In our third Expert Insights update for 2022, Cybersecurity Consultant, David Gittens shares his thoughts on, among other things: key trends in the current threat landscape; the Conti ransomware and what Caribbean countries can learn from the Costa Rican experience; what does Ransomware-as-a-Service (RaaS) mean; and the top three things businesses should be doing in 2022 to improve their network/IT security.

 

This episode is also available on SoundCloudApple iTunes, Google Play Music, Spotify, Amazon Music and on Stitcher!

Over the past few months, cybersecurity has been receiving more attention than usual. Several experts have been emphasising the potential severity of cyberattacks and cybercrime on Caribbean businesses and organisations, recent incidents have been reported in the local and regional press, and people are being encouraged to be more vigilant and to report cyberattacks.

Although the premise that the Caribbean is under the radar of cybercriminals is eroding, there is still a sense that we are not doing enough. Admittedly, we are fighting an unseen assailant, which like the Hydra in Greek mythology has several heads and every time one head gets cut off, two more grow from that stump. In other words, the threat is real, unseen and multiplying, which in turn, tends to leave us feeling vulnerable and overwhelmed.

It is in this vein that we are continuing our Expert Insights series on cyber threats and security. Experts are of the view that is a matter of ‘when’, rather than ‘if’, we all will experience a breach or incident. Thus, one of the best strategies we can employ is to become more aware and more informed so that we can implement safeguards to limit the damage and losses that could be experienced.

 

Introducing our guest

David Gittens

David Gittens is an independent Cybersecurity Consultant with over 20 years of combined experience in Cybersecurity, Project Management, Information Systems, and Business Management. He has had extensive training and hands-on experience in several areas of Cybersecurity, Management and Information Technology, working primarily in the finance industry for Barbados and the Eastern Caribbean, as well as for North America and Europe. Security roles he has performed include disaster recovery, business continuity, threat management, security awareness, access security, security scanning, and evaluating the cybersecurity posture of projects, systems and organisations.

David has held senior positions in information security organisations and is the founding president of the Information Systems Security Association (ISSA), Barbados Chapter, which was the first chapter of this international security association to be set up in that part of the world. David has also headed the Anti-Fraud Committee of the Barbados Bankers Association, which is the committee responsible for fighting fraud in the local banking and credit union arena. He has also provided volunteer services to international security associations.

Currently, David is the holder of several international information security and privacy designations, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Holistic Information Security Practitioner (HISP), Certified in Risk & Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), Certified Hacking Forensic Investigator (CHFI), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA). He sits on various boards and committees dealing with Information Security and does a lot of volunteer work for government entities and various other reputable organisations. This work includes dealing with security threats and incidents and improving the security posture of projects and organisations.

 

Insights into our conversation

The impetus for this conversation with David was the recent cyberattack on the Costa Rican government, which was executed using Conti ransomware.  Conti has gained prominence over the last two years, and the ransomware gang behind Conti is reported to have committed over 1,000 attacks and is estimated to have generated revenue of over USD 2.5 billion (Source:  BreachQuest)!

Costa Rica, being a country that borders the Caribbean Sea, is in our backyard, and the government has been crippled by the cyberattacks, which started during the week of 10 April. Moreover, smaller nations, such as ours, ought to be concerned they will receive even more attention from ransomware groups. Further, since it is likely that their cybersecurity spend is considerably lower than in developed countries, they are more vulnerable to cyberattacks and could face devastating consequences.

Below are key questions posed to David during our conversation.

  1. Give us a quick recap of what have been the types of incidents in Barbados and/or in the wider Caribbean region over the past year or so?
  2. Talk to us about the Conti ransomware. What it is, how it works, and why it has been receiving considerable spotlight over the past few weeks.
  3. What do you know about the recent cyberattacks on the Costa Rican government?
  4. Conti is supposedly a Ransomware-as-a-Service (RaaS). What does that mean?
  5. It was recently reported that Conti is shutting down its operations. In it being as successful as it is, is that true, and why might it be shutting down?
  6. What are the lessons we can learn from this Conti attack?
  7. In organisations, what should be the primary goal of cybersecurity?
  8. As a security professional and contractor, did you observe any changes in the role or functions of IT/cybersecurity personnel over the past year (during the pandemic)?
  9. What are the biggest cybersecurity threats right now? 
  10. Finally, what are the top three (3) things businesses should be doing this year, to improve their network/IT security?

 

We would love to hear from you!

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Below are links to some of the organisations and resources that either were mentioned during the episode or otherwise, might be useful:

 

 

Images credit:  D Gittens; Markus Spiske (Unsplash);  cristianrodri17 (Pixabay);  Pete Linforth (Pixabay)

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell

Podcast editing support: Mayra Bonilla Lopez