Cyber Threat Intelligence and Lessons Learnt

139

Security has become quite the buzzword these days. As witness to this, let us point out to you the crowd of software engineers, system admins and students who found their way to the University of Colombo on the 19th of February.

This security awareness symposium was put together by BCS’s Young Professional Group arm, which has thus far been putting together quite a few seminars for those involved in the BCS PGD program. The event is a run-down of security threats from a system admin-level perspective delivered by Buddhika De Alwis of KPMG.

Buddhika De AlwisTo say it was comprehensive would be an understatement. Buddhika gave us a fair warning when he took the stage: “This presentation is very long, and even I’m not sure if we can finish all this. But let’s try.” Without beating around the bush, he embarked immediately onto the state of cyberwar in the world today (impressing us somewhat with a Sun Tzu quote:  “Just as water retains no constant shape, so in warfare there are no constant conditions.”

One particular eye-opener is a high-profile list of companies that he calls epic fails. Why? Because each of these companies does a huge amount of security work, and they’ve undergone some truly embarrassing hacks. RSA Security. Comodo. Citibank. The CIA.

Before the Q&A session initiated, he pulled up sheet after sheet of infographics – botnets; the origin of attacks and malware by nation; how botnets exploit computers and some of the most common exploit points that almost every office network is guilty of exposing. Like open remote access ports and torrent connection.

[box_light]How does one get into professional cybersec? Buddhika advocates a look at these qualifications – these, coupled with hands-on self-teaching attitude at all points of a career would forge a capable professional cybersecurity specialist:

CISSP
CISM
CEIT
CEH

*There’s also the Msc in Information Security (MIS) at UCSC and SLIIT[/box_light]

“It’s rare that security is thought of when developing software,” he stated, moving onto the system development life cycle itself. “We still tend to focus on functionality and form and forget the vulnerability of data. Especially in web apps. Security should be integrated into each stage. Where’s the data flowing? How is protected? This awareness has to come from the developer to the user.”

By the time the question and answer session kicked in, it was almost 7.30pm. The QA sheds more light on a few related topics. Common ways to keep an office network clean. The emigration of qualified personnel. Cybersecurity education.

Sri Lanka is getting popular, Buddhika pointed. Our economy is developing, money’s flowing in and there’s plenty of conflict to go around – according to Kaspersky, we’re 8th on the global list of target nations. We’re late to the cybersec party, but better late than never.

LEAVE A REPLY

Please enter your comment!
Please enter your name here