Cyber Security
Published on: May 09, 2017
The dangers of cyber threats in the Caribbean continue to evolve and spike at a rate never seen before. As the telecoms providers in the Caribbean seek opportunities to increase their revenues through increase internet penetration across the region risks mushrooms. The risks are further compounded as societies transcend geographical and physical borders, and real-time communication and business transactions are rapidly becoming an everyday staple.
However, utilizing the same networks and links that bind us globally as we communicate and do business are now the means through which cyber attacks are being perpetrated. Cyber threats and attacks from the present day digital pirates are able to strike from virtually anywhere in the world, causing catastrophic social and economic harm to countries that are oceans away.
Caribbean Governments cannot contain these cyber threats singlehandedly for several reasons. There is need for capacity building and overall public sector awareness, most governments do not have a centralized focus on risk and contingency planning and hence issues associated with cyber security are not prioritized, and overall there is no security program plan to increase network visibility and control.
In a recent article published in the St. Maarten Daily Herald, Martin Van Nes, an in-depth specialist in combatting cybercrime in the entire Dutch Caribbean, said cybercrime deserves more attention. “There is insufficient awareness about cybercrime among residents, within the business community, and in Government. There is an increased threat of cyber-attacks and cyber-security should be stepped up,” he said.
Mr. Van Nes couldn’t be more right, with thousands of new malware variants being released every month, the discovery of new security holes in our day to day applications, thousands of hackers and hacktivist, fraudsters and spammers, and the advanced persistent and targeted attacks our government Administrators are unable to defend the integrity, availability, confidentiality and sovereignty of Caribbean data and information technology resources without help. Public and private sector in-house IT teams need beefed-up support, greater investments in the latest technology and access to local and international resources that defend systems and data from digital pirates. To think all is safe when there is no clearly defined budget or procedures to deal with defending data and prevent security breaches is merely leaving the doors and windows opened to our government data and infrastructure.
Without a dedicated and planned approach we certainly can predict that the national security, public safety and economic development of our Caribbean governments will be compromised in a time when most islands are facing hard economic times. The decision to wait and see what happens is not an option. The Panama Papers, the $150M cyber robbery from a Jamaican bank, reports of Isis hijacking regional websites, customers local and regional being hit with ransomware attacks are all indicators that we need to adopt a different approach.
It is clear that the Caribbean government are easy targets for several reasons but there is hope. Governments need to implement a Contingency plan that looks at the impact of cyber breaches on national infrastructure. This plan should leverage a cadre of IT security expertise and skill which will take a 360 degree look at the issue of cyber security. Additionally this plan should be focused on increasing network visibility and management so that potential attacks can be identified and quarantined early. The Caribbean Cyber Security Center (CCSC) has developed such a team to support Caribbean governments in gaining independent validation and verification assessment and guidance to an improved security posture with reduced risks of exploitation.
Without expert collaboration from a team like the CCSC and possibly others, regional governments lessen their ability to respond to cyber threats and will be expose to greater risks online, as perpetrators learn to exploit national and regional information and communication technology weaknesses within the Caribbean one-by-one.
As an initial step the Government of St. Maarten has taken the proactive approach to tighten up the IT security which has lead to some public sector officers complaining about the restricted access at work. This move was and is necessary to ensure there is greater controlled access to IT systems which hold national security and personal information of the country. Phase two which will occur very soon will be an upcoming conference on cyber security with the goal of having all stakeholder with in ST. Maarten present to raise the level of awareness. This cyber security conference will be in collaboration with the Bureau of Telecommunications and Post St. Maarten, the Public Prosecutors Office, the Caribbean Cyber Security Center and other national stakeholders. In addition a draft national security action plan will be developed which will be used as a guide for private and public sector organization to ensure the relevant level of security controls are in place to protect systems from digital pirates.
Deon Olton Bsc. CEH
Senior Cyber Security Consultant
Caribbean Cyber Security Center
Caribbean Governments cannot contain these cyber threats singlehandedly for several reasons. There is need for capacity building and overall public sector awareness, most governments do not have a centralized focus on risk and contingency planning and hence issues associated with cyber security are not prioritized, and overall there is no security program plan to increase network visibility and control.
In a recent article published in the St. Maarten Daily Herald, Martin Van Nes, an in-depth specialist in combatting cybercrime in the entire Dutch Caribbean, said cybercrime deserves more attention. “There is insufficient awareness about cybercrime among residents, within the business community, and in Government. There is an increased threat of cyber-attacks and cyber-security should be stepped up,” he said.
Mr. Van Nes couldn’t be more right, with thousands of new malware variants being released every month, the discovery of new security holes in our day to day applications, thousands of hackers and hacktivist, fraudsters and spammers, and the advanced persistent and targeted attacks our government Administrators are unable to defend the integrity, availability, confidentiality and sovereignty of Caribbean data and information technology resources without help. Public and private sector in-house IT teams need beefed-up support, greater investments in the latest technology and access to local and international resources that defend systems and data from digital pirates. To think all is safe when there is no clearly defined budget or procedures to deal with defending data and prevent security breaches is merely leaving the doors and windows opened to our government data and infrastructure.
Without a dedicated and planned approach we certainly can predict that the national security, public safety and economic development of our Caribbean governments will be compromised in a time when most islands are facing hard economic times. The decision to wait and see what happens is not an option. The Panama Papers, the $150M cyber robbery from a Jamaican bank, reports of Isis hijacking regional websites, customers local and regional being hit with ransomware attacks are all indicators that we need to adopt a different approach.
It is clear that the Caribbean government are easy targets for several reasons but there is hope. Governments need to implement a Contingency plan that looks at the impact of cyber breaches on national infrastructure. This plan should leverage a cadre of IT security expertise and skill which will take a 360 degree look at the issue of cyber security. Additionally this plan should be focused on increasing network visibility and management so that potential attacks can be identified and quarantined early. The Caribbean Cyber Security Center (CCSC) has developed such a team to support Caribbean governments in gaining independent validation and verification assessment and guidance to an improved security posture with reduced risks of exploitation.
Without expert collaboration from a team like the CCSC and possibly others, regional governments lessen their ability to respond to cyber threats and will be expose to greater risks online, as perpetrators learn to exploit national and regional information and communication technology weaknesses within the Caribbean one-by-one.
As an initial step the Government of St. Maarten has taken the proactive approach to tighten up the IT security which has lead to some public sector officers complaining about the restricted access at work. This move was and is necessary to ensure there is greater controlled access to IT systems which hold national security and personal information of the country. Phase two which will occur very soon will be an upcoming conference on cyber security with the goal of having all stakeholder with in ST. Maarten present to raise the level of awareness. This cyber security conference will be in collaboration with the Bureau of Telecommunications and Post St. Maarten, the Public Prosecutors Office, the Caribbean Cyber Security Center and other national stakeholders. In addition a draft national security action plan will be developed which will be used as a guide for private and public sector organization to ensure the relevant level of security controls are in place to protect systems from digital pirates.
Deon Olton Bsc. CEH
Senior Cyber Security Consultant
Caribbean Cyber Security Center