Ec-council

Cyber Security
Summit - 2013

Co-organised by:

2013-06-25 07:00:00
 
 

About Cyber Security Summit 2013

INTRODUCTION TO CYBER SECURITY SUMMIT

As cyber security threats skyrocket and not a day passes by without a news report on cyber security breach on a corporate entity or a government on its IT infrastructure, Sri Lanka's premier cyber security education provider and Sri Lanka's premier Financial Newspaper respectively have joined together to host EC-Council Cyber Security Summit 2013.

CYBER ATTACKS LEADING THREAT AGAINST US: SPY AGENCIES

WASHINGTON (Reuters) - Intelligence leaders said for the first time on Tuesday that cyber-attacks and cyber espionage have supplanted terrorism as the top security threat facing the United States.

That stark assessment, in an annual "worldwide threat" briefing that covered concerns as diverse as North Korea's belligerence and Syria's civil war, was reinforced in remarks by the spy chiefs before the Senate Intelligence Committee.

They expressed concern that computer technology is evolving so quickly it is hard for security experts to keep up…
(12 March 2013)

EC-Council – International Council of Electronic Commerce Consultants (EC-Council), USA – is the world's largest vendor neutral cyber security education provider and host of Global Cyberlympics – Olympic styled annual international hacking competition that promotes world peace and online child safety through ethical hacking.

The EC-Council is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide.

These certifications are recognized worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognized Vendor by the Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government.

The Pentagon in US has also selected the EC Council as their training partner for Cyber Security.

  • 25.06.13
    7.00 a.m. to 9.00 a.m.
    Breakfast meeting with CEOs of top corporations and senior officials of the government.
  • 25.06.13
    9.00 a.m. to 5.00 p.m.
    Cyber Security Summit for IT professions targeting senior officials from the corporate and government sectors.
  • 25.06.13
    6.30 p.m. onwards
    'Night Hack' – Evening informative session for CEOs and the CIOs of top corporates and the government followed by cocktails
  • 27.06.13
    CEH
  • 03.07.13
    CEH
  • 03.07.13
    cscu
 
Cyber Security Summit 2013
Do not miss your chance to get the best place
 

Tickets :
10,000/- Cyber Security Summit || 5,000/- Night Hack || 12,500/- Both Events

Agenda & Sessions

Cyber Security Summit25 June 2013 at King's Court

  • Registration
  • Tea
  • Arrival of the Chief Guest
  • Lighting of traditional oil lamp
  • National Anthem

Session 1 – National Preparedness against Cyber Attacks

  • Speech by the Chief Guest
  • Speech by President, EC-Council
  • Panel Discussion

Session 2 – Disaster Recovery and Business Continuity: How resilient are you against cyber attacks

Lunch

Session 3 – Cloud and virtualization: Cutting costs vs cyber threats

Tea

Session 4 – Securing the Code: Penetration testing beyond compliance

  • Vote of Thanks
  • Conclusion of the Summit
.
.

Keynote Speakers

  • Hon. Gotabhaya
    Rajapaksa

    Chief Guest
    Secretary,
    Ministry of Defence & Urban Development

  • Ajith Nivard
    Cabraal

    Guest of Honour
    Governor,
    Central Bank of Sri Lanka

 
  • Jay
    Bavisi

    President,
    International Council of Electronic Commerce Consultants (EC-Council), USA

  • Dr. Hans
    Wijesuriya

    Group Chief Executive officer,
    Dialog Axiata PLC

  • Diwakar
    Dayal

    Head,
    Security Business for Cisco India & SAARC

 
  • Krishnan
    Rajagopal

    Master Trainer,
    CICRA Consultancies (Pvt) Ltd and CEO – Akati Consulting, Malaysia

  • Shalini
    Ratwatte

    Country Representative,
    Business Software Alliance, Sri Lanka

  • Vivek
    Srivastava

    Security Leaders,
    Partner Business Group India & SAARC, CISCO

  • Prof. Rohan
    Samarajiva

    Founding Chairman,
    LIRNEasia

 

Jay Bavisi - President, EC-Council

Jay Bavisi is the Co-Founder and President of EC-Council, a global leader in information security education, training, and certification. Formed following the 9/11 incident, EC-Council addresses issues of cyber terrorism raised at the forefront of security of nations at large. It is the owner and developer of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Secure Analyst (ECSA), and Licensed Penetration Tester (LPT) programs.

Jay led the efforts in establishing the partnership with the International Telecommunications Union (ITU), an arm of the United Nations, via the International Multilateral Partnership Against Cyber Threats (IMPACT) to develop sustainable knowledge and capabilities in information security awareness amongst government agencies in 194 member countries.

An information security evangelist and architect, he regularly shares his insights with law & policy makers at various international conferences and seminars such as, Interop Las Vegas, CSI, Techno Security, and Techno Forensics. Jay was also the Chairman of the Keynote Hackers Panel at Infosecurity Europe, the Closing Keynote Speaker for ITWeb Security Summit, South Africa, and also the combined Keynote Speaker for Techno Security/ Hacker Halted USA, Keynote for IDC Security in Finland. His key expertise is in the area of Ethical Hacking, Information Assurance and Computer Forensics with a special focus in the government space internationally having recently been invited to speak at the US Department of Homeland Security Software Assurance Forum, and Department of Defense Cybersecurity Conference.

His audiences include executives of multinational corporations like Dow Jones, Lloyd's, Merrill Lynch, Microsoft, Shell, HSBC, Hewlett Packard, IBM, Standard Chartered, American Express, MCIS – Zurich, Schipol Airport Authority, KPMG, Deloitte Consulting, Trend Micro, IDC, S.E.A. Insurance, Sara Lee Philippines, American Express Bank Philippines, Makati City Hall, Philippine Airlines, Royal Australian Air Force, Government of Zhuhai, China Mobile and A&T Solutions, among others.

Jay has appeared regularly on several local and international television shows and print medias, including being interviewed by CNN and Fox Business News regarding information security and ethical hacking. His views have been sought by internationally acclaimed publications including Time, Washington Post, The Herald Tribune, The Wall Street Journal, The Gazette and The Economic Times. His views were also featured by ABC News, USA Today, The Christian Science Monitor, Boston and Gulf News.

Having always championed Ethical Hacking and Countermeasures, Jay is a prolific writer. His most recent work can be seen in the Computer and Information Security Handbook published by Elsevier in 2009.

Jay Bavisi is a law graduate from the University of Wales, College of Cardiff, with an LLB (Hons), Barrister – at – Law from Middle Temple, London.

Krishnan Rajagopal - Master Trainer, CICRA Consultancies (Pvt) Ltd and CEO – Akati Consulting, Malaysia

Krishnan is a recognized expert in the IT industry focusing on security, forensics and training. He has been involved in the Information Technology field for more than a decade after graduating in the field of Internet Technology from Staffordshire University, UK.

To date, Krishna, as he is fondly known as, holds more than 50 various professional certifications and is recognized internationally as one of the best in the industry for IT / Computer Security. His professional certification includes Microsoft Certified Professional (MCP), Microsoft Certified Systems Engineer (MCSE) and numerous others. To date he holds the record of being the youngest MCSE in the country and also holds the record for scoring a perfect 1000 marks on the final exam – Networking Essentials. Besides certification from Microsoft, he has also certifications from EC – Council, Adobe, Cisco, Apple, Checkpoint, and Sun in various areas and field.

All of the above has equipped him with substantial knowledge and expertise to excel in the training field where his training experience ranges from training corporate executives for Microsoft Certification, Programming Languages, Networking systems, application programs, web designing to E-commerce certification.

Krishna has extensive hands-on technical experience, possessing a vast range of industry and specific certifications that demonstrate high technical proficiency and in-depth knowledge. He has progressively extended his interests to encompass a wide array of organizational, economic and legal aspects of IT.

His extremely broad industry experience and business acumen is instrumental in providing professional consulting services to the public and private corporations, government departments at all levels of organizational structure. Industry leaders, universities and government departments often seek Krishna's expertise to give presentations on information security, infrastructure protection and electronic privacy.

Krishna has assisted and trained numerous Police forces around the globe on security measures and is accredited as a specialist in the successful investigation and prosecution of hackers, fraudsters and others. His work as a forensic computer consultant includes analysing computer documents, e-mails and data files.

Krishna has extensively contribution in helping the Malaysian Government to face the IT age where he was involved in design, planning and organizing the training of government staff on the Generic Office Environment-GOE (Electronic Government). This is followed by the Business Process Re-engineering (BPR) project of the Government Of Malaysia.

Krishna also conducts trainings and consulting in various countries across 5 continents of the world and has appeared in numerous television interviews and press releases talking about IT Security and various other IT related issues.

He is responsible for developing, maintaining and publishing information security standards, policies, procedures and guidelines for the company's key clients.

Diwakar Dayal - Head, Security Business for Cisco India & SAARC

Diwakar Dayal is the Head - Security Business for Cisco India & SAARC. He has over 16 years of experience in sales, strategy, business development & consulting involving advanced technology solutions in IT Networking, Security & Collaboration areas working with global organizations like Cisco, Juniper, Dimension Data, Sify & Wipro. 

