Cybersecurity expert Asela Waidyalankara says the recent $2.5 million Treasury cyberattack, carried out using a Business Email Compromise (BEC) method, could have been minimized with proper safeguards.

He noted that while Sri Lankan banks follow strict standards like ISO 27001, similar controls appear lacking in institutions handling public funds, highlighting gaps in cybersecurity management and oversight.