By R.S Weerasuriya, S.M.D.E Fernando and P.A.H.S Gunasekara –
In the modern context, ‘cyber attacks’ or ‘cyber hazards’ otherwise referred as ‘cyber crimes’, is a highly referred term because of its complex and evolving nature in a sphere unseen to the human eye; ‘cyber sphere’. The perpetrators and the victims of cyber crimes are reported from all over the world with no particular location, meaning any individual of any part of a region can be subjected to a cyber threat or actively participate in the particular area. As individuals who are living in a highly digitalized society, it is a vital need to be aware of the potential threats that comes with the use of information technology and how to be protected from these threats. Cyber security aims in protecting individuals from this border- less crimes and to ensure their safety while protecting their personal data, when surfing internet/ World Wide Web. Thus, this research aims at understanding the level of awareness among individuals (youth) about cyber threats and cyber security, in the Sri Lankan context. The research has been conducted in the context of Socio-legal, analytical and qualitative research formats in order to provide an understanding on the current position of cyber security awareness among youth in Sri Lanka and how the laws and legal institutions serve the needs of the society, and to find reasons and solutions for the facets and factors that are responsible for the tested area in the research.
Cyber Security Awareness as defined by Shaw is the “degree of understanding of users about the importance of information security and their responsibilities and acts to exercise sufficient levels of information security control to protect the organization’s data and networks” It varies from person to person which takes the forms of; low, medium or high level of awareness. Since the Information Technology has drastically subjected to changes over the past few years, so are the cyber threats which are evolving from transnational crimes to organized crimes, where the cyber attackers have moved from accessing information illegally to conspiring against state institutions and individuals by threatening and extortion. The United Nations Office of Drugs and Crime, stresses the need of firm laws and regulations over computer related activities among every nation, for only one third of the countries from the whole world has a well defined legal regime on this field, such as Europe, the United States of America and Singapore.
As the research focuses on cyber security awareness among youth, the notion of ‘youth’ should also be discussed. The United Nations has given a definition for the youth as, ‘persons between the ages of 15 and 24’. The youth in the present world have embraced the internet based communication methods faster than the elders and they are now at a state where they can’t even imagine a world without internet and smart phones. If youth was asked to name any thing that he/she can’t live without, it is quite sure that he/she would say “computers and smart phones.” These devices have now become a part of their daily life and they spend a considerable amount of time using computers, smart phones and especially social media. Hence, there is a huge threat to youth, especially in Sri Lanka, where they easily become victims of cyber crimes. Therefore it is mandatory to analyze the awareness level of cyber security among the youth.
Bearing both the positive and negative consequences of computer related activities, many countries, especially in the 21st century, have imposed legislations related to computer mischief. The developed countries such as United States of America, Singapore are in the lead in terms of protecting individuals and entities from possible cyber threats and in being aware of the cyber security. However, it should be also noted that these countries are the highest rated among being threatened by cyber attackers, yet are successful in solving the computer related cases for they have proper institutional and legal framework. For instance, The Ministry of Communications and Information of Singapore plays a key role in ensuring preventing and eradicating cybercrimes within the boundaries of Singapore. Legislations such as Computer Misuse and Cyber security Act of 2007 (Chapter 50A), Computer Misuse and Cyber security (Amendment) Bill of 2017 (Bill No. 15/2017) have been enacted by the Government in order to secure the rights of the people who have been victims of Cyber threats and to punish those who engage in cybercrimes. Moreover, Cyber Security Agencies and Cyber space Master plans have been launched to raise cyber security of the organizations within the country while creating awareness among the people about the possible threats they could face at any time of the day.