Diwakar joined Cisco in 2010 and is now responsible for driving Cisco's Security business from a sales, strategy and Go-To-market for India and the SAARC region connecting with Cisco's customers, partners and industry consultants. Prior to this role, he was responsible for helping grow Telepresence business in India and drive the Go-To-market for VXC business for Asia as part of the collaboration architecture group.

Before Cisco, Diwakar was with Juniper Networks as Head of Banking & FSI Vertical responsible for creating Juniper's entry into Indian FSI market. In an earlier role with Juniper, he was also responsible for the Advanced Technology portfolio growing the Security & WAN Acceleration business for India & SAARC.  Prior to that, Diwakar worked with Dimension Data, where he helped setup the Security Line of Business working with multiple leading security industry vendors.

Diwakar has spent time on the consulting and system integration business as part of Wipro & Sify where he was responsible for helping build the PKI Security business around Verisign products and offering Security consulting services to large enterprise customers.

He holds a Master of Business Administration (MBA) in Marketing from T A Pai Management Institute (TAPMI) & is a CISSP (Certified Information Systems Security Professional) with strong background in security domain.

Shalini Ratwatte - Country Representative – BSA Sri Lanka

Shalini Ratwatte has over twenty years' experience as an Attorney at Law in the corporate sector and has been the Country Representative for the Business Software Alliance (BSA) since July 2008.

BSA | The Software Alliance (www.bsa.org) is the leading global advocate for the software industry. It is an association of world-class companies that invest billions of dollars annually to create software solutions that spark the economy and improve modern life. Through international government relations, intellectual property enforcement and educational activities, BSA expands the horizons of the digital world and builds trust and confidence in the new technologies driving it forward.

In her role as Country Representative, BSA Sri Lanka, Shalini has been actively engaged in education, awareness and capacity building of the public and private sectors on the perils of software piracy.She has been responsible for coordinating and executing the first Corporate End User Raid in Sri Lanka and those thereafter with the Sri Lanka Police, establishing the Anti-Piracy Unit at the Criminal Investigation Department (CID) together with AMCHAM, facilitating ongoing overseas training of the judiciary and most importantly, steadily driving down the piracy rate in Sri Lanka to record one of the biggest drops in the world in 2010 and 2011.

Contact & Registration

No: 185/4, Havelock Rd, Colombo, Sri Lanka
Tel. (+94) 11 7 200266
Fax. (+94) 718800871

Registration Form

 

Request Submitted

We'll contact you within a working day.

Bad Request

An error has occurred.

 

News:

Defence Secy., CB Chief to headline Daily FT-CICRA Cyber Security Summit on Tuesday

Secretary to Ministry of Defence and Urban Development Gotabaya Rajapaksa will inaugurate the first-ever international summit on cyber security on Tuesday 25 June at the Cinnamon Lakeside Colombo, whilst Central Bank Governor Nivard Cabraal will be the Guest of Honour.

Held under the aegis of the US-based EC-Council, the world's largest vendor neutral cyber security education provider, the summit is co-organised by the Daily FT and CICRA Consultancies, a premier cyber security education provider in Sri Lanka.

Given the widespread threat to cyber security, the thrust to enhance awareness and likely solutions to mitigate risks, 25 June will also see a Leadership forum targeting CEOs and a 'Night Hack' an evening informative session with live demonstrations on cyber-related vulnerabilities.
The full-day summit will feature top international IT security experts including EC-Council President Jay Bavisi, and individuals who have worked with Interpol and Fortune 500 companies. Several local experts will also provide key insights to dangers as well as preventive solutions. See details on p13 and for registration visit www.cicra.lk/summit or call 117209577.

Breaches on cyber security have increasingly and more recently Sri Lanka had been identified as world's eighth most vulnerable for attacks as the use of computers, internet, intranets, emails, social media, and mobile devices and overall technology grows rapidly.

The threat of cyber security is no longer the area of concern for IT departments only but affects all functions in an organisation, all sectors across the economy and individuals alike.

In that context the three back-to-back events on 25 June will provide participants insights to best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures. They will also highlight the latest flaws in information security that affects the global community including private sector corporations and governments. Discussions and presentations will revolve around some of the most malicious attacks and potential cyber threats.

The EC-Council is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide.  These certifications are recognised globally and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill.  The Pentagon in US has also selected the EC Council as their training partner for Cyber Security.

Considering the importance of enhancing awareness and available remedial actions at public and private sector level via the national summit, the event has drawn widespread support.  ICTA has endorsed the event as strategic partner whilst international industry organisation Business Software Alliance is lending its support as advocacy partner.

Cisco is the Principal Sponsor, Dialog Axiata is the Platinum Sponsor and HSBC is the Official Bank. The venue of all three events, Cinnamon Lakeside Colombo, is the Hospitality Partner and Union Assurance is the Official Insurer. Creative Partner is Triad Digital and Electronic Media Partners are TV Derana, FM Derana and ada derana.lk.

EC-Council Cyber Security Summit in Sri Lanka

As cyber security threats skyrocket and not even a day passes by without a cyber-security breach on a corporate or a government entity on its IT infrastructure, International Council of Electronic Commerce Consultants (EC-Council) will hold a top cyber security summit in Sri Lanka on June 25, 2013.

The summit will comprise a Breakfast meeting with CEOs of top corporations and senior officials of the government, Cyber Security Summit for IT professions targeting senior officials from the corporate and government sectors, and a 'Night Hack' – Evening informative session.

The summit will feature top international IT security experts including EC-Council President Jay Bavisi and Vice President Sean Lim, and agents who have worked with the Interpol and Fortune 500 companies.

Titled 'EC-Council Cyber Security Summit 2013', the event is co-organised by CICRA Consultancies Ltd. - Sri Lanka's premier cyber security education provider – and the Daily FT.

"The main objective of this summit is to create awareness on the importance of Cyber Security and to provide top officers in the government, top private sector leaders, IT professionals with the best practices in acquiring, implementing, managing and measuring information security postures of their organizations and countermeasures," CICRA Director/CEO Boshan Dayaratne said.

"The summit will also highlight latest flaws in information security that affects the global community including the corporations and the governments. Discussions and presentations will revolve around some of the most malicious attacks and potential threats surrounding the security field," Mr. Dayaratne said.

"EC-Council is the world's largest vendor neutral cyber security education provider based in USA. It is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide."

"These certifications are recognized worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognized Vendor by the Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government," he said.

"The Pentagon in US has also selected the EC Council as their training partner for Cyber Security," he said.

More details on the summit including registration process can be obtained at www.cicra.lk/summit.

Global giant Cisco joins EC-Council Cyber Security Summit in Sri Lanka as Principal Sponsor

Cisco, the worldwide leader in networking has joined the 'EC-Council Cyber Security Summit 2013' on June 25 in Sri Lanka as the Principal Sponsor.

The summit will comprise a Breakfast meeting with CEOs of top corporations and senior officials of the government, Cyber Security Summit for IT professions targeting senior officials from the corporate and government sectors, and a 'Night Hack' – Evening informative session.

The summit will feature top international IT security experts including EC-Council President Jay Bavisi and Vice President Sean Lim, and agents who have worked with the Interpol and Fortune 500 companies.

Titled 'EC-Council Cyber Security Summit 2013', the event is co-organised by CICRA Consultancies Ltd. – Sri Lanka's premier cyber security education provider – and the Daily FT.

"The role of the network has undergone a major transformation with the advent of mobility, cloud and virtualisation. As network becomes the platform, security risks, both internal and external, continues to increase. CIOs, today, need to look at a security framework that is robust, integrated and pervasive" said Rajat Ganguly, Cisco Account Manager, Sales; leading the Partner Business Group at Sri Lanka & Maldives.

Mr. Ganguly was speaking at the ceremony to announce Cisco's partnership with the summit.

Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. At Cisco (NASDAQ: CSCO) customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success.

Founded in 1984 by a small group of computer scientists from Stanford University, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies since the company's inception. This tradition of innovation continues with industry-leading products in the core areas of routing and switching, as well as advanced technologies in areas such as Unified Communications, Network Security, Video, Virtualisation and Cloud Computing.

Innovation is a core part of the Cisco culture and annually $5.5 Billion is invested in R&D; Cisco has more than 20,000 Engineers in more than 10 labs worldwide; more than 4200 patents have been awarded to Cisco inventors. Currently 750+ patents have been filed from India and 450+ issued for innovations across all technologies.

"As cyber security threats skyrocket and not even a day passes by without a cyber-security breach on a corporate or a government entity on its IT infrastructure, we are pleased to see that Cisco, the worldwide leader in networking has joined hands with 'EC-Council Cyber Security Summit 2013' in Sri Lanka," CICRA Director/CEO Boshan Dayaratne said.

"The main objective of this summit is to create awareness on the importance of Cyber Security and to provide top officers in the government, top private sector leaders, IT professionals with the best practices in acquiring, implementing, managing and measuring information security postures of their organizations and countermeasures," Mr. Dayaratne said.

