Abstract:
The COVID-19 Pandemic significantly increased the
use of information and communication technology as governments,
institutions and companies worldwide were obliged to move to a
work-from-home model in order to ensure the survivability of their
businesses and other operations. This in turn led to a significant
increase in cyberattacks due to the larger number of operations
that were moved from physical space to cyberspace. The pandemic
resulted in the heightened importance and awareness of the need for
IT security. Companies learned the hard way during the pandemic
that a business could be destroyed by a single cyberattack and that
the concept of IT security entailed more than simply hiring an
IT manager and fixing a virus guard. This also resulted in much
confusion as to the real cost and the level of sophistication that is
necessary to safeguard an institution’s IT operations. This paper is
intended to provide guidance to IT professionals and entrepreneurs
with regard to the practical steps that should be taken to protect
one’s business in cyberspace. In particular, it explores fundamentally
simple practices such as vulnerability testing, patching and correct
configurations, by which as much as 80% of data breaches can be
prevented. The paper uses Sri Lanka as a case study and analyses
contemporary data published by the Sri Lanka Computer Emergency
Response Team.