In Sri Lanka, The Computer Crimes Act No. 24 of 2007, Intellectual Property Act No. 36 of 2003, Right to Information Act No. 12 of 2016, Banking Act No. 30 of 1988, Telecommunications Act No. 25 of 1991 and Electronic Transactions Act No. 19 of 2009 are some of the existing legislations which covers the area of computer related crimes and activities and also for issues related to a person’s privacy. A bill was brought forward in 2019 by the previous government, for enhancing cyber security although it was not included into the Sri Lankan legal regime. It mainly focused on ‘implementing a national cyber security strategy, establishing a digital infrastructure protection agency, empowering CERT, establishing a proper institutional framework, protect critical infrastructure within Sri Lanka and to provide for matters or incidents related to computer related technology.’ The Sri Lanka Computer Emergency Readiness Team (SLCERT) is considered as the national centre for Cyber Security and the general public is to inform or contact the relevant authorities regarding any mischief related to computers. However, it has not been given much importance and as a result only few persons know about it. It is proven through statistics that though there is whole lot of people who use internet in a daily basis in Sri Lanka, only few know how to combat with cyber threats and aware of means of cyber security. Thus, it is a vital need to provide a safe, secure cyber security environment while preventing, mitigating and responding to cyber security threats and incidents, and the research focuses on this matter by stressing on the group of ‘youth’ in Sri Lanka.
A survey conducted by CERT in Sri Lanka in 2017 shows the extent to which the Sri Lankan youth disclose their identity through social media. Accordingly 92% of the youth reveal their names, 76% reveal their date of birth, 72% disclose their personal photos, 65% disclose their Email address, 47% disclose their contact numbers and 25% disclose their relationships and marital status on social media. Also 67% allowed their profiles to be seen in public search pages. The survey provide a good example for how hazardous it can be for the Sri Lankan Youth if they did not manage their computer and Smartphone systems and social media properly with a proper knowledge about cyber security. Cyber security threats can be occurred when these devices are used despite of taking proper security measures. Cyber attackers can use an individual’s sensitive data and they can gain access to their financial accounts as well. Examples for some cyber security threats are as follows;
* Malware and Ransom ware: This can be activated when a user clicks on a malicious link or attachment and this will ultimately lead into installing dangerous software.
* Phishing: This is an act of using fake communication methods, such as an Email to trick the receiver into opening it and this may contain instructions to provide your credit card number, passwords and etc.
* Password attacks: Cyber attackers may use a person’s password to access to wealth and information.
So it is crucial to analyze whether the Sri Lankan youth are aware of these cyber security threats. In order to reach this purpose, a survey was conducted between the age groups of 15- 25 Sri Lankan youth.
Figure 2 shows that 92.9% of them belonged to the age category of 21-25 and 7.1% were belonged to age 15- 20. According to figure 3, 21.3% of them were using desktop computers and 85% of them were using laptops while a percentage of 98.4% were using smart phones. These devices were used for the purposes such as educational purposes (92.9%), to gain information (86.6%), to access social media (88.2%), for entertainment purposes (85%), for business purposes (29.1%) and lastly, for other purposes (25.2%) which were not mentioned in the questionnaire.
Figure 4, shows that 67.7% of the participants were aware of Malware, a cyber security threat and 31.5% were aware about ransomware while 30.7% were aware of phishing. Majority were aware about password attacks and the amount was 70.1%.
This survey clearly portraits that the level of awareness with regard to cyber security threats is satisfactory, among the youth in Sri Lanka.
According to figure 5 most of them (81.1%) have installed and updated Anti- virus programmes to their Computers and smart phones in order to provide cyber security for their devices. Enabling computer fire wall was done by 51.2% participants. Since social media is a place where the youth are actively engaging in, there is a higher risk of getting cyber security threats in these platforms. 63% of them have taken measures to protect their social media accounts by changing social media privacy settings (63%) and using passwords to Google accounts and other social media accounts (77.2%). It seems that most of the youth have taken safety measures to protect their accounts and data from cyber attacks.
Despite of taking all these safety measures, 66.1% of them have experienced computer virus incidents. A considerable amount (59.8%) of the participants have got spam emails and text messages. 9.4% of them have experienced cyber bullying and 11% of their smart phones, computer devices and social media accounts have been hacked.