"The summit will also highlight latest flaws in information security that affects the global community including the corporations and the governments. Discussions and presentations will revolve around some of the most malicious attacks and potential threats surrounding the security field," he said.

EC-Council stands for International Council of Electronic Commerce Consultants.

"EC-Council is the world's largest vendor neutral cyber security education provider based in USA. It is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide," Mr. Dayaratne said.

"These certifications are recognized worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognized Vendor by the Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government," he said.

"The Pentagon in US has also selected the EC Council as their training partner for Cyber Security," he said.

More details on the summit including registration process can be obtained at www.cicra.lk/summit.

HSBC joins EC-Council Cyber Security Summit as official bank

HSBC has joined the 'EC-Council Cyber Security Summit 2013' on 25 June in Sri Lanka as the official bank.

The summit will comprise a breakfast meeting with CEOs of top corporations and senior officials of the Government, Cyber Security Summit for IT professions targeting senior officials from the corporate and Government sectors and a 'Night Hack' evening informative session with live demonstrations on vulnerabilities.

The summit will feature top international IT security experts including EC-Council President Jay Bavisi and local and foreign experts who have worked with the Interpol and Fortune 500 companies.

Titled 'EC-Council Cyber Security Summit 2013', the event is co-organised by CICRA Consultancies Ltd. –Sri Lanka's premier cyber security education provider – and the Daily FT. EC-Council stands for International Council of Electronic Commerce Consultants.

"We are happy to have partnered this event, to help increase the knowledge and awareness on the increasing threat of cyber attacks and security that is beneficial for all organisations. As a global entity HSBC understands the importance of information breach, and hope this summit will impart key learnings and help build awareness on cyber security and counter measures in managing the risks involved," James Rebert, Head of Cards, Products and Service of the HSBC Sri Lanka said.

CICRA Director/CEO Boshan Dayaratne said that they are pleased to see that HSBC has joined hands with 'EC-Council Cyber Security Summit 2013' in Sri Lanka.

"As cyber security threats skyrocket and not even a day passes by without a cyber-security breach on a corporate or a Government entity on its IT infrastructure, there is a serious need to prepare against cyber-attacks," Dayaratne said.

"The main objective of this summit is to create awareness on the importance of Cyber Security and to provide top officers in the government, top private sector leaders, IT professionals with the best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures," he said.

"The summit will also highlight latest flaws in information security that affects the global community including the corporations and the governments. Discussions and presentations will revolve around some of the most malicious attacks and potential threats surrounding the security field," he said.

"EC-Council is the world's largest vendor neutral cyber security education provider based in USA. It is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide," Dayaratne said.

"These certifications are recognised worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognized Vendor by the Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government," he said.

"The Pentagon in US has also selected the EC Council as their training partner for Cyber Security," he said.

More details on the summit including registration process can be obtained at www.cicra.lk/summit. For registrations call 117209577

BSA joins EC-Council Cyber Security Summit as advocacy partner

BSA | The Software Alliance, a leading advocate for the global software industry, has joined the EC-Council Cyber Security Summit 2013 as an advocacy partner. The event is scheduled to be held on 25 June in Sri Lanka. EC-Council stands for International Council of Electronic Commerce Consultants.

The summit will comprise a breakfast meeting with CEOs of top corporations and senior officials from the Government and a 'Night Hack' – an evening informative session with live demonstrations on cyber-related vulnerabilities.


The summit will feature top international IT security experts including EC-Council President Jay Bavisi, Vice President Sean Lim, and individuals who have worked with Interpol and Fortune 500 companies.

Titled 'EC-Council Cyber Security Summit 2013', the event is co-organised by CICRA Consultancies Ltd. – a premier cyber security education provider in Sri Lanka – and the Daily FT.

 "BSA | The Software Alliance is a non-profit trade association dedicated to promoting a safe and legal digital world. The issue of cyber security and online safety is a concern that resonates deeply with BSA and is closely linked to the risks of piracy and counterfeit software.  
"We are pleased to support this Summit and look forward to a great event that drives strong awareness on the importance of staying safe online," said Shalini Ratwatte, Consultant to the Sri Lanka Committee of the BSA.

Ratwatte was speaking at the ceremony to announce BSA's partnership with the summit. "Cyber criminals have begun to find that an easy way into people's homes and workspace through their unprotected computer systems. When users use pirated software, this risk increases exponentially as we are now finding more and more that computers sold with pirated software contain dangerous malware.

"There is a real risk that the malware that came with your pirated software can cause damage from financial loss, privacy, security and personal safety perspectives. The risks now go beyond losing data and legal non-compliance. We hope to share more of our findings during the summit. " she said.
BSA is an association of world-class companies that invest billions of dollars annually to create software solutions that spark the economy and improve modern life. It serves as the world's premier anti-piracy organization and as a respected leader in shaping public policies that promote technology innovation and drive economic growth.

 "As cyber security threats skyrocket, and not even a day passes by without a cyber-security breach on a corporate or a government entity on its IT infrastructure, we are pleased to see that BSA has joined hands with 'EC-Council Cyber Security Summit 2013' in Sri Lanka," said CICRA Director/CEO Boshan Dayaratne.

"The main objective of this summit is to create awareness on the importance of Cyber Security and to provide top officers in the government, top private sector leaders, IT professionals with the best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures," added Dayaratne.  "The summit will also highlight the latest flaws in information security that affects the global community including private sector corporations and governments. Discussions and presentations will revolve around some of the most malicious attacks and potential cyber threats."

EC-Council is the world's largest vendor-neutral cyber security education provider based in USA. It is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other security education programs offered worldwide.

Dayaratne said: "EC-Council's certifications are recognised worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognised Vendor by the US Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government. The US Pentagon has also selected the EC Council as their training partner for Cyber Security." More details on the summit including the registration process can be found at www.cicra.lk/summit.

BSA | The Software Alliance is the leading global advocate for the software industry. It is an association of world-class companies that invest billions of dollars annually to create software solutions that spark the economy and improve modern life.

Through international government relations, intellectual property enforcement and educational activities, BSA expands the horizons of the digital world and builds trust and confidence in the new technologies driving it forward.

Cinnamon Lakeside joins EC-Council Cyber Security Summit as Hospitality Partner

Cinnamon Lakeside Colombo has joined the 'EC-Council Cyber Security Summit 2013' on June 25 in Sri Lanka as the Hospitality Partner.

The summit will comprise a Breakfast Meeting with CEOs of top corporations and senior officials of the Government, Cyber Security Summit for IT professions targeting senior officials from the corporate and government sectors, and a 'Night Hack' – evening informative session with live demonstrations on vulnerabilities.

The summit will feature top international IT security experts including EC-Council President Jay Bavisi and local and foreign experts who have worked with Interpol and Fortune 500 companies.

Titled 'EC-Council Cyber Security Summit 2013', the event is co-organised by CICRA Consultancies Ltd. – Sri Lanka's premier cyber security education provider – and the Daily FT.

"In light of recent international events, we find this summit extremely relevant," said Cinnamon Lakeside Colombo General Manager Denis Gruhier.

Gruhier was speaking at the ceremony to announce Cinnamon Lakeside's partnership with the summit.

"The John Keells Group places a strong focus on information security; therefore we are delighted to partner with the Daily FT and CICRA on this event. We have no doubt it will be a valuable and enlightening experience to those that attend," he said.

Meanwhile, CICRA Director/CEO Boshan Dayaratne said that they were pleased to see that Cinnamon Lakeside Colombo has joined hands with 'EC-Council Cyber Security Summit 2013' in Sri Lanka.

"As cyber security threats skyrocket and not even a day passes by without a cyber-security breach on a corporate or a government entity on its IT infrastructure, there is a serious need to prepare against cyber-attacks," Dayaratne said. "The main objective of this summit is to create awareness on the importance of cyber security and to provide top officers in the Government, top private sector leaders, IT professionals with the best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures," he said.

"The summit will also highlight latest flaws in information security that affects the global community including the corporations and the governments. Discussions and presentations will revolve around some of the most malicious attacks and potential threats surrounding the security field," he said.

EC-Council stands for International Council of Electronic Commerce Consultants. "EC-Council is the world's largest vendor neutral cyber security education provider based in USA. It is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide," Dayaratne said.

"These certifications are recognised worldwide and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill. Most recently, EC-Council has been approved and listed as a National Recognised Vendor by the Bureau of Proprietary School Supervision (BPSS), and also been certified to have attained the NSA/CNSS 4011 training standard, a requirement for Infuse professionals working for the US Federal Government," he said.

"The Pentagon in US has also selected the EC Council as their training partner for Cyber Security," he said.

More details on the summit including registration process can be obtained at www.cicra.lk/summit.

