This is the second in our series seeking insight from network/IT security professionals across the Caribbean on cyber intrusion and security in the region.
In our inaugural cyber threats and security “Expert insights”, featuring Niel Harper from Barbados, he confirmed that online threats are far more prevalent in the Caribbean than we might have realised. Moreover, organisations rarely report intrusions, and in Barbados, there is insufficient capacity for cyber security response.
In this the second in our series, we have a Jamaican perspective. Garfield Gordon, Territory Systems Engineer for Cisco Systems Inc., based in Jamaica, has graciously responded to a series of questions posed by ICT Pulse. Garfield has over 20 years’ experience in the IT/ICT space, and his areas of expertise include: Systems Integration, Networking, Internet, Security, Wireless, Mobile, Application Development and Business Enablement.
ICT Pulse: Garfield, how prevalent do you think cyber intrusions are in Jamaica, and in the wider Caribbean? By chance, do you have access to any data?
Garfield Gordon: It is common knowledge within the IT community that there are various intrusion attempts daily. What is not stated or readily apparent is the success rate of some of these attempts. Most of these attempts can be classified by the methods being used: port scanning, “script kiddie” type applications, and orchestrated intrusion attempts that are very clinical in targeting a specific vulnerability within a system.
In Jamaica, there have been a few media reports about people being charged for cyber crimes, ABM fraud, lottery fraud, etc. with the police seizing electronic equipment used to commit the aforementioned crimes.
GG: A number of organizations focus only on network security but fail to address the other pillars of security, being physical security and application security. A number of applications can still be compromised by using the “SQL injection” method of attack and even worse, some applications are written with the “sa” username and password within the application or website. Some intruders manage to use social engineering techniques to gain access although we (at Cisco) have been providing information on this technique for the past decade.
Additionally, most organizations only focus on the perimeter security and fail to address activities that may originate internally within the network like viruses, worms, Trojans, bots and deliberate attempts to compromise systems and retrieve data. Some IT security staff believe that a one-time review of the systems and event logs every day is sufficient. However, they need to do this more frequently and implement the necessary system(s) to correlate incidents or suspicious activities.
GG: Based on information provided to me, I can state that there has been an increase in reconnaissance activities, Denial of Service (DDoS, DoS), and penetration attempts within our top tier business verticals, being telecommunications, finance and insurance. Each territory in the Caribbean experiences different levels of penetration attempts or intrusions based on their staple markets. Cayman and Bermuda, for example, have a perceived higher rate of attempts probably because there are more financial and insurance companies in those territories.
ICTP: Are there any hardware and/or software solutions you believe might be more effective in addressing cyber intrusions?
GG: There are a number of vendors that provide security solutions but most focus only on the network security pillar. Cisco has solutions to address all of the security pillars previously mentioned. The links to the solutions are listed below:
- Network Security www.cisco.com/go/security
- Physical Security www.cisco.com/go/physec
- Video Surveillance www.cisco.com/go/physec
- Firewalls www.cisco.com/go/firewalls
- Intrusion Prevention Systems www.cisco.com/go/ips
- Network Admission Control www.cisco.com/go/nac
- Bring your own device www.cisco.com/go/ise
- Web Security www.cisco.com/go/wsa
- E-mail Security www.cisco.com/go/esa
- Endpoint VPN www.cisco.com/go/anyconnect
- Application www.cisco.com/go/ace
- Network/Security Management www.cisco.com/go/prime
- Virtual Private Networks www.cisco.com/go/vpn
Cisco also has a library of validated designs for most verticals, including security. Please visit: www.cisco.com/go/cvd
ICTP: Are there any cyber security-associated resources or support structures you believe are lacking nationally in Jamaica, and/or perhaps at the regional level?
GG: We have the Cyber Crimes Act 2010 in Jamaica, but the police can only enforce it with the cooperation of the business entities or other victims that have been affected by such crimes. It boils down to a matter of reputation and in Jamaica, much like the wider Caribbean, image matters. Thus many of these activities are not reported to law enforcement.
We may need to setup an entity in Jamaica or the Caribbean, something similar to the National Institute of Standards and Technology (NIST) in the US, where entities can provide data anonymously and allow us to gain some insight into these types of activities.
ICTP: What do you believe should be the next steps in Jamaica, and/or in the wider Caribbean, to move national (and/or regional efforts) on cyber security in the right direction?
GG: We need governance and compliance processes to be implemented within organizations – similar to Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). Following that, a rule should be instituted to list the compliance status of publicly traded companies on the respective stock exchanges. This would ensure that companies take cyber security seriously and also provide a business differentiator.
Another thing to do is to conduct regular workshops to the staff sensitizing them to the benefits and nuances of cyber security. These workshops can be conducted by internal staff or vendor representatives.
ICTP: Finally, is there any one tip you could share that could reduce the risk of cyber intrusion to organisations, or even to the personal user?
GG: Whilst you had asked for one tip, I feel it necessary to highlight a few that will lead to a reduction of incidents:
- Stop reading e-mails from unknown persons where the subject implies getting something free.
- Stop reading e-mails with nonsensical subject lines or very poor grammar and spelling even when it appears to come from someone you know. Most of our friends and family members can spell.
- Stop clicking on the links in the e-mails that want you to update your profile or change your password. For example, there is a fake Bank of America website (_www.b-of-america.co.cc_) that to the untrained eye looks like the real website (www.bankofamerica.com) and its purpose is to steal your banking credentials.
- While I am not advocating their use, if you choose to use a Bit Torrent site to download files, be prepared for the consequences of having viruses or other remote control software being installed on your system.
- Stop letting your children use your corporate or business device to play games or download software from the Internet. You may inadvertently bring a virus or Trojan horse into your business environment.
- Finally, stop clicking on websites offering “free computer check up” or the popup “Your computer has a virus. Click here to remove it”. Did you instruct your computer to search for a virus? How did it suddenly know that you had a virus? Ironically, it will install the virus when you click on the link to remove the virus.
Do you have any questions for Garfield, or views you would like to share? Please do so in the Comments area below.
Looking forward to your feedback!
Image courtesy of Null Value, flickr