header logo
Mogo Academy
Latest
Expert raises concerns over Finance Ministry’s cybersecurity measures after BEC attack
Apr 25, 202610:15 AM
Expert raises concerns over Finance Ministry’s cybersecurity measures after BEC attack
Mobitel Inner

Cybersecurity expert Asela Waidyalankara states that technical measures are available to prevent incidents such as hackers gaining access to funds, as seen in the reported cyberattack involving a USD 2.5 million Treasury payment.

 

He explained that the cyberattack method used in the incident is known as Business Email Compromise (BEC), a tactic that has affected many private sector institutions.

 

However, Waidyalankara pointed out that because the Central Bank of Sri Lanka (CBSL) has recommended that the domestic banking system obtain ISO 27001—the international standard for Information Security Management Systems—cyberattacks against banks have been minimized.

 

According to him, if an institution such as the Treasury, which bears greater responsibility for the country’s funds than a bank, had implemented similar control mechanisms, the impact of such incidents could have been minimized.

 

Further elaborating, he stated that BEC cyberattacks typically involve intercepting invoices sent by one organization, altering the details, and redirecting payments to fraudulent accounts.

 

Cybersecurity expert Asela Waidyalankara further stated:

 

“The Business Email Compromise (BEC) method was utilized in this cyberattack. This is a common occurrence in the private sector. For example, when an invoice is sent from one organization to another, hackers may intercept it, alter the account details, and redirect the payment to a different account. The concern here is that this involved a financial transaction within a branch of the country’s Ministry of Finance.”

 

He stated that technical tools are available to mitigate such risks and noted that it must be examined whether these measures were properly utilized, whether email systems were up to date, and whether they had been adequately patched. He further observed that there appear to be structural issues within the institution regarding the management and oversight of cybersecurity.

 

“The Central Bank has mandated that Sri Lankan banks obtain ISO 27001 certification, which requires annual external audits. The absence of such standards in an institution like the Ministry of Finance, where national funds are handled, represents a significant shortcoming. While ISO 27001 does not guarantee immunity from cyberattacks, it provides a framework to minimize such risks,” he said.

 

He further added, “Banks are not routinely compromised because they adhere to stringent cybersecurity standards and processes. Given that the General Treasury handles national wealth on a scale greater than that of a typical bank, implementing comparable controls could have potentially prevented this situation.”
 

 

 

 

RelatedNews
MostRead
Mobitel Upahara
VideoStories
“AI and digital platforms reshaping global media”  'Media Fest 2026' delves on future of journalism

“AI and digital platforms reshaping global media” 'Media Fest 2026' delves on future of journalism

"Public interest must be prioritized" Govt.'s move to extend retirement age of judges hits roadblock

"Public interest must be prioritized" Govt.'s move to extend retirement age of judges hits roadblock

How can Sri Lanka bypass secondary sanctions? Ex-Foreign Sec. explains SL's options on Hyde Park

How can Sri Lanka bypass secondary sanctions? Ex-Foreign Sec. explains SL's options on Hyde Park

“Tsunami towers are not used to detect disasters” - DMC Chief bemoans lack of resources

“Tsunami towers are not used to detect disasters” - DMC Chief bemoans lack of resources

Govt exerting influence over country's judiciary – Opposition Leader accuses

Govt exerting influence over country's judiciary – Opposition Leader accuses

Sri Lanka to strengthen preparedness for potential El Niño-related climate changes

Sri Lanka to strengthen preparedness for potential El Niño-related climate changes

Sri Lanka’s dengue death toll rises to 47 as cases exceed 67,000

Sri Lanka’s dengue death toll rises to 47 as cases exceed 67,000

Middle East conflict disruptions weigh heavily on Asia’s economic outlook, ADB warns

Middle East conflict disruptions weigh heavily on Asia’s economic outlook, ADB warns

Dengue cases remain high in Western Provincewith nearly 35,000 cases reported

Dengue cases remain high in Western Provincewith nearly 35,000 cases reported

Appeals Court postpones further consideration of Suresh Sallay’s petition until July 14

Appeals Court postpones further consideration of Suresh Sallay’s petition until July 14

Opposition Leader accuses govt of exploiting parliamentary rules to silence MPs

Opposition Leader accuses govt of exploiting parliamentary rules to silence MPs

Eight prison officers killed in Negombo Prison riots posthumously promoted

Eight prison officers killed in Negombo Prison riots posthumously promoted

Prison officer faces death threats after opening fire during Negombo Prison clash

Prison officer faces death threats after opening fire during Negombo Prison clash

Paddy procurement for Yala season set to commence on July 15

Paddy procurement for Yala season set to commence on July 15

71 Colombo University students contract dengue; several lectures moved online

71 Colombo University students contract dengue; several lectures moved online

Lassana Flora