Central Bank to detail key initiatives at Cyber Security Summit tomorrow

The Central Bank will detail several of its key initiatives in dealing with cyber security at the multi-stakeholder driven top summit on the subject co-organised by the Daily FT tomorrow.
At the Cyber Security Summit 2013, which will be headlined by Secretary to the Ministry of Defence and Urban Development Gotabaya Rajapaksa as Chief Guest and Central Bank Governor Nivard Cabraal as Guest of Honour, the threat of breaches on cyber security to organisations will be dealt with by international and local experts.
The banking sector perspective and dealing with cyber security and initiatives will be explained by Central Bank's Deputy Governor Dr. Nandalal Weerasinghe during his presentation at the full day Summit at the Cinnamon Lakeside, Colombo.
Held under the aegis of the US-based EC-Council, the world's largest vendor-neutral cyber security education provider, the summit is co-organised by the Daily FT and CICRA Consultancies, a premier cyber security education provider in Sri Lanka.
EC Council President Jay Bavisi will deliver the keynote address whilst the inaugural session will focus on national preparedness against cyber attacks. It includes a panel discussion with speakers Cabraal, Bavisi and Dialog Axiata Group CEO and Director Dr. Hans Wijayasuriya as panellists.

Other experts who will make presentation are Cisco India and SAARC Head of Security Business Diwakar Dayal speaking on Cloud and virtualisation: Cutting costs vs. cyber threats; LIRNEasia Founding Chair Prof. Rohan Samarajiva on "Trust in electronically mediated environments:  Why we need cyber security," Business Software Alliance Consultant, Sri Lanka Committee Shalini Ratwatte on "Piracy: The unexpected cause of cyber security risks" and CICRA Consultancies Ltd. Head of Consultants and Master Trainer Krishnan Rajagopal on "Securing the Code: Penetration testing beyond compliance."
Given the widespread threat to cyber security, the thrust to enhance awareness and likely solutions to mitigate risks, 25 June will also see a leadership forum targeting CEOs and a 'Night Hack' an evening informative session with live demonstrations on cyber-related vulnerabilities.
Breaches in cyber security have increased and more recently, Sri Lanka had been identified as world's eighth most vulnerable for attacks as the use of computers, internet, intranets, emails, social media, and mobile devices and overall technology grows rapidly.
The threat of cyber security is no longer the area of concern for IT departments only but affects all functions in an organisation, all sectors across the economy and individuals alike.
In that context the three back-to-back events on 25 June will provide participants insights into best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures. They will also highlight the latest flaws in information security that affects the global community including private sector corporations and governments. Discussions and presentations will revolve around some of the most malicious attacks and potential cyber threats.
The EC-Council is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide. These certifications are recognised globally and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill.  The Pentagon in US has also selected the EC Council as their training partner for Cyber Security.
Considering the importance of enhancing awareness and available remedial actions at public and private sector level via the national summit, the event has drawn widespread support. ICTA has endorsed the event as strategic partner whilst international industry organisation Business Software Alliance is lending its support as advocacy partner.
Cisco is the Principal Sponsor, Dialog Axiata is the Platinum Sponsor and HSBC is the Official Bank. The venue of all three events, Cinnamon Lakeside Colombo, is the Hospitality Partner and Union Assurance is the Official Insurer. Creative Partner is Triad Digital and Electronic Media Partners are TV Derana, FM Derana and www.adaderana.lk.

Multiple events today to highlight importance of cyber security

A first-of-its-kind three back-to-back events will be held today to flag off the importance of cyber security at national, corporate and individual levels under a multi-stakeholder initiative spearheaded by the Daily FT.
The flagship event will be the full day summit titled 'EC-Council Cyber Security Summit' from 9 a.m. to 5 p.m. at the Cinnamon Lakeside Colombo whilst prior to that a Leadership Forum involving top CEOs and Chairmen will be held over breakfast at the same venue from 7 a.m. onwards. The thrust of creating awareness on cyber security will reach a climax in the evening from 6:30 p.m. onwards with an event titled 'Night Hack,' an informative session with live demonstrations on cyber-related vulnerabilities.

The summit with over 200 participants is scheduled to be headlined by Secretary to the Ministry of Defence and Urban Development Gotabaya Rajapaksa as Chief Guest and Central Bank Governor Nivard Cabraal as Guest of Honour.
A good mix of international and local experts will deal with different subjects focusing on  the threat of breaches on cyber security to organisations, both public and private as well as personal devices.
Held under the aegis of the US-based EC-Council, the world's largest vendor-neutral cyber security education provider, the events are co-organised by the Daily FT and CICRA Consultancies, a premier cyber security education provider in Sri Lanka.
EC Council President Jay Bavisi will deliver the keynote address whilst the inaugural session will focus on national preparedness against cyber attacks. It includes a panel discussion with speakers Cabraal, Bavisi and Dialog Axiata Group CEO and Director Dr. Hans Wijayasuriya as panellists.
Other experts who will make presentation are Cisco India and SAARC Head of Security Business Diwakar Dayal speaking on 'Cloud and virtualisation: Cutting costs vs. cyber threats'; LIRNEasia Founding Chair Prof. Rohan Samarajiva on 'Trust in electronically mediated environments:  Why we need cyber security,' Business Software Alliance Consultant, Sri Lanka Committee Shalini Ratwatte on 'Piracy: The unexpected cause of cyber security risks' and CICRA Consultancies Ltd. Head of Consultants and Master Trainer Krishnan Rajagopal on 'Securing the Code: Penetration testing beyond compliance'. The Central Bank's Deputy Governor Dr. Nandalal Weerasinghe will focus on the banking sector and dealing with cyber security and initiatives.
Breaches in cyber security have increased and more recently, Sri Lanka had been identified as world's eighth most vulnerable for attacks as the use of computers, internet, intranets, emails, social media, and mobile devices and overall technology grows rapidly.
The threat of cyber security is no longer the area of concern for IT departments only but affects all functions in an organisation, all sectors across the economy and individuals alike.
In that context the three back-to-back events today will provide participants insights into best practices in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures. They will also highlight the latest flaws in information security that affects the global community including private sector corporations and governments. Discussions and presentations will revolve around some of the most malicious attacks and potential cyber threats.
The EC-Council is the owner and developer of the world famous Certified Ethical Hacker course (C|EH), Computer Hacking Forensics Investigator program (C|HFI), License Penetration Tester (L|PT) program and various other programs offered worldwide. These certifications are recognised globally and have received endorsements from various governments including the US Federal Government via the Montgomery GI Bill.  The Pentagon in US has also selected the EC Council as their training partner for Cyber Security.
Considering the importance of enhancing awareness and available remedial actions at public and private sector level via the national summit, the event has drawn widespread support. ICTA has endorsed the event as strategic partner whilst international industry organisation Business Software Alliance is lending its support as advocacy partner.
Cisco is the Principal Sponsor, Dialog Axiata is the Platinum Sponsor and HSBC is the Official Bank. The venue of all three events, Cinnamon Lakeside Colombo, is the Hospitality Partner and Union Assurance is the Official Insurer. Creative Partner is Triad Digital and Electronic Media Partners are TV Derana, FM Derana and www.adaderana.lk.

Moving cyber security into boardrooms

Sri Lanka being named the eighth most vulnerable country to online assaults on a list compiled by Kaspersky highlighted the importance of cyber security at national, corporate and individual levels.
Spearheading a multi-stakeholder initiative to draw attention to this vast and dangerous gap that needs to be bridged, the Daily FT in collaboration with CICRA Consultancies, under the aegis of the US-based EC-Council, the world's largest vendor-neutral cyber security education provider, hosted the Cyber Security Summit 2013, a series of events yesterday focusing on the threat of breaches on cyber security to organisations.


