piracy is still high but it has dropped in the last five years.
Q: Through your experience, where do you think the willingness is lacking – at a staff level or higher up?
Rajagopal: We are seeing physical security and IT security converging. When we do investigations after the breach has occurred, we see that there is no clear vision from the top, security is the last thing on their minds. Security is now considered to be a black hole – you throw money and nothing comes out of it – this is the impression the top leaders have. There is also a lack of awareness from the ground level. Companies are going on a reactive approach. They need to become proactive and try to find the problem before it happens.
Q: Do you see that enthusiasm relevant amongst system staff?
Rajagopal: Yes, you have job roles that are very common now that did not exist 10 years ago. Now you see that level of IT and security leadership and it’s a growing trend, even in Sri Lanka.
Q: What is your advice is to drive that process?
Rajagopal: Have a proper team that is well trained and drives security and IT leadership at the top level because without that, you won’t have a person who can speak the lingo.
Q: Can you expand on your work with CISCO?
Dayal: As we interact with customers, we see that the role of the CIO has evolved over the last decade or so. They are now present in banks and are in charge of information security. There is some form of management level ownership and I know that they report to the board at least on a quarterly basis on risk mitigation. Organisations are far more receptive to these topics and that’s a start and a good sign. You will see a lot more end-user and management participation coming in
Q: The Governor asked the banking sector to focus on security over convenience – how is this being managed?
Weerasinghe: The banking sector adopted technology very fast but while adopting it, there have been a lot of issues – there is a huge gap in the knowledge of the board, directors and staff. All banks are trying to deploy technology quickly but the other part of that is the security of information. Do they have the right people with the right knowledge to protect the customer and the information – this is the part that is lacking in Sri Lanka. There is also a lack of specialised labour in this area. We don’t have proper consultancies and people – within the banks there is a lack of knowledge in this area.
Q: What is your advice to participants as to what they can do from tomorrow as part of their professional duties?
Rajagopal: One of the key points is to take security seriously. A mindset change is required – we think it is never going to happen to us but it can happen because sometimes, the attacker randomly picks companies. Paranoia is good as it will automatically lead you to use your devices safely. Have a top down approach. Look at bringing your own devices because it will hit you anyway, as will the cloud. If your environment is not ready, you better think about how you can get it ready. Embrace it and embrace it securely. Use genuine software because then you know it’s coming from the right source – we don’t buy iPhones off people from the road but we do that with software.
