Cyber Security: An Analysis On Awareness On Cyber Security Among Youth In Sri Lanka

By R.S Weerasuriya, S.M.D.E Fernando and P.A.H.S Gunasekara –MARCH 30, 2021

In the modern context, ‘cyber attacks’ or ‘cyber hazards’ otherwise referred as ‘cyber crimes’, is a highly referred term because of its complex and evolving nature in a sphere unseen to the human eye; ‘cyber sphere’. The perpetrators and the victims of cyber crimes are reported from all over the world with no particular location, meaning any individual of any part of a region can be subjected to a cyber threat or actively participate in the particular area. As individuals who are living in a highly digitalized society, it is a vital need to be aware of the potential threats that comes with the use of information technology and how to be protected from these threats. Cyber security aims in protecting individuals from this border- less crimes and to ensure their safety while protecting their personal data, when surfing internet/ World Wide Web. Thus, this research aims at understanding the level of awareness among individuals (youth) about cyber threats and cyber security, in the Sri Lankan context. The research has been conducted in the context of Socio-legal, analytical and qualitative research formats in order to provide an understanding on the current position of cyber security awareness among youth in Sri Lanka and how the laws and legal institutions serve the needs of the society, and to find reasons and solutions for the facets and factors that are responsible for the tested area in the research.

Introduction

Cyber Security Awareness as defined by Shaw is the “degree of understanding of users about the importance of information security and their responsibilities and acts to exercise sufficient levels of information security control to protect the organization’s data and networks”[1] It varies from person to person which takes the forms of; low, medium or high level of awareness. Since the Information Technology has drastically subjected to changes over the past few years, so are the cyber threats which are evolving from transnational crimes to organized crimes, where the cyber attackers have moved from accessing information illegally to conspiring against state institutions and individuals by threatening and extortion. The United Nations Office of Drugs and Crime, stresses the need of firm laws and regulations over computer related activities among every nation, for only one third of the countries from the whole world has a well defined legal regime on this field, such as Europe, the United States of America and Singapore.

As the research focuses on cyber security awareness among youth, the notion of ‘youth’ should also be discussed. The United Nations has given a definition for the youth as, ‘persons between the ages of 15 and 24’. The youth in the present world have embraced the internet based communication methods faster than the elders and they are now at a state where they can’t even imagine a world without internet and smart phones. If youth was asked to name any thing that he/she can’t live without, it is quite sure that he/she would say “computers and smart phones.” These devices have now become a part of their daily life and they spend a considerable amount of time using computers, smart phones and especially social media. Hence, there is a huge threat to youth, especially in Sri Lanka, where they easily become victims of cyber crimes. Therefore it is mandatory to analyze the awareness level of cyber security among the youth.

Bearing both the positive and negative consequences of computer related activities, many countries, especially in the 21st century, have imposed legislations related to computer mischief. The developed countries such as United States of America, Singapore are in the lead in terms of protecting individuals and entities from possible cyber threats and in being aware of the cyber security. However, it should be also noted that these countries are the highest rated among being threatened by cyber attackers, yet are successful in solving the computer related cases for they have proper institutional and legal framework. For instance, The Ministry of Communications and Information of Singapore plays a key role in ensuring preventing and eradicating cybercrimes within the boundaries of Singapore. Legislations such as Computer Misuse and Cyber security Act of 2007 (Chapter 50A), Computer Misuse and Cyber security (Amendment) Bill of 2017 (Bill No. 15/2017) have been enacted by the Government in order to secure the rights of the people who have been victims of Cyber threats and to punish those who engage in cybercrimes. Moreover, Cyber Security Agencies and Cyber space Master plans have been launched to raise cyber security of the organizations within the country while creating awareness among the people about the possible threats they could face at any time of the day.

In Sri Lanka, The Computer Crimes Act No. 24 of 2007, Intellectual Property Act No. 36 of 2003, Right to Information Act No. 12 of 2016, Banking Act No. 30 of 1988, Telecommunications Act No. 25 of 1991 and Electronic Transactions Act No. 19 of 2009 are some of the existing legislations which covers the area of computer related crimes and activities and also for issues related to a person’s privacy. A bill was brought forward in 2019 by the previous government, for enhancing cyber security although it was not included into the Sri Lankan legal regime. It mainly focused on ‘implementing a national cyber security strategy, establishing a digital infrastructure protection agency, empowering CERT, establishing a proper institutional framework, protect critical infrastructure within Sri Lanka and to provide for matters or incidents related to computer related technology.’[2] The Sri Lanka Computer Emergency Readiness Team (SLCERT) is considered as the national centre for Cyber Security and the general public is to inform or contact the relevant authorities regarding any mischief related to computers. However, it has not been given much importance and as a result only few persons know about it. It is proven through statistics that though there is whole lot of people who use internet in a daily basis in Sri Lanka, only few know how to combat with cyber threats and aware of means of cyber security. Thus, it is a vital need to provide a safe, secure cyber security environment while preventing, mitigating and responding to cyber security threats and incidents, and the research focuses on this matter by stressing on the group of ‘youth’ in Sri Lanka.

Findings

A survey conducted by CERT in Sri Lanka in 2017 shows the extent to which the Sri Lankan youth disclose their identity through social media. Accordingly 92% of the youth reveal their names, 76% reveal their date of birth, 72% disclose their personal photos, 65% disclose their Email address, 47% disclose their contact numbers and 25% disclose their relationships and marital status on social media. Also 67% allowed their profiles to be seen in public search pages. The survey provide a good example for how hazardous it can be for the Sri Lankan Youth if they did not manage their computer and Smartphone systems and social media properly with a proper knowledge about cyber security. Cyber security threats can be occurred when these devices are used despite of taking proper security measures. Cyber attackers can use an individual’s sensitive data and they can gain access to their financial accounts as well. Examples for some cyber security threats are as follows;

* Malware and Ransom ware: This can be activated when a user clicks on a malicious link or attachment and this will ultimately lead into installing dangerous software.

* Phishing: This is an act of using fake communication methods, such as an Email to trick the receiver into opening it and this may contain instructions to provide your credit card number, passwords and etc.

* Password attacks: Cyber attackers may use a person’s password to access to wealth and information.

So it is crucial to analyze whether the Sri Lankan youth are aware of these cyber security threats. In order to reach this purpose, a survey was conducted between the age groups of 15- 25 Sri Lankan youth.

[Figure 1]

According to the figure 1 of the survey, out of 127 responses, 48% participants were male and 50.4% of them were female participants.

Read More