We continue our 2018 Expert Insight series on cybersecurity in the Caribbean with Sean Slattery, a network/IT security professional based in the Cayman Islands.

 

Our Expert Insight series on cybersecurity has been a way for us to pick the brains of Caribbean network security specialists to secure firsthand, their thoughts and views about the state of network security in the region. Last week, we heard from Niel Harper, who is based in Barbados. This week, we are delighted to feature, once again, Sean Slattery.

Sean Slattery is founder and CTO of Caribbean Solutions Lab – a cybersecurity service provider that helps businesses throughout the Caribbean and North America to defend and protect themselves from cyber threats. Based in Cayman for nearly 20 years, Sean has spent the last 10-plus years focused purely on cybersecurity, and was also a McAfee instructor for over five years. He holds US Government secret security clearance, is an FBI Infragard member, and regularly delivers cybersecurity presentations.

ICT Pulse:  Sean, thank you again for taking the time to share your insights with us. To start, give us a quick recap of what have been the most prevalent types of incidents in the Cayman Islands, and/or in the wider Caribbean region, over the past year or so?

Sean Slattery:  Regionally, things have been on par with last year’s trends. We continue to see systematic probing from the Far East along with the usual email phishing campaigns. Of note is that we have started to see more SMS based phishing usually targeting social media credentials. With a marked increase in smartphone adoption it makes sense to target these devices for credential and identity theft.

ICTP:  Has the threat landscape changed over the past year? Are there any particular areas of concern that you have for Caribbean organisations, or the region as a whole?

SS:  The “bad guys” will continue to use any tool at their disposition that is successful. The evidence shows that targeting small and medium businesses with phishing, credential and identity theft, ransomware and other malware works.

ICTP:  Over the past year, ransomware incidents still appeared to be occurring across the region. Are they still as huge a threat?

SS:  Ransomware is still a significant threat but there has also been a subtle shift towards a longer game. While ransomware has an end game, credential and identity theft and system compromise can yield dividends for much longer periods. Quite often, credential and identity theft does not involve any malware – only requiring a user to let their guard down for but a moment.

ICTP:  Bitcoin (cryptocurrencies) and blockchain are concepts of which mass consumers are becoming increasingly aware. Are you excited or concerned about these technologies?

SS:  While I am particularly interested in how blockchain could be used other than for cryptocurrencies, a friend recently penned an article describing how blockchain could be used to rationalize web advertising platforms and reduce fraud. That said, the market will decide what will be successful, and so far, the market is undecided. Did you know that blockchain was invented ten years ago, but as of yet, only a handful of organizations have active blockchain implementations – interestingly, mostly with logistics? And while blockchain is inherently secure, there will be weaker links in implementation which will be exploited. It is only a matter of time.

ICTP:  Towards the end of 2017, we became aware of some new threats: Meltdown and Spectre, which seem to be shaking the computing and tech industry to its core. In layman’s terms, can you briefly give us a sense of what Meltdown and Spectre are about, what harm they do, and what steps (if any) we can take to better protect ourselves?

SS:  News outlets have indeed been quick to sensationalize these vulnerabilities. In a nutshell, Spectre and Meltdown refer to three hardware vulnerabilities in CPUs that, in the right scenario, can be exploited to obtain privileged data. The operative phrase there is “in the right scenario” meaning it is far from the end of the world. In order to exploit these vulnerabilities, an attacker would need to have the system run an application or script in order to access the interesting data. So regardless of the vulnerability, you simply need to prevent said execution. This is not to say that these vulnerabilities are trivial, far from it, but when prioritizing concerns, these would not be at the top of my list.

ICTP:  After all of what we have discussed so far, are there still new and emerging threats of which we should be more aware?

SS:  The largest two areas of threats involve malicious code and identity. Regardless of the specific techniques or exploits used, new or old, as long as we can secure these two areas at the endpoints, network and cloud, we are in good shape. Also, with the increase in cybersecurity awareness, we’re also seeing client and compliance driven increased scrutiny of data protection measures. Data protection is perhaps one of the most challenging domains of cybersecurity. Successful organizations approach this challenge by first working on the business and technical processes for data classification. Once it is understood how the data is created and manipulated, then the protection is trivial.

ICTP:  Finally, what are the top three (3) things businesses should be doing this year, 2018, to improve their network/IT security?

SS:  Picking only three is always a challenge! Let’s go beyond the traditional mantras of obtaining board-level buy-in, security awareness training for users or regular software updating/patching.

  1. We continue to recommend investing in tools beyond the traditional firewall, antivirus, web and email filtering.  Technology that leverage AI and machine learning to automatically prevent or detect threats are ideal. Remember to look at how these can be applied at endpoints, network and the cloud.
  2. Credential theft is still all too common. Two easy ways to improve credential security are password management systems and multifactor authentication. These two measures apply to both corporate environments and users’ personal lives. We all know that one of corporate IT’s functions is to help users with their home computers!  An organization with users that practice safe cybersecurity at home and at work is less likely to have issues.
  3. Lastly there is compliance. Playing the compliance game isn’t always fun but it is useful. The risk of non-compliance and penalties are often a good source of funding for cybersecurity investments. Regularly performing internal reviews are good practice and preparation for audits. Nothing is worse than an auditor claiming that you have failed some check but won’t disclose why. Having the tools in place to confirm or deny these claims and the data to back it up builds confidence in your processes and investments. Simplicity, automation and good reporting are key here. Your staff already have a lot on their plates, so any tool that is easy to use and understand while providing readable reports is essential. Our most common implementation of compliance tools is from the cloud but that leverages local agents for internal scanning. It checks all of the boxes and is cost effective too.

Remember that cybersecurity isn’t a project or tool, it’s a lifestyle. Stay safe everyone.

Thank you.

 

Do you have any questions for Sean? Do you agree with his views? Let us know in the Comments section below. 

 

 

Image credit:  typographyimages (Pixabay);  S Slattery