Expert outlines preventive measures:
Corporates vulnerable to cyber invasions
Ravi LADDUWAHETTY
The infrastructure of almost all corporates in Sri Lanka is
vulnerable to external cyber invasions, a top cyber security company
warned.
“A random survey carried out by our senior cyber consultants has
found that 99 percent of sample IT infrastructure of Sri Lanka’s blue
chip companies were vulnerable to external cyber invasions, CICRA
Institute of Education Executive Director Vasana Wickremasena told Daily
News Business.
Vasana
Wickremasena |
“We advise top corporates in Sri Lanka to adopt seven key solutions
to minimize cyber invasions,” Wickremasena said.
He proposed a seven - pronged strategy to counter this. Companies
should instill first better practices and assist in creating good
security habits; second, they should influence positive behavioural
change for all employees towards cyber security awareness; third, make
computer users aware of information security threats and
vulnerabilities; fourth, teach computer users secure habits that will
promote a secure environment; fifth, organizations should avoid
information security breaches;
sixth, should create a more secure environment with users
understanding the various threats that exist in the cyber world today;
and finally should ensure that corporate audit requirements for
information security awareness training-compliances are passed,” he
said.
“An outsider can access a corporate network by entering into a
computer a company employee uses without being detected. In this
context, corporate executives and managers who are negligent of safe use
of their computers is one of the biggest threats to an organization,”
Wickremasena said.
“An unauthorized person can carry out attacks against servers of
these companies during which usernames, passwords, customers’ credit
card details, security answers, purchase history and addresses can be
easily stolen,” he said. “Social engineering and targeted SQL attacks
are some of the easiest forms of external invasions,” he said.
The Play Station of Sony, a top fortune 500 listed multinational
corporate, recently suffered almost shut down when its online gaming
facility was invaded through “non-gaming” intrusion into the system. The
company did not realised until late following forensic security testing
that the breach had led to the theft of the data of the 77 million
users.The CICRA Institute of Education is affiliated to USA based
International Association of Electronic Commerce Consultants
(EC-Council).
The EC-Council is recognised by the US Defence Department, National
Security Agency and the Pentagon and has certified more than 80,000 IT
security personnel worldwide.
|