A lot of what going on in Information Technology is similar to Financial Management back in 20’s/30’s when the focus was on earnings and not protection. Risks were taken not knowing that a risk exist and solutions were provided based on a perceived need as opposed to the real need.

As I said in the interview, the preacher is preaching to the converted. The challenge now is to remove the blinker from the stakeholders, get legislators to work on the looming problem as oppose to achieving some international compliance and people to take responsibility for their property.

The day the average person sees a Login Password on equal footing as the Debit Card Pin is the day consequences of IT Security will be self-implied and not externally enforced. This in itself is not the solution but the change in perception.

Hi Moni,

I wholeheartedly agree with you that we are all stakeholders in cyber security and so should participate in the efforts towards solutions. However, one of the challenges which I think we have is that to varying degrees, people, particularly policy makers, do not realise the extent to which we are vulnerable…

In the Jamaica Gleaner article that you mentioned, concern is indeed expressed that although the Caribbean has been focussing on increasing Internet availability and affordability, we have not been prepared to address cyber security in equal measure, if only to protect our interest – since we are becoming increasing reliant on the Internet in order for our countries function…

Despite the fact that a layperson may not even realise that they have been a victim of cybercrime, we are all stakeholders in this. I dislike the idea of such a venture being driven by the security forces it may be a good starting point as they are the ones who will eventually have to address the crime. (a crime is a crime wherever it is committed). I am thinking that some stakeholders may be taking this for granted. You mentioned the case of T&Ts Bills, these Acts/Bills can be created to accommodate the dynamic nature of technology as is done in other countries/regions. I will make reference to an article published two Sundays ago in the Jamaica Gleaner that was right on target with the description of the regions perception of cyber crime.
I especially like your last two sentences.

Thanks Aaron!

You are very right with your opening paragraph. We do need all these disciplines to get involved. However, who drives it and who benefits. The Business Owners, Executives and the Stakeholders are ones who needs to accept and recognize the need. Most organizations are concern about their bottom line and some their public image. In some ways it is akin to money laundering, government need to drive it but most time it will be driven by econmics risk.

I stated that there are no mechanism to report breaches (or suspected incidents). The reality is that we are at ground zero and have a long way to go up. In T&T, the Data Protection and Computer Misuse Bills are still being reviewed and each review so far is a result not adqueately addressing current issues. By the time it returns for debate the enironment would have evolved again. At some point we must stop talking and start doing. Maybe in this forum we can create a mechanism to facilitate a CERT.

Hi Moni,

Thanks for your passionate comments: they’re really appreciated!

I will give Aaron and others the opportunity to jump in first and offer their thoughts on what you have said, and then I may add my two cents…

Cheers,
Michele

The point is highlighted several times over that organisations are unwilling to report breaches but are there facilities in place to report such. If I run a small business from home and realise/suspect that my site (or small server) has been hacked where do I go, what do I do, who do I call? Who will investigate these crimes? Are there guidelines in place for investigating such crimes? These are some of the issues faced with crimes of this nature. Cyber bulling is also considered a cyber crime. If I find my child is being bullied via their cellphone what do I do? Who do I call? Are officers trained and equipped to deal with such complaints. Are they aware?
You raised the point of employees and mobile devices. Now that’s a whole different matter that I wont start ranting about today.

I must say I dont like committees either but this situation warrants some type of group to set up to tackle the problem (as you alluded to).
Ok Thank you ICT Pulse, I will stop now.
Moni