Cybercrime is everywhere, and is out of control and we hear about it every single day.

Cybercrime is to reach 6 trillion dollars in 2021 as against 3 trillion in 2016.

How would you know if your security is already compromised?

In most of the recent cases, no one even knew that their data were stolen until months passed. That means todays cyber criminals are very much organised, coordinated and work according to a certain standard. 

What if the door to your key is already cut and kept by a thief and you are not aware of it?

What if your employees are already accessing information which they are not supposed to access in your database?

Today, security has become digital, and the criminals are white collar workers who have bachelor degrees in ICT who go to work from 9 to 5 like most of us do.

Yes, todays career criminals don’t look scary, and they don’t carry weapons, they don’t;

The only weapon in their pocket is the vulnerability in your locket. 

According to the United Nations, 80% of the cybercrime are a result of ultra organised, highly sophisticated crime group’s activities.

Cyber criminals made an estimated illegal profits up to 445 billion dollars last year which is larger than the GDP of 160 nations, and most of these incidents were a result of internal breaches which were done by employees of companies.

Sri Lankan companies are at higher risk as either most of the ICT security specialists are either not competent or unaware of the security threats which are prevalent in the Sri Lankan ICT infrastructure.

For instance many Sri Lankan financial institutions don’t have basic two factor authentication, and that means, the financial data of the customers could be easily breached without any serious hacking attempts.

 

Another security hole is that the websites of many financial institutions which give access to customers online for transactions can be easily hacked through browser level trojans and malware which are designed to steal online information.

These issues have been rather neglected or not highlighted as these will scare away customers from using online facilities.

Most financial institutions do not share information on breaches as this could lead to legal issues or may give competitive advantage to their counterparts.

For instance there is no public record or archive of breaches for other financial institutions to learn from breaches due to fear of being legal action taken against them from customers.

Just like the telecommunication industry steal money from unsuspecting customers due to various VAS features which customers don’t enable, financial institutions are also sometimes unable to disclose important security failures occurring from their end which may illicit very smaller amounts of money from customers accounts without anyones awareness.

In such instances what ever the industry dealing with peoples intimate financial details must strengthen their belts on security to be ahead of organised cyber criminals by implementing advanced security protocols which are rather difficult to breach.

We live in an era in which what ever the the security measure we take to protect is important.

After all, its just not about business anymore, its our life and the lives of our loved ones we protect.