The flagship event was a full-day summit, the 'EC-Council Cyber Security Summit,' prior to which a leadership forum with some of the country's top CEOs and chairmen was held. The series of events ended with the 'Night Hack' in the evening, an informative session with live demonstrations on cyber-related vulnerabilities.
State of denial
"CEOs around the world never want to hear about security," remarked EC-Council USA President Jay Bavisi candidly, as he addressed the gathering of CEOs and chairmen at the leadership forum. He compared the job of a CEO of a company to that of being the head of a family. "I'm the CEO of my family and my wife is the CIO. I travel tremendously so I'm not able to monitor the information flowing into my house so my wife manages all the information and provides me with crisp succinct information. I create wealth and my wife multiplies it."
As a CEO of a global company himself, he noted that a problem that a lot of companies are facing is that CEOs are disconnected from the security of the company because they see it as an external issue and that this is one of the core reasons why a lot of corporations are not able to advance very quickly to protect themselves. "Unless you play the role of a mother or father as a CEO and your company is your child and you view a threat against your company as really being your own problem, you are not going to be able to make leaps and bounds in the security posture of your organisations."
"Compliance is not enough. It's not a yardstick. You can't say 'I've never been hacked so why are we talking about hacks?' The worst hack is when you don't even know it's going on. We are in a state of denial," he stated.
Bavisi pointed out that no company has an IT security budget larger than the Pentagram – and yet, the Pentagram has been hacked over and over again. "One of the NSA's very own pulled off a massive espionage by stealing documents in the USB drive. If that can happen to the NSA, what about you?
He also acknowledged that there has been a massive change in the demographic of users. 20 years ago, a CEO could be forgiven for not understanding cyber security and social media. Today, such a CEO cannot be forgiven. "If a CEO does not understand cyber security and social media, he should be fired because all clients, customers and people use social media. Governments are waking up to this and realising that they are losing elections because they aren't on social media," he said.
It took mankind thousands of year to communicate one to one. Then came the Roman Empire, with which commenced many to one. The current era is one with many to many communication, he stated, and trying to hold onto a business in the middle of this is not easy.
"That's the truth of a CEO today. If you think your organisation is not going to be hacked, you will be hacked. The best education you can get is getting your companies hacked once and then you will realise; budgets that were previously not available will become available and time that was not there will be found," Bavisi pointed out.
The EC-Council in line with this creates ethical hackers for governments across the world. In turn, the EC-Council also constantly gets attacked because the bad guys see it as an immediate threat. In fact, Bavisi revealed that 30 days ago, he woke up to headlines that said that the EC-Council had been hacked. "You cannot stop the blogs when this happens. You need to be prepared for when you get hacked, so get your disaster recovery teams in place and your PR ready so that each team knows what to do."
It turned out that it was not a hack but a window that was left open by one of the EC-Council's own web developers but the damage had been done. "All of our files are encrypted as well but the world did not want to listen. We had to issue statements and business was affected. This is going to happen to your organisation," he warned ominously.
"Companies have gone bankrupt after being hacked. Sony's business came down as did J.P. Morgan's – CEOs have had to come in front to apologise. Imagine yourself standing in front of your shareholders saying I'm sorry we got hacked and I will do a better job next time – it is better is to implement a strategy that minimises your risk."
'Hack-tivism'
CICRA Consultancies Head of Consultants and Master Trainer Krishnan Rajagopal stressed on the fact that the actual problem they have identified through conducting dozens of investigations is the fact that security is brought into the boardroom as an actual issue only after a security breach. "Security has to be a boardroom issue nowadays. When we get hacked, it becomes a game changer."
He observed that while over the years, security has changed, IT security is still handled much like physical security is, by a person with an enforcement or military background – trying to tackle a new game with the same physical tactics – which obviously will not work. "The moment we are online today, we are borderless. It's a global industry which also means that it is a flat world for hackers. Anyone anywhere could be looking at you."
Rajagopal drew upon the example of a security breach by one of CICRA's own clients, a company that makes armour and weaponry that was ambushed during a legal battle with competitors when the competitors revealed personal information. "The CFO kept leaving his laptop behind in office because he found it too heavy to carry it home. An office cleaner hired by the competitors simply plugged a USB into the CFO's laptop every evening, giving them access to personal information. This cost our client millions of dollars."
Earlier, when people were upset with an organisation, they picketed on the streets. Today, they hack you, Rajagopal pointed out. This is called 'hack-tivism,' with hackers even sending organisations the time and date of hacking, knowing that there is more than one way of hacking into systems. Furthermore, a hacker could be anywhere in the world which is a big problem. 2013 has been quite the year for hackers so far with Facebook, Twitter, Apple, New York Times and Coca-Cola being amongst the organisations that were hacked in this year alone.
"We always look at this problem as a traditional problem, a contained problem, which won't work. When it is borderless, anything can happen. YouTube has countless demonstrations of how someone anywhere in the world could do simple attacks. Hackers take it as revenge, a way of venting their anger, or as a form of fun – they don't even know who you are and to help them with this is Google, to help them find random people," he explained.
Advanced persistent threat is a more serious form of hacking, where governments launch attacks against another government – these are generally very well funded. Cyber warfare occurs when a party gets a group of hackers to hack another party – you now hear of US-based companies being hacked by China and vice versa.
"Advanced persistent threat is real. Operation Olympic Games was one where we investigated an African power plant linked to a Middle Eastern company. They used the SCADA system to operate their turbines and one day, they lost control of the system and the turbines moved faster and faster until they started smoking and collapsed. They changed the turbine, the entire controller but the turbine still crashed – all caused by a hack," he shared.
In response to a question about industries that are more vulnerable to hacking, Rajagopal stated that government agencies, financial institutions, telcos and such are obvious targets but that any organisation could be a victim of indirect attacks.
Integrated security systems
CISCO India and SAARC Head of Security Business Diwaker Dayal focused on megatrends prevalent in the world today, how these have increased the threat of security breaches and finally, how CEOs need to strike the right balance when dealing with cyber threats.
"The level of security threats across the world are rising – how ready are your IT and security professionals to deal with it," he questioned. "It's chaos out there and heads of businesses have to operate in a very dynamic and volatile environment."
The two megatrends that he identified were mobility and cloud and virtualisation. These two trends have completely changed the speed at which decisions are made by enterprises. "These two megatrends can be observed in any country and they have levelled the playing field for everybody. Threats have also evolved which is why this summit is relevant – how can we be more innovative?"
Security is a unique challenge, he noted, while adding that it is also a very profitable business as it's a cat and mouse game. It needs to be kept in mind that it is other people that are behind cyber attacks and not machines. Cyber attacks originally commenced in the '80s when people wanted access to free international calls – now it has evolved into organised crime. Entire nations can be targeted through cyber crime rings.
"Crime syndicates are using hacking as a money making machine. Only $ 50,000 is needed to create a program to swindle half a million dollars from bank accounts – it's simply an easier way to make money. We need to make sure we are ready for these kinds of threats," Dayal stated.
The problem with current security strategy is the fact that it doesn't scale, he identified. Furthermore, IT megatrends are creating the 'any-to-any' problem – any user on any device on any medium can access any network on any cloud. "There are so many moving parts which increase the complexity leading to more uncertainty and risk which is why we need to look at how we are deploying IT infrastructure."
"Achieving balance is challenging, as is making IT security say yes to accelerating your business. As business heads, you have a bigger picture to balance, maintaining growth while ensuring that security is not a speed breaker but instead breaks of a car because they actually make the car go faster," he explained.
Dayal revealed that in a survey conducted by CISCO amongst their customers, one of the biggest problems identified was that there are now too many vendors addressing security problems resulting in a myriad of boxes doing different things. "This is something that needs to change," he asserted. "New infrastructure being built needs to be integrated and intelligent so as to deal with not only current needs but future needs as well."
Pix by Daminda Harsha Perera and Upul Abayasekara

Cabraal urges banks to make cyber security number one priority

Making Sri Lanka's banking industry rethink their strategies entirely, Central Bank Governor Ajith Nivard Cabraal emphasised on the need for the financial sector to put cyber security ahead of convenience to customers.
He made these remarks while addressing the EC-Council Cyber Security Summit held yesterday, organised jointly by the Daily FT and CICRA Consultancies under the aegis of the US-based EC-Council.
As the head of the regulatory body of financial institutions in the country, Cabraal stated: "Look at security first before convenience. Banks must look at stability before profit in the same way that those in the ICT sector ensure that security is managed and implemented first, thinking of convenience later."

"Consider threats in the context of the most valuable resources in the organisation. Consider which threats are most likely to create significant risk and which could have considerable impact."
Despite Sri Lanka being named the eighth most vulnerable country to online assaults on a list compiled by Kaspersky, the Governor is of the view that the country has done well. "We haven't done too badly as far as our results concerned – organisations within Sri Lanka have been able to protect themselves, which means there has been suitable risk management strategies put into place to deal with issues of cyber security."
Delivering the keynote address at the EC-Council Cyber Security Summit was EC-Council USA President Jay Bavisi painted a rather grim picture of the world today and the plethora of cyber threats that nations, corporates and individuals are exposed to on a daily basis.
"How hard we have worked on cyber security by increased IT budgets, introducing policies, procedures, and governance, and creating new positions that never existed – like the ethical hacker for instance. Yet, we are losing and we are losing big time."
Bavisi added: "More money, more people, better governance and better compliance are not solving anything. We are in the middle of a cyber plague and most people don't even realise it. Networks are dying, cyber attacks are causing large implication on life and negative social and economic effects. Countries being wiped out, companies being shut down – you are seeing a revolution."
He stressed on the need for standards need to be adhered to, for internal motivation within organisations be built up, the hiring of ethical hackers and the implementation in-house security courses within organisations, reversal and creation of new laws and reviews of the global curricula on secure coding as ways of combating these threats.
"A country deals with cyber threats by dealing with offensive capabilities by creating cyber armies – the entire concept of having a cyber command will become a clear interface in the war systems of governments."
"I think ICT is reaching out to give individuals much more power. You can't sit in an ivory tower and have a business. Increased awareness, compliance, discipline and admission that this is not a sport but a serious way of life needs to become part and parcel of the DNA of organisations, and maybe next year we will be talking about personal cyber security and cyber health – it's a new language and expert interventions and guidance are required," noted Dialog Axiata Group CEO Hans Wijayasuriya. "We need to grow up – maturity is important. We need to realise that automation around us is not one-sided. We need to be disciplined."
LIRNEasia Founding Chair Prof. Rohan Samarajiva stated: "There is a need to get a balance between the real threats and the real threat perceptions that require us to act, and the hope that is needed to get people to use the new technology which will make their lives better and improve not only their life conditions, but also that of our country."
"For organisations to function, you need to have enough safeguards and communicate that you have these safeguards in order to create and maintain trust for users. About 50% of our population are affected by ICT-related transactions. 12.5% of Sri Lankans on the internet have made a calculation that the benefits of engaging in this space is better than the costs and risks and they are willing to manage those risks," he added.
Samarajiva also stressed on the need to make security a high priority as trust cannot be engendered amongst users without building security into the very core of an organisation's function.

