Cybersecurity Threats in Sri Lanka: Recent Incidents and Protective Measures

Sri Lanka's digital landscape is evolving rapidly, bringing with it unprecedented opportunities for growth and innovation. However, this digital transformation also exposes individuals and organizations to increasing cybersecurity threats. As businesses, government entities, and individuals become more reliant on digital platforms, they simultaneously become more vulnerable to sophisticated cyber attacks. This blog post examines recent cybersecurity incidents in Sri Lanka and provides practical strategies to minimize their impact. Recent Cybersecurity Incidents in Sri Lanka Financial Phishing Attacks (2024-2025) The financial sector in Sri Lanka has been facing a significant surge in targeted attacks. According to the latest Kaspersky Security Bulletin, Sri Lanka recorded 9,218 incidents of financial phishing in 2024 alone, primarily targeting business-to-business (B2B) financial transactions. These attacks used fraudulent notifications designed to impersonate legitimate financial institutions, tricking individuals and organizations into revealing critical credentials such as banking login details and payment information. The scale of these attacks is concerning - Kaspersky products detected over 8.6 million web-based cyberthreats and 12.5 million local malware incidents on computers in Sri Lanka in 2024, placing the country in a critical position that demands stronger cybersecurity practices. Banking Sector Incidents (2025) In March 2025, Cargills Bank identified and successfully countered a cybersecurity event involving unauthorized access to a peripheral system within its infrastructure. The bank acted swiftly to isolate affected components and engaged cybersecurity experts to assess and mitigate the threat. Fortunately, there were no disruptions to banking operations, demonstrating the value of rapid response protocols. Government Systems Attacks The Sri Lankan government has faced several significant cyber attacks in recent years:

In August 2023, a massive ransomware attack hit the Lanka Government Cloud (LGC), affecting approximately 5,000 email accounts with the gov.lk domain, including those of cabinet ministers. The attack resulted in permanent data loss from May to August 2023, highlighting serious vulnerabilities in the government's digital infrastructure. In February 2025, a nationwide power outage caused by infrastructure issues exposed weaknesses in Sri Lanka's critical systems. While not a direct cyber attack, this incident revealed how vulnerable interconnected systems can be to disruption, whether from physical or digital threats. Historical incidents such as the 2021 cyberattacks on at least 10 Sri Lankan national websites, including those of key ministries, demonstrate an ongoing pattern of targeting government infrastructure.

The Evolving Threat Landscape The cybersecurity threats facing Sri Lanka have evolved from simple website defacements to sophisticated ransomware, phishing campaigns, and targeted attacks on critical infrastructure. Several factors contribute to this changing landscape:

Increased Digitalization: As more services move online, the attack surface expands significantly. Sophisticated Attack Methods: Cybercriminals are employing increasingly advanced techniques, including social engineering and zero-day exploits. Economic Factors: As noted in past incidents, economic challenges can lead to reduced cybersecurity investments, creating vulnerabilities when organizations cannot renew security licenses or implement updates. Geopolitical Elements: Some attacks have been claimed by groups with political motivations, adding another dimension to the cybersecurity challenges.

Strategies to Minimize Cybersecurity Risks For Organizations

1. Implement Multi-layered Security Systems Deploy comprehensive security solutions that include:

Firewalls and intrusion detection systems Anti-phishing technologies Endpoint protection Network monitoring tools Data encryption

2. Regular System Updates and Patching One of the primary lessons from the government email system attack was the danger of using outdated, unsupported software. Organizations should:

Maintain regular update schedules for all systems Patch vulnerabilities promptly Replace end-of-life software and hardware Conduct periodic security audits

3. Employee Training and Awareness Human error remains one of the biggest security vulnerabilities. Organizations should:

Conduct regular cybersecurity awareness training Implement simulated phishing exercises Establish clear security protocols Create a culture of security consciousness

4. Backup and Recovery Strategies To mitigate the impact of successful attacks:

Implement regular, comprehensive backup procedures Store backups securely, with offline copies Test recovery processes regularly Develop and practice incident response plans

