Cyber resilience takes centre stage at The Management Club Members’ Night

Monday, 6 July 2026 02:44 -     - {{hitsCtrl.values.hits}}

  • Industry leaders warned of escalating cyber threats as CICRA Holdings Group Director/CEO Boshan Dayaratne unveils critical lessons from Sri Lanka’s cybersecurity landscape

CICRA Holdings Group Director/CEO Boshan Dayaratne

From left: Project Chairperson Gayathri Wickramasinghe, TMC Colombo Chairperson Duneeshya Bogoda, Commercial Bank of Ceylon Chief Information Security Officer Sunari Dandeniya, Co-Project Chairperson Priyantha Hapuarachchi, and CICRA Holdings Group Director/CEO Boshan Dayaratne

From left: Commercial Bank of Ceylon Chief Information Security Officer Sunari Dandeniya, Moderator and Co-Project Chairperson Priyantha Hapuarachchi and  CICRA Holdings Group Director/CEO Boshan Dayaratne


 

The Management Club of Colombo hosted a high-impact Members’ Night on cyber resilience, drawing senior executives and entrepreneurs from across Sri Lanka’s corporate landscape. The forum delivered a sobering account of the country’s escalating cyber threat environment, with CICRA Holdings Group Director/CEO Boshan Dayaratne, delivering the keynote address.

Dayaratne, a recognised authority in the field who has been invited by the United States Pacific Command to address senior military officials from 28 nations, brought the discussion to the boardroom with real-world lessons drawn from recent Sri Lankan cyber incidents. His presentation dissected critical vulnerabilities that have shaken the nation’s financial and corporate sectors.

Dayaratne walked the audience through key learning outcomes from significant cyber incidents, each exposing fundamental weaknesses in organisational defence:

  • ‘The Credential Exploitation Lesson’, a scheme exploiting weekend monitoring blind spots and stolen credentials demonstrated that segregation of duties is meaningless if credentials are shared or stolen. Transactions were structured to evade automated alert thresholds, with funds subsequently laundered through cryptocurrency exchanges.
  • ‘The Business Email Compromise Lesson’, a major financial loss resulted from a look-alike domain impersonating an international partner. Staff received fraudulent instructions to change beneficiary bank details over an extended period. The critical lesson: never trust email payment instructions, require out-of-band phone verification.
  • ‘The OTP Exploitation Lesson’, a significant customer loss occurred when an attacker gained control of a mobile device, likely through a phishing link tricking the user into sharing a one-time password. The lesson: your OTP is as powerful as your password, never share it, and separate personal and work devices.
  • ‘The Data Governance Lesson’, a catastrophic data breach exposed sensitive personal information, including National Identity Card scans, KYC records, and board member data now permanently available on the dark web. This breach resulted from years of ignored audit warnings, including poor firewall management, no user access reviews, improper encryption controls, and no privileged access management system in place.

“This isn’t about sophisticated nation-state hacking,” Dayaratne told the audience. “Every single one of these attacks succeeded because a human was manipulated or a basic control was ignored.”

The CEO identified the key tactics used by attackers:

  • BusinessEmail Compromise – spoofed email addresses and look-alike domains
  • Social Engineering – WhatsApp phishing, fake bank calls, and CEO impersonation
  • OTP Exploitation – tricking individuals into sharing one-time passwords
  • Device Takeover – malware installed through seemingly legitimate links

Dayaratne emphasised that traditional perimeter-based security is no longer sufficient. He advocated for Zero Trust Architecture, where no user is trusted simply because they are inside the corporate network, and stressed the importance of regular simulation testing to train employees to recognise threats.

“One annual PowerPoint presentation on cybersecurity is a waste of money,” Dayaratne asserted. “What works is baseline testing, immediate training for those who click, repeated monthly simulations, and rewarding eagle-eyed employees.”

He cited a local example where a Sri Lankan insurance firm reduced its click rate on phishing simulations from 32% to 6% after four rounds of testing.

With Sri Lanka’s Personal Data Protection Act (PDPA) No. 22 of 2025 enforcement moving closer to operational reality, Dayaratne issued a stark warning to the board members and entrepreneurs in attendance. 

“Data protection is no longer an IT issue, it is a boardroom responsibility,” Dayaratne told the audience. “Directors now face regulatory, financial, reputational, and personal risks tied to organisational data governance.”

He referenced the catastrophic data breach as a case study of what happens when data governance fails, noting that under PDPA, organisations face administrative penalties, mandatory breach notifications, and potential civil claims. 

The discussion was further enriched by Commercial Bank of Ceylon PLC Chief Information Security Officer Sunari Dandeniya, who shared practical perspectives on cybersecurity governance, risk management, regulatory compliance, and the importance of embedding cyber awareness across all levels of an organisation. 

Moderated by TMC Colombo Treasurer and Master Divers Ltd. and Pelwatte Coconut Industries Ltd. Director/Chief Executive Officer Priyantha Hapuarachchi, the forum featured an engaging exchange of ideas between the keynote speaker and participants. The interactive discussion enabled attendees to gain deeper insights into emerging cyber risks, incident response preparedness, and best practices for strengthening organisational resilience.

Held under the leadership of TMC Colombo Chairperson Duneeshya Bogoda, the forum formed a part of the Club’s ongoing commitment to providing relevant and impactful knowledge-sharing opportunities for its members and the wider business community. The event was organised under the stewardship of TMC Colombo Executive Committee Member and Project Chairperson Gayathri Wickramasinghe with the support of Co-Project Chairperson Priyantha Hapuarachchi.

Participants commended the forum for its practical relevance and timely focus, particularly as organisations across industries continue to face increasing cyber threats, regulatory demands, and digital transformation challenges. The event underscored the importance of cybersecurity resilience as a critical component of business continuity, corporate governance, and long-term organisational success.

Through initiatives such as the Cyber Security Resilience Forum, TMC Colombo continues to foster thought leadership and professional development by creating platforms that facilitate meaningful dialogue on contemporary business and management issues, enabling organisations to navigate an increasingly complex and technology-driven future. 

COMMENTS