The battle against cyber attacks

The proliferation of ICT and virtualisation has brought about a revolution of a different sort – a cyber revolution – which has created a myriad of benefits and opportunities to countries, organisations and individuals, while introducing the new and unstoppable threat of cyber attacks. Bringing down entire organisations and throwing countries into cyber warfare, it is a growing inevitability, one that needs to be battled.
Understanding the importance of cyber security for governments and organisations in Sri Lanka, the Daily FT in collaboration with CICRA Consultancies, under the aegis of the US-based EC-Council, hosted the Cyber Security Summit 2013, a series of events that drew attention to this growing menace and through a line-up of international and local experts on the topic, shared insights into how it can be combated at all levels.
The flagship event was a full day summit, the 'EC-Council Cyber Security Summit', prior to which a leadership forum with some of the country's top CEOs and chairmen was held. The series of events ended with the 'Night Hack' in the evening, an informative session with live demonstrations on cyber-related vulnerabilities.

 The cyber security quagmire
Delivering the keynote address at the EC-Council Cyber Security Summit was EC-Council USA President Jay Bavisi who also addressed the gathering of CEOs at the leadership forum held shortly before the flagship event. Delivering a presentation titled 'The Cybersecurity Quagmire: Finding the Panacea', Bavisi painted a rather grim picture of the world today and the plethora of cyber threats that nations, corporates and individuals are exposed to on a daily basis.
He commenced with a short sketch of the EC-Council, describing it as a certification body that governments come to when they get into trouble. "Governments go through a standard process – they enact a national cyber security policy, work with colleges to raise the level of standards, impose strict adherence to the standards and hope that they will be able reduce the gap but then they realise this does not work – corporations, government institutions are still attacked, data is stolen – then they come to where they are today."
Bavisi then drew some key pointers from the pharmaceutical industry. "Quarantine, hygiene, vaccination – what can we learn from this? A couple of scientific terms – elimination, eradication, control – are key words that governments around the world are using today when battling cyber threats as they are following the same track as the pharmaceutical industry. The medical industry has been using this method to deal with diseases."
Bavisi noted that despite all the work that has been put into battling cyber attacks – increased IT budgets, policies, procedures, governance and creating new positions that never existed – the ethical hacker, for instance – we are losing and we are losing the battle big time.
He drew upon the current example of the NSA scandal. "The sole purpose of having a program called Prism was to spy on foreign terrorists and yet one of their own was able to use something as low-tech as a pen drive to steal from the agency, go to Hong Kong and become a celebrity."
He went on to explain that in the US, a fundamental belief of its constitution is privacy and the NSA scandal has therefore created huge issues for the US government. While the US government can stop the NSA from spying on its citizens, they have no way of stopping other governments from doing so.
"We are looking at the bubonic plague in a different form, where a completely naturally healthy network is attacked – this is the actual challenge," Bavisi pointed out. "With Sri Lanka being built as a major force in the world, these are the kinds of lessons you have to learn very quickly."
"The Central Bank governor deserves a round of applause for being here. Banks are instrumental because they come up with policies and compliance standards and they dictate these as they are the ones with the money," he said.
Bavisi also outlined the process to combat cyber attacks. The first step is quarantine, through the use of firewalls and IDS, which is a necessary step. The next phase involves the implementation of regulations, policies and procedures. "Edward Snowden is an excellent example of how we could be attacked from inside. Therefore, there needs to be systems education for end-users, much like the process that has been put in place for obtaining a driver's license.
"The world is now in the middle of the education phase. With secure coding and developers, you will not have to worry about issues such as SQL injections. There also needs to be more technology capabilities built into university education," he stated.

 

Immunisation
Following the pharmaceutical industry's example, active and passive immunisation has also been put in place to combat cyber attacks. Ethical hackers act as active immunisation by hacking organisations ethically but that alone will not solve the problem as there is no widespread use of ethical hackers – the solution has to be implemented.
"Passive immunisation is a must. Compliance nowadays is like telling your wife she looks great in a dress despite the fact that she looks fat in it," Bavisi stated. "Internal motivation is lacking. There needs to be in-house security courses and a review of the curricula globally on secure coding."
"With better coding across the world, you will sell more and your clients will be more secure but you need to complete all the required steps. The real work starts the moment you leave this door – what will you do different as a proponent of cyber security to make this change?" Bavisi questioned the audience.

 Security before convenience
The Guest of Honour at the event, Central Bank of Sri Lanka Governor Ajith Nivard Cabraal highlighted the importance of addressing cyber attacks and getting the CEOs of companies involved in the process. "Every medicine taken has side effects and we have to be conscious of these side effects," he cautioned.
"Although we have been set out as the eighth most vulnerable country to cyber attacks, I feel that we have had a reasonably good track record and that we have been able to deliver the results we have wanted to deliver – we shouldn't be too unhappy or too upset about people who say we are the eighth worst – take heart from the fact that we have done well and we are at a fairly reasonable stage now," Cabraal stated on a positive note.
He observed that there has been a growing dependency on ICT and that Sri Lanka is no different, referring to it as the 'lifeblood' of the nation. ICT has created new ways and means of dealing with our day-to-day lives, brought forward new business opportunities, allowed new convenient means of delivering public services and new methods of work, and has brought about new social cultures.
However,  there are also new issues, Cabraal pointed out. Privacy is one such issue – can and should citizens be monitored and where do governments draw the line?
"From the point of view of the Central Bank, we are always concerned about risk mitigation – not only with dealing with the risk but also ensuring how those risks would have a lesser impact even if they do materialise. There are risks of faulty systems, improper usage, data corruption, weak internal controls, and improper education. There are also many systems that are used but at a sub-optimum level. Very expensive systems are used in a very limited fashion. Even technology upgrades and external risks such as hostile actions and accidental events can result in various losses," he stated. Organisations need to consider threats in the context of the most valuable resources in the organisation and see which threats are most likely to create significant risk and which could have a considerable impact, he advised.
Noting that armed or cyber terrorists only have to be lucky on only one day but we have to be lucky everyday to be protected" Cabraal added: "Sri Lanka had not done too badly as far as our results concerned. Organisations within Sri Lanka have been able to protect themselves which means there have been suitable risk management strategies put into place to deal with these issues. "
Governor also called on corporates to look at security first before convenience and in the case of banks they must look at stability before profit in the same way the ICT sector ensures that security is managed and implemented first and looks at convenience later. 

 
Creating trust
LIRNEasia Founding Chair Prof. Rohan Samarajiva stressed on the need to inculcate trust through the installation of safeguards in order to maintain and create trust amongst users of the product or service through his presentation titled 'Trust in electronically mediated environments: Why we need cyber security'.
"There is a need to strike a balance between the real threats and perceptions that require us to act and the hope that is needed to get people to use the new technology and make their lives better and improve not only their life conditions, but also that of our country. Trust is required when there is a probabilistic assessment. We have systems where you have greater or lesser degrees of risk or situations where we exercise trust or don't give trust," he noted.
12.5% of Sri Lankans are now on the internet. He observed that these people have made a calculation that the benefits of engaging in this space are better than the costs and risks and they are willing to manage those risks. For organisations to function there needs to be enough safeguards and the companies in turn need to communicate that they have these safeguards in order to create and maintain trust for users.
Samarajiva stated that the basic findings in economic literature show that there is a correlation between the increase in electronic transactions and economic growth. "Frictions in economy are being reduced, markets are being broadened and productivity of everyday life improves. There, of course, are some negatives, one of which is vulnerability."
"There is a lot more that can be done by both the Government and private sector. We need to open up more Government data in order to have more applications developed. Without trust, none of this will work because people won't go into these systems. Without a trust system, if we can't give people that assurance today, they will not make transactions so we need to understand this issue of trust," he stressed.
He used the example of credit cards – there is not credit card system with zero fraud, yet, risks are kept at a manageable level. The same applies to the virtual space. "This is a continual battle – people trying to defraud others and on the other side, the white hats trying to shut them down."
"I agree with the fact that every organisation needs to make cyber security a high priority because you can't engender trust amongst your users without building security into the very core of your function. The point is that it's not simply about preventing every single attack because you can't do that,"  he opined.
"Organisations have to create trust because that is the foundation that doing business on an electronic environment is based on and you will not have trust if you don't pay attention to security. We need to work at multiple levels, it comes down to our organisations and the Government must starts paying to attention to these things – unfortunately most Government websites are the most vulnerable to attack. The most important thing is that this is an inherently international system and we need to think beyond national."

