{"id":3561,"date":"2012-03-30T06:33:58","date_gmt":"2012-03-30T11:33:58","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=3561"},"modified":"2013-04-18T22:11:17","modified_gmt":"2013-04-19T03:11:17","slug":"expert-insights-3-cyber-threats-and-security-in-the-caribbean","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2012\/03\/expert-insights-3-cyber-threats-and-security-in-the-caribbean\/","title":{"rendered":"Expert insights 3: Cyber threats and security in the Caribbean"},"content":{"rendered":"
Aaron Manzano, of HMP Consulting in Trinidad and Tobago, and a IT\/network security expert,<\/em>\u00a0continues our Q&A series on cyber security in the region.<\/em><\/p>\n <\/em>The only truly secure system is one that the development process is controlled from the beginning, located in at a site with a harden bunker deep underground, with no communications links to the outside and all informed and aware of its existence are terminated to prevent leaks as the site is nuked.<\/p><\/blockquote>\n <\/a>The above quote is a paraphrase of our guest expert\u2019s recollection of views expressed in the \u201cOrange Book\u201d \u2013 the US Department of Defense Trusted Computer System Evaluation Criteria \u2013 and is precisely the reason why network security is so critical. Our networks exist in an imperfect world, where we cannot control all the factors the quote suggest are necessary to create a truly secure system.<\/p>\n In this the third in our expert series, we discuss cyber security in Trinidad and Tobago\u00a0with\u00a0Aaron Manzano, an IT\/network security professional with over 30 years\u2019 experience in the field. Aaron\u2019s specialties include IT Operations and Management, Network Design and Implementation, Information and Network Security, and Systems Development and General Management, and over the last seven years, he has been the Director of HMP Consulting, and is based \u00a0in Trinidad and Tobago.<\/p>\n ICT Pulse:\u00a0 Hi Aaron, how prevalent do you think cyber intrusions are in Trinidad and Tobago, and in the wider Caribbean? By chance, do you access to data?<\/strong><\/p>\n Aaron Manzano: The level of cyber intrusion in Trinidad and Tobago is unknown as organizations aren\u2019t required to submit any incident reports or even acknowledge its existence. In particular, this is a touchy subject for Media Houses, Financial Institutions and Governments who guarded about releasing such data.<\/p>\n Based on our investigations, many networks in Trinidad and Tobago are attacked regularly.\u00a0 As indicated, the level of intrusion success is unknown; however we continue to observe constant intrusion attempts, with China, Hong Kong and Russia topping the list.<\/p>\n It my belief this is situation is not only prevalent Trinidad and Tobago but is also the case in the wider the Caribbean.<\/p>\n ICTP:\u00a0 Based on your experience, what are some of the common misconceptions that organisations have about network security?<\/strong><\/p>\n AM:\u00a0 These are many, so I will just reference a few:<\/p>\n ICTP:\u00a0 In your capacity as an Internet Security Strategist, what are three key questions businesses should ask themselves when assessing the secureness of their networks?<\/strong><\/p>\n AM:\u00a0 1. \u00a0What do I need to protect?<\/p>\n 2.\u00a0 Whom am I protecting it from?<\/p>\n 3.\u00a0 What would be the business impact should there be a breach whether it occurs internally or externally?<\/p>\n ICTP:\u00a0 Are any trends you have observed, or have been reported, regarding threats\/intrusions in Trinidad and Tobago, or in the region?<\/strong><\/p>\n <\/a>AM:\u00a0 I think the biggest trend we are observing is the presence of Command and Control BOT, Attempted Domain Hijacks and Fake Antivirus.\u00a0 Other than that, constant port scans.\u00a0 The organization with the smallest footprint fares best, but are not immune.<\/p>\n The trend that is worrying is the uncontrolled deployment of mobile devices.\u00a0 Most organizations are allowing staff to bring and use their personal devices without a clear policy of use and responsibility of data.<\/p>\n\n