Defensive action against internet based threats
SL banking sector completes first cyber security
drill:
Information security specialists watching the Internet for latest
trends report the acceleration of cyber attacks carried out through fake
web sites and forged emails on the banking and financial sector, which
accounts for many millions in loses to both banks and their customers.
Participants at the cyber security exercise. |
The opportunity costs due to these attacks on the banking industry
might be even greater as widely reported attacks and the devastations
left in their aftermath leave both banks and customers fearful of
integrating and embracing technology that can clearly deliver cost
savings and greater customer satisfaction.
As financial and technology confidence losses mount due to various IT
frauds, especially phishing attacks targeted at e-banking customers, it
has become imperative for Sri Lankan banks, in the best interest of
their customers to be prepared to successfully counter cyber attacks.
To meet this critical challenge, the Cyber Security Drill Team of the
Department of Computer Science and Engineering of the University of
Moratuwa in collaboration with the Institution of Engineers Sri Lanka
and TechCERT conducted a cyber security drill exclusively for Sri Lankan
banking industry.
The cyber security drill, conducted on May 12, spanned a period of
two and a half hours with the participation of seven major banks in Sri
Lanka. The threat scenario was based on an advanced phishing attack with
the attackers using multiple hosting locations.
A team of engineers from TechCERT specializing in cyber security
trained an 18-member cyber security drill team on the planning,
logistics and operations of conducting cyber attacks and defences while
spearheaded the Exercise Control (EXCON) operations, which provided a
central point of observation and coordination for the cyber security
drill.
During the exercise the IT security specialists along with the higher
management of the participating banks untangled the scenario-based
attacks towards a virtual bank. The cyber security drill team units,
co-located with participating bank information systems staff, provided
technical expertise on site to the banking staff and helped them improve
their computer incident response actions.
The drill was observed at the EXCON by representatives from the
Department of Computer Science and Engineering of the University of
Moratuwa, Institution of Engineers Sri Lanka and a senior official from
a financial sector technology provider.
The cyber security exercise was declared a success with participating
banks completing the incident response and defensive action tasks
prepared by drill team.
It is expected that this successful cyber security exercise would
contribute to the further improvement of the overall incident handling
and management processes and better prepare the Sri Lankan banking
industry to face emerging Internet based threats in their drive towards
deploying e-banking services. |