Mobility and virtualisation
CISCO India and SAARC Head of Security Business Diwaker Dayal discussed the two biggest megatrends in the world today – mobility and virtualisation – in his presentation titled 'Cloud and virtualisation: Cutting costs vs. Cyber threats'.
He first spoke of mobility, pointing out that now, end-users are demanding the devices they want to use today. A employee can use a tablet to check inventory and log in a customer's order within five minutes. "The whole system now uses automated mobility and the cloud is changing the way things are being deployed and being consumed which has resulted in a lot of chaos in the backdrop of evolving threats and to solve these problems, you need innovative approaches."
In a survey that CISCO conducted last year amongst 1,300 CFOs and CTOs, a majority expected 50% of applications to move onto the cloud by 2015. While many of them felt they were ready to move onto the cloud, there was a lot of fear. "The lack of security and policy for the cloud was the reason that 66% of those surveyed gave. "The adoption of cloud is an inevitable journey but what we need to do is to make it more secure as it happens. Nothing can be confidential – the NSA scandal with Prism showed us this."
"The current networks were not designed for the cloud. They were designed for scalability and availability, not security. You will get threatened and feel the vulnerability because the current networks are not designed adequately and this is the area that CIOs want to fix. With the whole movement to the cloud, there is any-to-any problem – any user can use any device from anywhere and this is a massive problem from a security point of view. It makes everything an anomaly or unpredictable. CIOs struggle to apply policies on to their users in the organisation. With this kind of situation, there needs to be a radical change."
"With the cloud era taking off, we will have more attacks and when that happens, the traditional anti-virus software and perimeters will not work anymore. Analytics are needed to battle these threats, something that can be consumed and monitored by the cloud," Dayal explained.
"The enemy is a human so he will always find a way to overcome the obstacles put in his way," he said.
The dilemma, he stated, is really about conflicting interests as there is always a conflict as to how you want to apply security to your enterprise. If a bank wants to open branches across the world, there is technology that the cloud delivers that allows this to be done quickly, which helps organisations be more agile and fast but they needed to be provided the right risk mitigation and security.
"How much are you willing to spend to protect the asset – this is the balancing act that is left to the CEOs. It is not just the CTOs problem – if the network goes down, the person who is finally responsible to stakeholders is the CEO – they need to understand how budgeting works around security," he pointed out.
Dayal also said: "As Sri Lanka builds up its infrastructure, you have the chance to build infrastructure that is clean and more intelligent to withstand these sorts of attacks."
Piracy and malware
Underscoring the threats posed to governments, organisations and individuals due to piracy, which costs great cyber security risks, BSA | The Software Alliance Sri Lanka Committee Consultant Shalini Ratwatte in her presentation stressed on the need for the use of genuine software at all levels in order to battle cyber threats.
"Someone can always be watching what you're doing. In order to further substantiate the argument that piracy causes security breaches, a sample was conducted amongst five countries in Southeast Asia in which 282 computers were tested for non-genuine software. All computers were branded and were tested in a forensics lab in Taiwan," she explained as she presented the findings of this study.
68 of the computers contained malware. There was an infection rate was 69% and 74% of the sample DVDs had malware. One third of the malware found bypassed the genuine checks and 891 strains were considered hostile. Hostile is when there is something wrong and illegal done with that strain. The Windows firewall rules had been changed in 97% of computers and Windows updates disabled.
"With pirated software comes huge threats and breaches in security systems, causing malware to creep in. In spite of buying branded hardware, there were many instances of old hardware being swapped which contained threats and malware. Malware can even hide in the background as a normal picture file and therefore appears harmless," Ratwatte revealed.
"How do consumers stay safe? We are non-IT people, so how can we take responsibility to ensure security and avoid security breaches? One is by buying genuine software, check if there is a certificate of authenticity, a product label and holographic features. Make sure you purchase from authorised dealers. Avoid too good to be true deals as they are suspicious – in anything, not just software," she advised.
The BSA has identified the three South Asian countries with the highest piracy rates – Indonesia 86%, Thailand 72% and Malaysia 55%. 60% of the software in the Asia Pacific is also pirated.
Securing the code
CICRA Consultancies Head of Consultants and Master Trainer Krishnan Rajagopal focused on the need to 'secure the goods' in his presentation titled 'Securing the code: Penetration testing beyond compliance'.
"Sri Lanka wants to make the BPO industry hit US$ 1 billion. There will be a lot of software products originating from Sri Lanka. The most key factor in this is not writing just good code, but good secure code. It is a general problem that faces all of us. It's not an IT problem – they don't only hack IT guys. Sri Lanka is moving towards e-Government and you can have a situation where everything is digital. We have decided to get serious with security because any of us can get hacked," he pointed out.
Security is getting important, whether in our personal lives or corporate environment. However, he cautioned that one should not get too carried away with security as overdoing it will hamper your system, defeating the purpose entirely – there is a need to strike a balance.
Multiple layers of control are required in cyber security, much like homes are protected with doors, dogs, security systems and gates. The next step is attack surface reduction. Any part of an application that is accessible by a human or another program. Each one of these can be potentially exploited by a malicious user. Any accessible IP address is an attack surface. The less windows, the less chances of breaking in.
It is also important to assume that all applications can and will be compromised. If an application is compromised, then the potential damage that the malicious person can inflict should be contained and minimised accordingly, so that even if you get hacked, you won't get hacked too badly.
"Deploy applications in more secure configurations by default. This helps to better ensure that customers get a safer experience with your application out of the box, not after extensive configuration. A lot of vendors are making applications secure now. For instance, firewalls are on by default," Rajagopal advised.
"Twitter, Facebook, Evernote, Apple, New York Times and Coca-Cola were all hacked this year. The root cause of the hack was a website infected by a malware exploited Java plug-in. Research surveys conducted in 2013 show there are now only two types of companies left in the US – companies that have been hacked and companies that don't know that they have been hacked," he revealed.
There are now well funded hackers working through highly sophisticated environments. Pointing fingers is not going to help if basic fundamental rules are not followed, he added.
Rajagopal stated: "The purpose of prevention testing is to discover, confirm or disprove the exploitability of any potential vulnerability. However, we do have to approach it with some caution and be methodical and logical in approach. A lot of organisations are being deceived by consulting firms using inexperienced and unskilled testers. Don't just evaluate the company, evaluate the customer. Don't be overly ambitious, define your scope. The more intelligence you have on your system and consultant, the better.
Sri Lanka's banking sector
Central Bank of Sri Lanka Deputy Governor Dr. Nandalal Weerasinghe spoke on how Sri Lanka's banking sector has dealt with cyber security and presented a series of initiatives that have been undertaken by the regulator and the financial sector in order to combat cyber attacks and increase protection within the sector.
"Banking activities are fast changing with the adoption of modern technology. After telcos, banks are probably the fastest adopters of modern technology. The use of non-cash payment modes are increasing with the changing payment habits of the society," he said. "We have the responsibility of safeguarding the banking sector and the financial stability of the country."
While technology has brought about new ways of carrying out banking activities, it has also brought about the need for increased security. The Central Bank, he revealed, changes all passwords every three months and has imposed a number of security checks in order to safeguard its interests. The regulator has also taken a lot of action to protect consumer interest.
Some of these initiatives include the setting up of a computer security incident response team for the financial sector and setting up of BankCSIRT to provide strategic direction in achieving information security and information security risk management. Terminal line encryption has also been imposed, a mandatory requirement to ensure security of credit and debit card transactions originated by merchants which was initiated by the National Payment Council chaired by the CBSL. Furthermore, the CBSL conducts a comprehensive exam as part of its onsite statutory examination of banks.
"Development and continued maintenance is carried out to safeguard eBanking systems and data from both internal and external threats. We also have regular reviews of eBanking projects by our board of directors and we are now working on developing mobile payment and internet banking guidelines. Disaster recovery arrangements are a mandatory requirement for all participants of national payment and settlement systems. Banking system is in the forefront of adopting new technology as well as mitigating risks associated with such adoption," he stated.
Pix by Daminda Harsha Perera and Upul Abayasekara
The Daily FT-CICRA Consultancies organised EC-Council Cyber Security Summit was backed by CISCO as the principal sponsor and Dialog Axiata as the platinum sponsor. The Summit was endorsed by the ICTA as strategic partner whilst international industry organisation Business Software Alliance lent its support as advocacy partner. HSBC was the official bank and Cinnamon Lakeside Colombo, was the hospitality partner. Union Assurance was the official insurer whilst official printer was OfficeMax. The creative partner was Triad Digital,and electronic media partners were TV Derana, FM Derana and www.adaderana.lk.

Panel discussion on national preparedness against cyber attacks

Moderated by CICRA Consultancies Head of Consultants and Master Trainer Krishnan Rajagopal, the first panel of the summit was made up of EC-Council USA President Jay Bavisi and Dialog Axiata Group CEO Dr. Hans Wijayasuriya.

 
Q: A lot of countries are doing different things to protect themselves from cyber attacks – could you share some insights into this?
Bavisi: Many think that cyber preparedness is dealing with hacking but the fundamental solution is much wider. First, we need to look at the legal issues. In different countries, there is the need to think of the Data Protection Act – does the government have the rights to play the role of Big Brother? The US is threatened by China and is dealing with a country on a completely different terrain.
What are going to be our laws, how will we deal with it, are we going to snoop on our own people? There is also the need to think of education policies, national security policy – does there need to be a silent command? There is also no central repository to which everyone can connect to. Having a national cyber security strategy is one of the core issues that should be considered.