Hence the knowledge regarding cyber security should be improved. However, the cyber security awareness among youth in Sri Lanka is significantly not that much low but need to be improved.
Throughout the research it was found that the government should recommend more cyber security policies and standards, and laws and regulations while facilitating the implementation of such policies in all government institutions and other relevant sectors which posses’ confidential information. It is high time to raise awareness among the people, especially the youth who are always prone to cyber threats, by conducting awareness programs, and starting from the school education, where the children will be taught about the cyberspace and how to face the computer related threats, in an advanced manner. Most importantly, this type of education should not be limited only to urban areas of the country. Even the youth in suburbs should be given the opportunity to embrace the technology and to learn how to overcome the threats directed from cyber sphere. Since the young people use internet more than that of adults, and as majority of the youth have access to internet, the government should take measures to create virtual assistants or various safe portals, with the help of the experts in the field, which will direct the youth to avoid using of dangerous sites which includes pornographic content, in the internet. Moreover, in the present context, youth are more biased towards online shopping and online banking. Because of this their personal data which includes the passwords, names, etc, are always threatened. The number of frauds that relate with e- businesses and online transactions have risen up, which in result have made them to face unbearable situations such as loss of money and confidential data. They should be also taught how to secure their devices from various types of computer viruses such as ‘boot sector viruses, web scripting viruses, browser hijacker, polymorphic viruses’ and many more, by installing legal software applications that are available in the app stores. Although, a considerable amount of youth is aware on this, there is still a group of individuals who are not aware on this situation. Thus, the aforementioned steps should be brought forward in no time.
The research result clearly portrays that the awareness on cyber security among youth in Sri Lanka is in a satisfactory level. Yet, their knowledge on cyber security awareness should be enhanced as they are still in the red zone being victims of cyber threats. They should be aware on how to protect and encrypt their personal data, which is still in a very low level. In sum, the government should be alarmed of this situation and should implement relevant laws and regulations, even after they themselves were hacked during the pandemic in last few months. Measures should be taken to enhance cyber security in the country and further delay will lead to unbearable circumstances. As of today, since the daily routine of the people is mainly revolve around internet, especially from this work from home and distant learning, the internet has become a basic need, and with the competition that has aroused from the advancements in technological field, it is a vital need to be aware on security measurements which will help to secure the Sri Lankan society as a whole.
Cyber Security Bill – FINAL with Amendments 12th Sept 2019.pdf, <https://www.cert.gov.lk/Downloads/Cyber%20Security%20Bill%20-%20FINAL%20with%20Ammedments%2012th%20Sept%202019.pdf> Accessed 15th March 2021
Johansen, Alison Grace, What is a computer Virus, (Norton Life lock, July 23rd 2020) <https://us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html> Accessed 15th March 2021
Moti Zwilling, Galit Klien, Dušan Lesjak, Łukasz Wiechetek, Fatih Cetin & Hamdullah Nejat Basim (2020): Cyber Security Awareness, Knowledge and Behaviour: A Comparative Study, Journal of Computer Information Systems, DOI: 10.1080/08874417.2020.1712269 <https://www.researchgate.net/profile/Fatih-Cetin-3/publication/339273589_Cyber_Security_Awareness_Knowledge_and_Behavior_A_Comparative_Study/links/5e46ef2ba6fdccd965a5c9be/Cyber-Security-Awareness-Knowledge-and-Behavior-A-Comparative-Study.pdf> Accessed 17th March 2021
Shaw RS, Chen CC, Harris AL, Huang HJ. The impact of information richness on information security awareness training effectiveness. Comput Educ. 2009; 52(1):92–100.
 Cyber Security Bill – FINAL with Amendments 12th Sept 2019.pdf, <https://www.cert.gov.lk/Downloads/Cyber%20Security%20Bill%20-%20FINAL%20with%20Ammedments%2012th%20Sept%202019.pdf> Accessed 15th March 2021
*Authors are third Year LLB (Bachelor of Law) Undergraduates at Sir John Kotelawala Defense University