If you are having trouble viewing this email, click here to view this online



   ISSUE 75

25 October 2017

Article of the Month Around the World

Women in Cybersecurity: Why are they a Minority?

The answer to the question on why women are a minority in the cybersecurity field can be quite challenging. The statistics which was released in 2017 says that only 11 percent of women make up the cybersecurity workforce. In this generation of growing threats and talent shortage, women can play a significant role in the Cybersecurity field but as per the information recorded, it is definitely not helping unless the cybersecurity professionals take initiative to change this fact. Who is responsible for this change to take effect?

Cybersecurity is not a business or a governmental matter, we are all online, so it affects all of us. Therefore in order to populate women in this field, all organizations have the responsibility in introducing young women to the fields because to realize what they want to do in their future, they must try or do something related to that specific field. The exposure to the cybersecurity field is very important to enhance ones talent and the interest.

This exposure can be given to young girls or ladies at different stages or ways. For instance, introducing ladies at their school levels to this field can be one of those effective solutions because school level ambitions can have long term effects when they choose their future career.


Exposing them to the field is not restricted to a certain level, it is very important to inform them that it is not only about technical aspects but also talking to businesses because one misconception backing ladies from this field is that they tend to think that a �Hacker� is someone who must know extreme programming with extreme technical skills, must have the ability to stay all night hacking into systems and being a �Male� is more suitable. We as people in the industry must have the responsibility to make them aware that ladies working in this field have work, private and social lives and at the same time makes them more agile to face different situations. One thing they need to develop is working with personal data because to deal with the personal data they need to build their trust with each other which can eventually help them to work with security professional as a team. Personally, I believe starting their cybersecurity career as an intern or from a beginner level can give them more knowledge on the work done on the field but it is also important for them to blend with new people in the field and to have a good portfolio of mentors who will help them to mend the path.

While delivering this information to the young ladies, it is our duty to be an example to all of them, young generations tend to follow role models rather than just listening to advises, the image below shows an Israeli-born cyber security analyst and senior researcher on hackers and technology. We should all know that a woman with the right kind of crime skill set, trustworthiness and a positive attitude can become a strong cybersecurity warrior. We need more women to make the industry better and the industry itself plays a huge part in making women more productive by adding more colors to their personality.

Figure 1 Keren Elazari at TED2014


To conclude this article I would like to emphasize the point that women have the potential and the interest to join the cybersecurity field but we as industry professionals must increase the awareness as well as clear the misconceptions of this field so hopefully in the near future the above said statistics for women in cybersecurity will be increased to solve the problems of the workforce shortage and bring new and unique talents among the cybersecurity workforce.


Hansani Vihanga Halwatura

Vihanga is an undergraduate of General Sir John Kotelawala Defence University who is currently following BSC(Hons in Information Technology). Currently she is working as Intern - Information Security Engineer at Sri Lanka CERT|CC

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Serious KRACK exploit affects all Wi-Fi devices using WPA2 protocol


"....A newly discovered series of related vulnerabilities dubbed KRACKs (Key Reinstallation AttaCKs) that affect every device using WPA2 encryption could allow nearby attackers to intercept and steal data transmitted across a Wi-Fi network ...."


Google now offers special security program for high-risk users


"...Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data. The opt-in program makes Google services much less convenient to use, but it's built to prevent the sorts of breaches that have been making recent headlines...."

  Tim Cook says the tech �doesn�t exist� for quality AR glasses yet

'...Apple CEO Tim Cook believes augmented reality's rise will be as "dramatic" as that of the App Store, but he doesn't believe AR glasses or similar wearables are ready for the market yet, according to a sit-down interview with The Independent. Much of Cook's interview focused on the prospects of augmented reality and Apple's justification for making it a focus in both iOS and the iPhone 8.....'

Five cool things happening for National Cyber Security Awareness Month



'...National Cyber Security Awareness Month (NCSAM) is in full swing. The month and its events have become top of mind for people and businesses in recent years, given the staggering number of recent data breaches and global ransomware attacks.....'

Using a robust platform for cyber threat analysis training


'....We have recognised threats coming more regularly from varied origins such as nation-states, hacktivist and cybercriminal actors. Coupled with many new public policies aimed at mitigating the negative effects of data breaches, cyber espionage and intellectual property theft, it�s clear a new ecosystem of cyber threat intelligence sharing is emerging...'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in September 2017
  Statistics - Sri Lanka CERT|CC


'...From dense city centers to remote islands, Google has made an attempt to map the entire world at the street level. Now, the tech giant is improving those street views and it will be sending a new fleet of Google Street View cameras out into the world.....'

State of Cybercrime 2017: Security events decline, but not the impact

"...The past year has been tough for enterprise security teams. Attacks like Petya and NotPetya suggest that the impact scale is increasing dramatically. The recent leak of government-developed malware and hoarded vulnerabilities has given cybercriminals greater capabilities. .."
Alibaba billionaire Jack Ma claims that concerns over AI eliminating jobs are 'empty worries'

�..Jack Ma, the billionaire entrepreneur behind China's Alibaba marketplace, has suggested that artificial intelligence won't make most people redundant - contrary to many of the apocalyptic warnings from.�

."...Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group�s current modus operandi.

In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of the group, also known as Tick...."

Notice Board
  Training and Awareness Programmes - October  2017

Brought to you by: