{"id":56323,"date":"2014-05-09T07:51:03","date_gmt":"2014-05-09T12:51:03","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=56323"},"modified":"2014-05-09T07:58:49","modified_gmt":"2014-05-09T12:58:49","slug":"expert-insights-3-cyber-threats-security-caribbean-2014-update","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2014\/05\/expert-insights-3-cyber-threats-security-caribbean-2014-update\/","title":{"rendered":"Expert insights 3: Cyber threats and security in the Caribbean 2014 update"},"content":{"rendered":"
In this the third instalment of our 2014 Insights series, McAfee, through its Caribbean office, shares some thoughts on cybersecurity in the Caribbean.<\/em><\/p>\n The impact of cybercrime and threats cannot be underestimated. To varying degrees, based on news reports and public advisories issued, we all may have some inkling of the extent of the devastation caused when major firms and organisations experience a breach. However, all too frequently, be it directly or indirectly, the fallout extends to us, as customers and users, resulting in a loss trust, credibility and an overall sense of being vulnerable.<\/p>\n In this the third instalment of our Insight series, we are thrilled to have Hector Diaz of McAfee Caribbean. McAfee<\/a>, which is being rebranded as Intel Security<\/a>, is a globally recognised and well known computer security software firm. Its Caribbean office is in the Dominican Republic, and in addition to the Dominican Republic, it serves Puerto Rico, all of the West Indies, and Bermuda. Hector is a Security Advisor with extensive experience in the IT security space, and possesses a diverse skill set that includes a strong technical background in infrastructure and security.<\/p>\n Hector Diaz: During 2013, McAfee recorded and average of 200 new threats every minute, more than three every second worldwide. In the case of the Caribbean region, we saw an increase in multiple advanced threats now targeting the data instead of affecting the infrastructure. Now more than ever, we are seeing attacks oriented to hijack ATMs, a more sophisticated type of phishing that tries to lure 2nd<\/sup> factor authentication methods, as well as database-targeted attacks. Regulations and standards have helped to create awareness of the importance of IT Security in the healthcare and financial institutions, particularly in the Dominican Republic and Puerto Rico, creating a trend that is expanding across the region based on the prevalence of these new forms of cybercrime that in the past we thought were only a problem of more developed countries.<\/p>\n HD: The threat landscape is changing based on the new technologies that we are seeing in the market. Now attackers are targeting mobile devices, fixed function devices such as POS, ATMs, handhelds, and also social media, in order to take advantage of vulnerabilities in areas that typically most companies don\u2019t pay enough attention. Also, we are seeing an increase in the complexity and the number of different vectors utilised to execute these attacks. At Intel Security, our concern and our message for Caribbean organizations have been the implementation of a Security Framework capable of protecting customers’ assets from \u201cthe Silicon to the cloud<\/em>\u201d in an integrated fashion that creates an environment where situational awareness helps companies to respond proactively to these threats.<\/p>\n HD: Technology adoption in the region is at an all-time high. With this adoption, security has become an important pillar of computing. In the Caribbean region, we have seen important improvements in the cybersecurity policies adopted by private and government institutions; some of them based on security initiatives, and some others based on compliance requirements in order to conduct businesses in a safe environment with overseas business partners.<\/p>\n From my personal perspective, we still need some understanding that security is a business enabler instead of a cost for organisations<\/em>. Even though we have seen improvements, there is still some struggle from CSOs [Chief Security Officers] to justify specialized security projects across the region based on a lack of understanding of the importance of IT Security as the umbrella that covers and protects all the business processes in an organization.<\/p>\n HD: There\u2019s definitely a greater willingness in the region to adopt cybersecurity more seriously. An evidence of this is the number of positive steps that C-level executives are taking with their companies: to increase security-conscious behaviour from their employees; to create security awareness training; and to advise on how to counter social engineering, as well as strengthening their infrastructure, with a holistic approach to security that now protects the most valued assets instead of just the infrastructure with the traditional solutions. There is also a growing need for a Security Connected Framework that permits interconnectivity across multiple security layers in order to provide real-time visibility and the ability to respond no matter where the threat comes from.<\/p>\n HD: Our recommendation is to invest in technologies oriented to protect businesses in three key areas:<\/p>\n HD: There has been a tremendous amount of activity over the past few weeks in response to the Heartbleed bug discovered in OpenSSL, an open source tool used by thousands of web sites to encrypt web traffic. The bug enables an attacker to obtain a random 64K chunk of memory, which could contain sensitive information, such as a user ID or password. The result has been a mad scramble to fix the vulnerability by the many web site owners and security software vendors who rely on OpenSSL.<\/p>\n McAfee, as a company, was also affected by Heartbleed, but we worked quickly to identify all our products that use OpenSSL. We made updates and sent them out as quickly as possible. We have also spent time talking to our customers to reassure them, and letting them know that we have products and services to keep them safe.<\/p>\n For all of our customers, we have created an\u00a0online SSL testing tool\u00a0<\/a>that you can use to verify whether a site you are accessing contains the vulnerability or not. Today, McAfee is also offering a free tool to McAfee Web Gateway<\/a>\u00a0customers, which can automatically check sites that their users visit for the vulnerability, and either warn the user or block their access until it has been remediated. The tool relies on a service that McAfee is hosting to check for the presence of the bug, but you can also configure your own Heartbleed checking service so you won\u2019t be dependent on McAfee\u2019s service.<\/p>\n And finally, we\u2019ve created a campaign to create awareness and protection to all of our consumer-oriented customers with recommendations and precautions to keep in mind, especially if you are a mobile user: http:\/\/bit.ly\/1tfX1lu<\/a>.<\/p>\n Do you have any questions for Hector? Do you agree\/disagree with this views? Do share your thoughts in the Comments section below.<\/strong><\/em><\/p>\n <\/p>\n Image credit:\u00a0 marsmet481 <\/a>\/ flickr;\u00a0Wikipedia<\/a><\/em><\/p>\n ____________<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" In this the third instalment of our 2014 Insights series, McAfee, through its Caribbean office, shares some thoughts on cybersecurity in the Caribbean. The impact of cybercrime and threats cannot […]<\/p>\n","protected":false},"author":2,"featured_media":56362,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[82,17,27,11],"tags":[71,105,38,39,207,43],"class_list":["post-56323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","category-caribbean","category-computing","category-ict-tech","tag-businesses","tag-cybercrimecybersecurity","tag-data-protection","tag-equipment-security","tag-expert-insights-series","tag-internet-governance","et-has-post-format-content","et_post_format-et-post-format-standard"],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2014\/05\/STUXNET-by-marsmet481-flickr.jpg?fit=610%2C458&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2iE1G-eEr","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/56323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/comments?post=56323"}],"version-history":[{"count":9,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/56323\/revisions"}],"predecessor-version":[{"id":56368,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/56323\/revisions\/56368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/media\/56362"}],"wp:attachment":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/media?parent=56323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/categories?post=56323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/tags?post=56323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}ICT Pulse: Hector, give us a quick recap of what were the most prevalent incidents in the Dominican Republic and\/or in the Caribbean region in 2013?<\/h4>\n
ICTP: Although we are still early in 2014, how is the threat landscape changing? Are there any particular areas of concerns that you have for Caribbean organisations this year?<\/h4>\n
ICTP: At the CARICOM\/regional level, there appears to be a growing awareness of cybercrime and calls by leaders that something be done. In your opinion, have there been any improvements in the cybersecurity-associated resources or support structures in the Dominican Republic, and\/or perhaps regionally? What might still be missing?<\/h4>\n
ICTP: Are you observing any real evidence of a greater willingness among organisations to take cyber\/network security more seriously? How is that awareness (or lack thereof) being manifested?<\/h4>\n
ICTP: Are there any key areas businesses should be investing their network security\/IT dollars this year?<\/h4>\n
\n
ICTP: Finally, as you are aware, there has been considerable discussion about the recently discovered\u00a0\u201cHeartbleed bug\u201d. If there is one thing that people should know about this vulnerability, what would that be? And what would be your best advice to minimise its effect?<\/h4>\n