{"id":7928,"date":"2013-02-06T09:58:51","date_gmt":"2013-02-06T14:58:51","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=7928"},"modified":"2013-02-06T10:09:20","modified_gmt":"2013-02-06T15:09:20","slug":"cybercrime-security","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2013\/02\/cybercrime-security\/","title":{"rendered":"Are we really serious about cybercrime and security?"},"content":{"rendered":"

To varying degrees, the Caribbean is seen\u00a0as a haven for cybercrime\u00a0targeted at developed countries, but increasingly local private and public institutions are experiencing intrusions. This post challenges us to discuss how serious the region is about addressing cybercrime and cybersecurity.<\/em><\/p>\n

\"http:\/\/www.freedigitalphotos.net\/images\/view_photog.php?photogid=2898\"<\/a>Over the past few weeks there have been a\u00a0spate of cyber intrusions worldwide, which resulted in the loss or theft of data. Some of the incidents reported include the New York Times, The Washington Post and Twitter, and within the Caribbean in the last two weeks, Digicel\u00a0and the Office of the Director of Public Prosecutions in Jamaica were hacked.<\/p>\n

It is also important to highlight that in the region, Jamaica has been under much\u00a0scrutiny for advance payment scams, more commonly known as \u201clottery or lotto scams\u201d, which are being directed at United States (US)\u00a0residents. As noted in this week\u2019s news roundup<\/a>,<\/strong>\u00a0prominent US reporter, Dan Rather, was in Jamaica last week to prepare a report on the scamming, along with what the country has been doing and intends to do, to arrest the situation.<\/p>\n

Without a doubt, developed countries are still grappling with cybercrime, but they are committing resources to continually improve their security. In the Caribbean, what are we doing to protect ourselves and to be more vigilant?<\/p>\n

Increasing sophistication of perpetrators and threats<\/h3>\n

Although we ought not to underestimate the ingenuity and commitment of the individual\u00a0hacker who is intent on breaching our computer\u2019s or network\u2019s security, computer criminals are becoming increasingly sophisticated. As was noted in Escalating cyber security up the political agenda<\/i><\/b><\/a>, \u2018advances in technology and the Internet is causing cyber crime to become more organised and structured\u2019<\/i>. Groups or syndicates tend to be\u00a0the norm. They are highly organised and their members have clearly defined functions and responsibilities, which typically results in very complex and accurate coding that has benefited from a comprehensive and communal process.<\/p>\n

Similarly, there has been a growing trend with respect to the types of intrusions that are being experienced. They are becoming more stealth, deep and persistent.\u00a0 Hence although the usual viruses, trojans, worms, etc., are still being developed and are wreaking havoc on networks and systems, a new class of threat has emerged that have been designed\u00a0to evade detection, yet be resident\u00a0and active for months, or even years. Consequently, when the intrusion is finally detected, it is frequently\u00a0unknown for long it had been present, and the extent of the damage or loss it has caused.<\/p>\n

Penny wise, pound foolish<\/h3>\n

Worldwide, unauthorised intrusions are on the rise; but how are we protecting ourselves? Many of us, especially businesses and organisations, rely, almost exclusively, on free antivirus software.<\/p>\n

\"http:\/\/www.freedigitalphotos.net\/images\/Computers_g62-Virus_Trojan_Spyware_Signpost_p88163.html\"<\/a>Free antivirus software does provide\u00a0baseline protection to PCs and similar devices, but there are reasons why it is free. Free software offers the most basic protection, which tends to be limited to virus detection and removal on your device. The broader aspects of computer security \u2013 such as added protection for online banking and shopping, personal data and even your keyboard \u2013 are not included.<\/p>\n

On the other hand, in organisations that have in-house network or IT personnel, frequently, much of their time and attention is spent\u00a0addressing problems staff have with the equipment, leaving little time to comprehensively oversee the integrity of the businesses\u2019 network and systems. More importantly, the majority of\u00a0organisations are not as concerned as they should be with the security of\u00a0their networks, and are exceedingly modest in their spend on this area. Hence many are not prepared\u00a0to supplement their in-house support with dedicated network security specialists, who would monitor\u00a0an organisation\u2019s systems and networks, and could either be employed directly, or contracted to provide the requisite services.<\/p>\n

Poor internal policies and practices<\/h3>\n

Even with the most sophisticated\u00a0protective measures, organisations, and even the individual\u00a0user, must adopt good practices to limit the opportunities for unauthorised intrusions. A glaring weakness that is frequently overlooked is the USB flash drive that we use to save and carry information between devices. Similar to the floppy disk that preceded it, USB drives can harbour a broad range of malicious code that we, as users, unwittingly transfer or save to those drives, and then spread, when we connect them to other devices.<\/p>\n

On another note;<\/p>\n