 
Q: Can you talk about a national cyber security strategy from a telco perspective – what are your expectations of a safe place to do business?
Wijayasuriya: I'm not a CEO who postpones cyber security – I take it very seriously. We have been talking about closing doors in quarantine, basically protecting the environment. Our calling as telcos are to open doors and increase the number of services to millions of people, thereby creating social equity and that's an exciting place to be. Telcos have a dual challenge – they are called upon to open up not to only the general public but also to the developer community.
The differences between a computer and mobile phone are disappearing. The more primitive phones were the safest. We are living in a high speed environment now. Just compare it to any other high speed environment, air travel for instance. It is the safest industry in the world and the safest form of transportation. This has been possible because there is a lot of discipline and compliance so I think we need to grow up – maturity is important. We need to follow the rules and be open to new rules and change as well. I feel we need to realise that automation around us is not one-sided. We need to be disciplined.

 
Q: National infrastructure protection is key. Could you share three takeaway points to jumpstart this process?
Bavisi: It depends on who the stakeholders are. A utilities company with a SCALA structure is different from being listed on the CSE. On size does not fit all. Every organisation needs to be self motivated rather than being motivated by force. If you are following the de-minimalist principle, you will be in trouble. The regulatory frameworks are there to provide you with minimalistic protection. The question is how do you develop motivation – this is where CEOs are very important. How will the leader of the organisation make this a widespread requirement of the company?
Android has been a growing source of malware inflictions but there is no motivation to make sure the apps are secure whereas Apple has that sort of motivation which also helps developers grow. Small or medium business whose employees have no clue what a malware is or how a firewall works could have an end-user cyber education program, which is free, and when you meet that assessment, you at least know that you are compliant. A lot of countries are beginning to do this by tying HR to security because they know this is their weakest link.

 
Q: Is jumping onto the ICT wagon without analysis a bomb waiting to explode?
Wijayasuriya: I wouldn't describe it as a bomb but there is a need for a much more heightened level of awareness, preparedness and ability to react quickly and take compliance seriously, internal motivation to be skilled. With all that, then we have a situation very similar to any other form of development.
I think the telecom sector is reaching out to give individuals much more power. You can't sit in an ivory tower and have a business. Increased awareness, compliance, discipline and admission that this is not a sport but a serious way of life needs to become part and parcel of the DNA of organisations, and maybe next year we will be talking about personal cyber security and cyber health – it's a new language and expert interventions and guidance are required.


Q: Are all governments using technology as a form of cyber security?
Bavisi: There is a serious change in the taxonomy of war. Earlier it was a known assailant against a known victim. The new war is called cyber war and it has a completely different taxonomy. You do not know when it starts or stops, you have no idea who the assailant or victim is – governments need to deal with an entire new concept.
The truth is that the time for debate is 60 seconds. You need to quickly determine what your strategy is. Governments realised that they need to have offensive capabilities. Cyber wars can cause the same damage as physically assaulting another country. A country deals with cyber attacks by creating cyber armies – the entire concept of having a cyber command will become a clear interface in the war systems of governments.
India's biggest weakness is that they didn't have a cyber command and they don't really communicate. In a cyber war, you will all be attacked together and so for that, you need a unified command. What are corporations going to do? If I were to attack you online, you can't attack me back because you don't know who I am and secondly, if you did, you would be breaking the law. I think countries will see cyber commands and cyber armies being formed – you are already seeing that. The next model is a change of law to allow early pre-emptive strikes to protect countries in an act of self defence – I think that's where technology is moving.

Panel discussion

Moderated by Daily FT Editor Nisthar Cassim, the second panel discussion of the summit was made up of BSA | The Software Alliance Sri Lanka Committee Consultant Shalini Ratwatte, CISCO India and SAARC Head of Security Business Diwaker Dayal, Central Bank of Sri Lanka Deputy Governor Dr. Nandalal Weerasinghe and CICRA Consultancies Head of Consultant and Master Trainer Krishnan Rajagopal.

 

 
Q: What are the options for companies to manage this threat?
Dayal: Moving into the cloud is like a journey and you need to make a start somewhere. There are a lot of things that companies have done today – how to move applications to the web one of the first steps you can look at. While you are doing that, look for a good development partner.  It is imperative to have secure coding and apps as part of that step and this should give you a good start when taking your two or three tier app to the cloud.

 
Q: Has the BSA evaluated the success of original software in minimising attacks?
Ratwatte: The study I showed was very recent, conducted in 2012 covered the most active five countries in Southeast Asia and we found that most of the computers with pirated software posed threats of malware infection – pirated software poses a great threat. The threats are exhausting but genuine software helps with creating a stopgap and giving a certain amount of security.


Q: How fast is the adaptation of original software growing in Sri Lanka?
Ratwatte: There is a significant trend amongst organisations towards purchase and licensing of original software, active participation from the public sector and great cooperation from the regulators. We have had a unified effort and lots of effort from the Government to create a safe infrastructure. Piracy is still high but it has dropped in the last five years.

 
Q: Through your experience, where do you think the willingness is lacking – at a staff level or higher up?
Rajagopal: We are seeing physical security and IT security converging. When we do investigations after the breach has occurred, we see that there is no clear vision from the top, security is the last thing on their minds. Security is now considered to be a black hole – you throw money and nothing comes out of it – this is the impression the top leaders have. There is also a lack of awareness from the ground level. Companies are going on a reactive approach. They need to become proactive and try to find the problem before it happens.

 
Q: Do you see that enthusiasm relevant amongst system staff?
Rajagopal: Yes, you have job roles that are very common now that did not exist 10 years ago. Now you see that level of IT and security leadership and it's a growing trend, even in Sri Lanka.

 
Q: What is your advice is to drive that process?
Rajagopal: Have a proper team that is well trained and drives security and IT leadership at the top level because without that, you won't have a person who can speak the lingo.

 
Q:  Can you expand on your work with CISCO?
Dayal: As we interact with customers, we see that the role of the CIO has evolved over the last decade or so. They are now present in banks and are in charge of information security. There is some form of management level ownership and I know that they report to the board at least on a quarterly basis on risk mitigation. Organisations are far more receptive to these topics and that's a start and a good sign. You will see a lot more end-user and management participation coming in


Q: The Governor asked the banking sector to focus on security over convenience – how is this being managed?
Weerasinghe: The banking sector adopted technology very fast but while adopting it, there have been a lot of issues – there is a huge gap in the knowledge of the board, directors and staff. All banks are trying to deploy technology quickly but the other part of that is the security of information. Do they have the right people with the right knowledge to protect the customer and the information – this is the part that is lacking in Sri Lanka. There is also a lack of specialised labour in this area. We don't have proper consultancies and people – within the banks there is a lack of knowledge in this area.

 
Q: What is your advice to participants as to what they can do from tomorrow as part of their professional duties?
Rajagopal: One of the key points is to take security seriously. A mindset change is required – we think it is never going to happen to us but it can happen because sometimes, the attacker randomly picks companies. Paranoia is good as it will automatically lead you to use your devices safely. Have a top down approach. Look at bringing your own devices because it will hit you anyway, as will the cloud. If your environment is not ready, you better think about how you can get it ready. Embrace it and embrace it securely. Use genuine software because then you know it's coming from the right source – we don't buy iPhones off people from the road but we do that with software.

Cyber Security via Night Hack

The first of its kind Night Hack, an evening of live demonstrations of hacking, was held last week as the final event of the Cyber Security Summit co-organised by the Daily FT and CICRA Consultancies Ltd., at the Cinnamon Lakeside Colombo. CICRA Consultancies Head of Consultants and Master Trainer Krishnan Rajagopal conducted three sessions showcasing vulnerabilities of corporate IT infrastructure and how they can be compromised. He described the first of his sessions as 'Monkey see, monkey do' acts. He said anyone who sees how this compromising of vulnerabilities is done, can practice and do the damage to corporate IT infrastructure. During the session, Krishna showed how expensive prices of a shopping cart can be reduced to cheaper prices; i.e. how a price of a business class flight ticket can be reduced to a very cheap price, much less than an economy class ticket, how prices of an online shopping cart of a flower store and IT sales store can drastically be reduced.
He also showed how public Wi-Fi connections can be compromised. Krishna demonstrated how a hacker can penetrate into a network when he is connected to the same network. Examples he showed included how the hacker can see and hijack the sessions of the users of a particular network when they are connected. 

Cyber security in the spotlight

Three back-to-back events for creating awareness on cyber security were successfully concluded last week in a joint initiative of the Daily FT and CICRA Consultancies Ltd., under the aegis of the US-based EC-Council, the world's largest vendor-neutral cyber security education provider. The thrust on cyber security included a Leadership Forum over breakfast to CEOs, a full-day summit attended by over 250 persons and a first-of-its-kind Night Hack with live demonstrations. Here are some highlights

ICTA TV program

Nenapiyasa ICTA TV program

SLBC subarathi program

Co-organised by:

In association with: