The Central Bank of Sri Lanka (CBSL) has made it mandatory for all licensed banks to report significant IT and cybersecurity incidents promptly. The directive, issued via circular, aims to ensure a coordinated and swift response to threats that could disrupt the banking sector.
The circular classifies incidents under three main categories: Information Technology incidents, cybersecurity incidents, and online and digital scams. An Information Technology incident is any event that disrupts operations, causes potential financial loss, or damages a licensed bank’s reputation due to failures or security breaches in its IT systems. A cybersecurity incident involves the compromise of a bank’s system or data confidentiality, integrity, or availability. Online and digital scams refer to fraudulent activities conducted via the internet or digital devices to deceive individuals into revealing personal, financial, or sensitive information or to cause financial loss.
A wide range of incidents must be reported, including intrusions, hacking attempts, malware, ransomware, malicious code, viruses, phishing, and Distributed Denial-of-Service (DDoS) attacks. The circular also lists social engineering, unauthorised access, insider threats, Advanced Persistent Threats (APTs), and supply chain attacks. Online scams targeting customers and unplanned system outages, interruptions, failures, slowness, or unresponsiveness are also included.
Regulatory non-compliance with IT and cybersecurity requirements is considered reportable. “At a minimum, the following broad categories of IT and cybersecurity incidents—and any other similar events—shall be reported to the CBSL,” the circular states.
Licensed banks must report incidents to the Director of the Bank Supervision Department in three phases. An initial report is required within two hours of detection, followed by a detailed report within 14 days. A quarterly summary report must also be submitted within 15 days of the end of each quarter. The new directive revokes the 2016 circular on “Reporting on Cybersecurity Events.”
The Department of National Zoological Gardens is readying enclosures to quarantine two large tortoises that were found stranded 15 kilometers westwards off Pitipana Negombo, today.
The Customs Department said it will be publish the names of institutions and individuals who violate customs laws and commit tax fraud by uploading the information on its official website www.customs.gov.lk.
A board of inquiry has been appointed to investigate the death of a student at the University of Sabaragamuwa, reportedly linked to a ragging incident.
Read this week’s Sunday Times for your interesting articles including the ’’5th Column’’.
Leave Comments