In the fourth instalment in our Expert Insights series on cyber threats and security for 2024, cybersecurity expert, David Gittens, discusses, among other things: the latest developments in the security space; why there ought to be a greater emphasis on cybersecurity guidelines in the Caribbean; why ransomware is the most pressing threat; and why organisations need to invest more in risk assessment.
This episode is also available on SoundCloud, Apple Podcasts, Spotify and Amazon Music!!
It has been about 15 years since cybersecurity experts began to warn Caribbean governments and businesses about the importance of securing their computer networks. However, our systems are still underdeveloped. Some countries have not established any national cybersecurity framework, and for those that have, its implementation has been extremely slow. There thus increasing concerns that the region is in the crosshairs of ransomware threat actors, in particular, as we are more inclined to pay the sums demanded.
In summary, the effort to improve the security and resilience of our digital systems is far from over. Cybersecurity has become more complex and requires vigilance, expertise and resources to limit the impact should a breach or an incident occur.
We are thus continuing our Expert Insights series on cyber threats and security in the Caribbean, and our guest shared several gems during our conversation.
Introducing our guest
David Gittens is an independent cybersecurity consultant and a seasoned cybersecurity professional with a wealth of experience. In 2021 he was voted one of the top ten security and resilience professionals in the entire Caribbean region by ISJ – Information Security Journal. He has spent several years providing cybersecurity services to global and regional banks, including working in the area of cybersecurity risk assessments.
For about four years David sat on a national cybersecurity working group which provided advisory services to the Government of Barbados. He also worked with the Organisation of American States and other cybersecurity experts to create Barbados’ first National Cybersecurity Strategy. Other national roles included heading up the Anti-fraud Committee of the Barbados Bankers Association, which is the committee responsible for fighting fraud in the local banking and credit union arena. He also founded the first Chapter of the Information Systems Security Association (ISSA) in this part of the world – the ISSA Barbados Chapter.
David has a passion for developing and promoting the cybersecurity profession. To this end, he has spent many years involved in the development of both cybersecurity associations and cybersecurity credentials. In 2021, David was contracted by the UN’s educational agency to design and deliver a nationwide programme to educate school children, their teachers and their parents, on cyber safety. He has also sat on a committee established by the Barbados Ministry of Education to address the matter of curriculum reform for Computer Science in schools. Additionally, he was part of the group of global experts who helped to develop the world’s first cloud security auditing credential – the CSA’s Certified Cloud Security Auditing (CCAK).
David attained a Bachelor of Science degree (Honours) in Electronic and Electrical Engineering from Loughborough University of Technology in the United Kingdom (UK). He received his Master’s degree in Information Systems Management from the University of Liverpool (UK). Additionally, he has attained numerous professional information security certifications and certificates from various organisations in the UK and North America. Security certifications currently held include the CISSP, CRISC, CISA, CISM, CCSP, CCSK, AC|CISO, CSX-P, HISP, Security+, eCPPT, CHFI, and CDPSE.
Insights into our conversations
Having multiple conversations with various experts may seem superfluous, but there are considerable benefits to having different insights and perspectives. A fact that most of us have not fully grappled with is that cybersecurity, as a field or profession, is expanding and deepening. It is no longer possible to be an expert in all areas. Many of the segments are becoming their own specialist areas; so to have a ‘big picture view’ it is becoming increasingly important to engage multiple experts.
Without a doubt, David’s qualifications are extensive and his involvement in the field is impressive. Accordingly, our conversation touched on several issues, from ransomware and artificial intelligence (AI) to privacy, cyber insurance and multifactor authentication. However, perhaps the most important topic we discussed is how expensive and complicated it can be to address cybersecurity: an issue that is rarely acknowledged, but which we continually circled back to during our conversation.
Below are key questions that guided this interview.
- What has been going on regarding cybersecurity and cybercrime in Barbados, and in the wider Caribbean region?
- Over the past several months, there seems to have been an uptick in ransomware. Have you observed any new developments or trends on that front?
- Although countries have set out clear frameworks for data protection and privacy, the same has not been done regarding cybersecurity. What are your thoughts?
- How would you advise the Average Joe to be able to distinguish between a true cybersecurity expert and a novice or enthusiast?
- What has been the impact of AI on security?
- In speaking with clients what do they think of AI? Do they have concerns? How are they addressing the possible risks?
- What are the most pressing security threats facing individuals and organisations today?
- In what area or areas should organisations be prioritising their security investment?
- What might be three (3) key things organisations should be doing in 2024 into 2025 to improve their network/IT security?
We would love to hear your thoughts!
Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.
Also, if you or a member of your network is interested in joining us for an episode, do get in touch.
Let’s make it happen!
Select links
Below are links to some of the organisations and resources that either were mentioned during the episode, or otherwise, might be useful:
- David Gittens
- ICT Pulse Podcast episode, ICTP 208: 2022 Expert Insights update on cyber threats and security in the Caribbean, with David Gittens, of ISSA Barbados Chapter
- The National Cyber Security Centre (UK)
- The National Cyber Security Centre (UK) Free Cyber Action Plan
- National Institute of Standards and Technology (NIST) – USA
- IT Governance USA
- International Social Security Association (ISSA)
- ISACA
Images credit: D Gittens; Freepik; Biljana Jovanovic (Pixabay); DC Studio (Freepik)
Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell
Podcast editing support: Mayra Bonilla Lopez