ICTP 168: 2021 Expert Insights update on cyber threats and security in the Caribbean, with David Gittens, of ISSA Barbados Chapter

In our second Expert Insights update for 2021, Cybersecurity Consultant, David Gittens shares his thoughts on, among other things: key trends in the current threat landscape; whether individuals or organisations should pay ransom demands;  whether cybersecurity insurance is a worthwhile investment; and three (3) questions organisations should ask when looking to hire a security expert.

 

This episode is also available in Apple iTunes, Google Play Music, Spotify and on Stitcher!

If one thinks about it, there is a sense that we live on a knife’s edge when it comes to IT security. The threats are all around and are continually trying to breach whatever protection we might have. However, one wrong move from us – such as not keeping our systems up to date, poor password hygiene, or just not being vigilant – can lead to disaster and our information, devices and networks being exposed or stolen.

It is thus not surprising if at some point, many of us suffered security fatigue. For years, security experts had been rambling about the threats, trying to highlight how vulnerable we are, how cunning the attackers are, and the urgency to act. However, we may have just felt overwhelmed by how insurmountable the situation seemed to be, or that we, as individuals or organisations in the Caribbean, were just too small to be on an attacker’s radar. But noting that the list of serious incidents in the region is in fact growing, we now know better.

This episode is our second update of 2021 in our longstanding Expert Insight series on cyber threats and security. Similar to previous editions, we have invited a security expert, to share his views and knowledge – his insights – on network intrusion and security, generally and in the Caribbean region.

 

Introducing our guest

David Gittens is an independent Cybersecurity Consultant with over 20 years of combined experience in Cybersecurity, Project Management, Information Systems, and Business Management. He has had extensive training and hands-on experience in several areas of Cybersecurity, Management and Information Technology, working primarily in the finance industry for Barbados and the Eastern Caribbean, as well as for North America and Europe. Security roles he has performed include disaster recovery, business continuity, threat management, security awareness, access security, security scanning, and evaluating the cybersecurity posture of projects, systems and organisations.

David has held senior positions in information security organisations and is the founding president of the Information Systems Security Association (ISSA), Barbados Chapter, which was the first chapter of this international security association to be set up in that part of the world. David has also headed the Anti-Fraud Committee of the Barbados Bankers Association, which is the committee responsible for fighting fraud in the local banking and credit union arena. He has also provided volunteer services to international security associations.

Currently, David is the holder of several international information security and privacy designations, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Holistic Information Security Practitioner (HISP), Certified in Risk & Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), Certified Hacking Forensic Investigator (CHFI), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA). He sits on various boards and committees dealing with Information Security, and does a lot of volunteer work for government entities and various other reputable organisations. This work includes dealing with security threats and incidents, and improving the security posture of projects and organisations.

 

Insights into our conversation

Talking with David is always interesting and fun – with a healthy dose of pragmatism. He Is respected in the industry, and so can draw on a broad range of real-world situations to illustrate the points he is trying to make. He also understands some of the constraints Caribbean organisations and small businesses are experiencing, and consequently, the countervailing imperatives that need to be balanced.  Below are key questions that were posed to David during the course of our conversation:

1. What has been going on with respect to cybersecurity and cybercrime in Barbados, and perhaps what has been going on in the wider Caribbean region?
2. How has the threat landscape changed over the years? Are there any trends, or particular areas of concern, to which we in the Caribbean should be paying attention?
3. A few weeks ago, IT company, Kaseya, which provides software tools to IT outsourcing firms, experienced a massive ransomware attack that paralyze hundreds of businesses on all five continents. Are you aware of any Caribbean businesses that were affected?
4. Continuing along the ransomware vein, what are your thoughts on whether individuals or organisations should pay the ransom demanded?
5. With governments leveraging technology in light of the pandemic, have you observed any improved posture and action as it relates to security?
6. What do you think about cybersecurity insurance? Is it a worthwhile investment?
7. Are there any circumstances under which you would recommend cybersecurity insurance?
8. As a security professional and contractor, did you observe any changes in the role or functions of IT/cybersecurity personnel over the past year (during the pandemic)?
9. What are important skills cybersecurity applicants ought to possess to better ensure their marketability and suitability for security-related roles?
10. For organisations that are trying to be conscientious about security, what might be three (3) questions they should ask when looking to hire a security expert?
11. What might be three (3) key things organisations should be doing in 2021 to improve their network/IT security?

 

We would love to hear from you!

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

 

Select links

Below are links to some of the organisations and resources that either were mentioned during the episode, or otherwise, might be useful:

• David Gittens
• Information Systems Security Association – ISSA International
• Caribbean Community (CARICOM) Implementation Agency for Crime and Security (IMPACS)
• Convention on Cybercrime (also called the Budapest Convention)  |  Details of Treaty No.185
• ZDNET article, Wi-Fi hack caused TK Maxx security breach
• ZDNET article, TJX’s failure to secure Wi-Fi could cost $1B

 

 

Image credits: D Gittens; Darwin Laganzon (Pixabay); Piqsels; Mati Mango (Pexels)

Music credit: Ray Holman

Podcast editing support: Mayra Bonilla Lopez