Sri Lanka launched a system of Bank Computer Security Incident Readiness Team (Bank CSIRT), a body formed to prevent cyber attacks on banks. Secretary to President Lalith Weeratunga launched the new system at the Central Bank of Sri Lanka yesterday (July 1) by sending out the first informational alert to all member banks.
Introduction of a Bank CSIRT became necessary because, though most banks and financial institutions in Sri Lanka have taken initiatives to establish information security measures, there is presently no formal collaboration between these institutions to pool critical information and knowledge for greater synergies in fighting threats and attacks.
Secretary to the President said, CSIRT is one of the most important things in modern internet and banking. He stated that previously, if attacks originated within the country, they were easy to isolate due to the relatively fewer Information and Communication Technology (ICT) users compared with the present.
Mr Weeratunga also revealed that many people have been victims of cyber attacks recently, divulging their personal and financial information, and even transferring funds to the account of the attackers. “Invasion of information systems occur daily, however, a sudden spike in major phishing attacks, over 250, were recorded during the recent turbulence in Aluthgama, with attackers attempting to take advantage of the chaos.”
“Too my mind, it is one of the most important and timely initiatives we have taken in the modern age of IT and banking,” Mr Weeratunga said. Explaining he said, in the way we are connected to today, we have opened many new avenues for people to attack you. Invading our information systems happens on a daily basis. Many years ago, for someone, through some kind of manipulative measure, to get into your IT account and for it to be located were easy, because there were not many Internet or IT users. But today, this is extremely complex.
However, he said the Computer Emergency Readiness Team | Coordination Centre (CERT|CC) the national CERT which created CSIRT was up to the challenge of protecting the country’s data, and act as the country’s front line soldiers, fighting the war thanklessly, away from the public eye.
CERT|CC was established in 2008, following the implementation of the Computer Crimes Act in 2007, and Mr Weeratunga expressed his disappointment over the lack of public focus and awareness of such a critical Act compared to others.
The 2007 Act was derived from the Council of Europe’s Convention on Cybercrime 2001, also known as the Budapest Act. In a move to become integrated with the global cyber security efforts, the Cabinet of Sri Lanka this year became a signatory of the Budapest Convention.
“The presence of cyber terrorism and cyber laundering have increased globally, while the types of threats encountered evolve in complexity daily, and a high price will have to be paid if the country’s ICT network collapses,” he said.
He said that ICT allowed the public new convenience, being able to transfer money before their morning cup of coffee, or withdrawing money from an ATM on their way to work.
Secretary to the President concluded his speech saying that ICT must be taken to the rural areas and that the wide ICT networks that are being created should be fully utilized, giving the public simple knowledge in using it.
Central Bank Governor, Ajith Nivard Cabraal expressed his views on protecting our cyber presence, especially in the banking sector from such attacks during the launch of Bank Computer Security Incident Readiness Team (Bank CSIRT) yesterday, a body formed to prevent cyber attacks on banks.
“Banks must maintain integrity, and protect sensitive privileged information, or the public will lose faith in the institutions. Therefore The Central Bank is committed to maintaining stability in the banking system,” Cabraal noted.