{"id":13621,"date":"2013-04-18T22:46:42","date_gmt":"2013-04-19T03:46:42","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=13621"},"modified":"2014-03-05T06:52:01","modified_gmt":"2014-03-05T11:52:01","slug":"expert-insight-1-cyber-threats-security-caribbean-2013-update","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2013\/04\/expert-insight-1-cyber-threats-security-caribbean-2013-update\/","title":{"rendered":"Expert insights 1: Cyber threats and security in the Caribbean 2013 update"},"content":{"rendered":"
We revisit \u00a0our discussion with network\/IT security professionals on cyber intrusion and security in the Caribbean, in the hope to gain new insights in 2013.\u00a0<\/em><\/p>\n <\/a>A few weeks ago, the Guardian Newspaper in Trinidad and Tobago published an article,\u00a0\u201cCaribbean cyberttacks on the rise?<\/i>\u201d<\/a>, in which it listed 20 cyber crime stories that were reported between April 2012 and March 2013. Unlike previous years, where they might be just a handful of news reports on unauthorised intrusions, at the very least, more of them are finding their way into the public domain, which hopefully is fostering greater awareness of cyber threats and the need for greater vigilance and security.<\/p>\n When we launched our Expert Insights<\/i><\/b><\/a> series last year, we asked network\/IT security professionals across the region about cyber intrusion and security in the Caribbean, in the hope of gaining a better understanding of among other things:<\/p>\n We kick off the 2013 update of this series with Deon Olton. Deon, who is based in Barbados, has over 18 years\u2019 experience in IT field, including over 10 years as a Telecommunications and Network Vulnerability Consultant. For the last five years he has been an EC-Council Certified Ethical Hacker. Currently, Deon is the Co-Founder of the Caribbean Cyber Security Centre\u00a0(CCSC)<\/a>, which was officially launched earlier this year, and offers a comprehensive suite of network testing services.<\/p>\n ICT Pulse:\u00a0 Deon, in the last year there have been numerous reports of intrusions across the Caribbean \u2013 both on government and private sector networks. Based on your work in the field, do you think incidents have increased, or is it just a case that more information is reaching the public domain?<\/b><\/p>\n <\/a>Deon Olton:\u00a0 It is definitely the case that incidents have increased and will continue to increase and get more damaging unless both the public and private sectors start to take decisive action in addressing a wide range of security weaknesses and vulnerabilities.\u00a0 Based on our understanding of the cyber-attack progression we at the Caribbean Cyber Security Center are convinced that the recent cyber security attacks in the region are the reconnaissance activities for a pending major cyber-attack.<\/p>\n ICTP:\u00a0 Over the past year, have you witnessed any increased awareness or concern among organisations, or even individuals, regarding cybercrime and security?<\/b><\/p>\n DO:\u00a0 The level of awareness and concern within the region is lower than expected since cyber threats represent one of the greatest threats facing the economies of our region.\u00a0 Our IT Leaders appear to be stuck in the \u201cacademic\u201d zone in regard to handling the cyber threat, which evolves \u201cdaily\u201d at a much higher rate.\u00a0 We simply have to move beyond regional forums, expos, conference and the like, and start the process of improving regional cyber security awareness both in the public and private sector.\u00a0 Secondly, regional private and public sector organisations need to start requesting independent IT Risk Assessment and IT Security Awareness Training programs.\u00a0 All of these services are provided by the Caribbean Cyber Security Center (CCSC) to help improve system security for companies of all sizes at cost effective rates. The cost of doing nothing totally outweighs taking proactive steps to assess networks and remediate all identified vulnerabilities.<\/p>\n ICTP:\u00a0 Have you observed any patterns or commonalities in the types of intrusions that have been prevalent in Barbados, or possibly across, the region? <\/b><\/p>\n DO:\u00a0 I think the attacks we are seeing are recon efforts for something much biggest and damaging to come.\u00a0 Today hackers are increasing breaching networks and staying dormant in places like memory until they are ready to strike.\u00a0 The truth of the matter is that many government networks do not have adequate intrusion detection solutions in place, and those that do have them have not implemented them in a security framework that looks at both the external and internal intrusion threat, and as we know, the greatest intrusion threat is always from the \u201cinside\u201d.<\/p>\n ICTP:\u00a0 Many organisations, especially our SMEs, that recognise the importance of network security, can be challenged by budget limitations, vis-\u00e0-vis\u00a0the likely cost of a comprehensive suite of solutions. What advice would you share, in terms of how best to spend their modest allocation for network security?<\/b><\/b><\/p>\n DO:\u00a0 With shrinking budgets in challenging economic times IT Security is placed on the back burner and hence cyber security is not viewed with the required sense of urgency, but ICT leaders in the region have to find ways to convince management of the risk that exists. One easy way to get past the budgeting and cost challenges is to partner with new regional IT Risk Assessment providers who have your company\u2019s interest at heart.\u00a0 New regional entrants, the Caribbean Cyber Security Center (www.caribbeancsc.com<\/a>), have all of the technical resources in-house and hence the cost of having a comprehensive IT Security program is no longer a dream but an almost instant reality. CCSC offers comprehensive IT Security Risk Assessment and IT Security Awareness Training to help you improve your IT Security Posture.\u00a0 The CCSC suite of services are geared to create a baseline and quickly and efficiently create and implement an IT Security Roadmap that suits your company\u2019s need for Confidentiality, Integrity and Availability.<\/p>\n ICTP:\u00a0 Finally, is there any single emerging trend or type of threat that you would flag as requiring extra vigilance in the region?<\/b><\/b><\/p>\n DO:\u00a0 Over the past months there has been a spike in defaced websites which has not result in the necessary improvements in IT Security across the affected sectors.\u00a0 These exploits are all similar and appear\u00a0to be an organized and calculated attack on the Information Systems Assets.\u00a0 Clearly the perpetrators have little regard or respect for the level of IT Security.\u00a0 Generally when a hacker defaces a website it is to send a message.\u00a0 Defacing a website is like the last straw, this normally means:<\/p>\n\n