5. Adopt Zero Trust Architecture The principle of "never trust, always verify" is increasingly important:

Verify all access requests regardless of source Implement least privilege access controls Use multi-factor authentication for all systems Segment networks to contain potential breaches

For Financial Institutions Given the targeted nature of attacks against financial institutions, additional measures are recommended:

1. Enhanced Customer Authentication

Implement strong multi-factor authentication for all customer accounts Use biometric verification where appropriate Deploy behavioral analytics to detect unusual activities Institute transaction verification processes

2. Secure Transaction Monitoring

Employ real-time fraud detection systems Analyze transaction patterns to identify anomalies Set transaction limits and notifications Create secure customer communication channels

3. Regulatory Compliance

Stay updated with local and international cybersecurity regulations Conduct regular compliance audits Participate in information-sharing initiatives with other financial institutions Collaborate with cybersecurity authorities like CERT|CC

For Government Agencies Given the critical nature of government systems and past incidents, government agencies should:

1. Modernize Digital Infrastructure

Prioritize updating legacy systems Ensure adequate budget allocation for cybersecurity Implement resilient, redundant systems Adopt cloud security best practices

2. Enhance Incident Response Capabilities

Develop comprehensive incident response plans Conduct regular tabletop exercises and simulations Establish clear communication protocols during incidents Form specialized cybersecurity response teams

3. Strengthen Public-Private Partnerships

Collaborate with private sector cybersecurity experts Share threat intelligence across sectors Develop joint cybersecurity initiatives Provide cybersecurity support to critical infrastructure operators

For Individuals Individual citizens can also take steps to protect themselves:

1. Practice Good Digital Hygiene

Use strong, unique passwords for different accounts Enable multi-factor authentication whenever possible Keep devices and applications updated Be cautious about public Wi-Fi networks

2. Recognize Phishing Attempts

Verify the sender before clicking on links or downloading attachments Look for grammatical errors or unusual urgency in messages Check website URLs carefully before entering credentials When in doubt, contact the organization directly through official channels

3. Secure Personal Information

Limit the personal information shared on social media Use privacy settings on online accounts Regularly check financial statements for unauthorized activities Consider using a password manager

The Road Ahead: Building Cyber Resilience Cybersecurity is not just about preventing attacks but also about building resilience—the ability to continue operations and recover quickly when attacks occur. For Sri Lanka, several strategic initiatives could strengthen national cyber resilience: National Cybersecurity Framework Sri Lanka has taken steps toward establishing a national cybersecurity authority through legislation in 2023. This framework should continue to evolve with:

Clear governance structures and responsibilities Standards and guidelines for critical sectors Certification programs for cybersecurity professionals Regular national cybersecurity assessments

Cybersecurity Education and Workforce Development Building human capacity is crucial for long-term security:

Integrate cybersecurity into educational curricula Support specialized cybersecurity degree programs Encourage professional certification in cybersecurity Create incentives for cybersecurity career paths

International Collaboration Cyber threats transcend borders, making international cooperation essential:

Participate in global cybersecurity initiatives Share threat intelligence with trusted partners Adopt international best practices and standards Contribute to regional cybersecurity efforts

Conclusion The cybersecurity landscape in Sri Lanka continues to evolve rapidly, with sophisticated threats targeting various sectors of the economy. Recent incidents demonstrate that no organization is immune, and a proactive, comprehensive approach to cybersecurity is essential. By implementing robust security measures, fostering a culture of security awareness, and building resilience through preparation and collaboration, individuals and organizations can significantly reduce their vulnerability to cyber attacks. As Sri Lanka continues its digital transformation journey, cybersecurity must remain a top priority—not an afterthought. Remember that cybersecurity is a continuous process, not a one-time project. Regular assessment, adaptation, and improvement of security measures are necessary to stay ahead of evolving threats in our increasingly connected world.

Disclaimer: This blog post provides general information and recommendations based on publicly available information about cybersecurity incidents. It does not constitute professional legal or technical advice. Organizations should consult with cybersecurity professionals to develop strategies appropriate for their specific circumstances.