SL listed companies, telcos hit by ransomware in 2020: ICTA Chief

Wednesday, 8 December 2021 00:21 -     - {{hitsCtrl.values.hits}}

  • Lack of cybersecurity readiness might impact SL’s credit ratings too
  • Says ransomware has infected over 7 m devices in the country 
  • Current institutional framework and capacity inadequate to address a country-wide cyber threat 

By Hiyal Biyagamage 

ICTA Chairman and Telecommunications Regulatory Commission of Sri Lanka Director-General Oshada Senanayake

Revealing the ominous realities surrounding ransomware, Information and Communication Technology Agency (ICTA) Chairman and Telecommunications Regulatory Commission of Sri Lanka Director-General Oshada

Senanayake said a listed company and several players in the telecommunications sector had been targeted by ransomware last year. Senanayake mentioned that many of these cases had not been documented, including the attack on the listed company.

“Last year, even though it was not documented, a Sri Lankan listed company faced a ransomware attack. Furthermore, the telecommunications sector of the country has been facing similar threats over the years. For the telecom sector, it was a sandbox. A sandbox is an isolated environment on a network that imitates end-user operating environments. They are used to safely execute suspicious code without risking harm to the host device or network. But for the listed company, it was close to 500 plus computers and the literal aspects of data were completely held to ransom,” Senanayake said recently at the Daily FT-CICRA 8th Annual Cyber Security Summit. 

Further commenting on these attacks, he said that lack of cyber defences might impact Sri Lanka’s credit ratings as well. 

“Understanding the risk of your digital infrastructure is critical. It is not just about websites or your emails opened up to threats. It is far more serious since the threat landscape has evolved significantly. Now, from a country perspective, if we do not look at these threats seriously, it will impact Sri Lanka’s credit ratings as well. Several rating agencies have warned several times that cyber defences as well as breach detection, prevention and response would be higher priorities in its analysis of the creditworthiness of a country,” said Senanayake.

During his speech, he also mentioned that over seven million devices in Sri Lanka were already infected by some form of ransomware. 

“If you look at the country threat vectors, you will understand these threat vectors are not siloed only to the institutional networks. You have to look at the consumer level as well. We have a high mobile internet penetration in Sri Lanka. If you look at mobile broadband connections, we are at 17.9 million connections. We have 2.6 million fixed broadband connections. These numbers mean that there are a significant number of devices that could be exposed to these threats. If you take a Zero Day threat, it could be all set to exploit millions of devices across the country. Currently, I can tell you that more than seven million devices in Sri Lanka have been affected by ransomware,” Senanayake commented. 

Even though the country has made significant strides in the National Cyber Security Index (from 98th to 69th), Senanayake admitted that Sri Lanka’s current institutional frameworks and capacity were not adequate to address a national-level cyberattack. 

“In both the public and private sector, the cyber resilience framework that different organisations adhere to is very low. This is due to the lack of proactive actions, significant gaps and vulnerabilities. Also, lack of preparedness to respond to cyber threats to contain damage and recover, lack of accountability for cybersecurity incidents and lack of capacity are worrying. This is why Sri Lanka needs to strengthen different facets of cybersecurity readiness — from implementing the legal framework to developing an institutional framework to building capacity to execute a robust strategy,” said Senanayake.

Global leader in payments Visa and technology giant Huawei Technologies were the Strategic Partners. The Banking Partner was NDB and the official payment network was LankaPay, whilst the Creative Partner was Triad.