ICT Pulse’s Publisher, Michele Marius, gave a talk at a cyber security seminar on 26 June. The presentation slides are shared, and an interesting development in Jamaica is discussed.

http://www.freedigitalphotos.net/images/view_photog.php?photogid=1152Earlier this week, on 26 June, ICT Pulse participated in a seminar and executive breakfast under the theme, “Scaling up Security Management for Newer Threats”. The event, hosted by Paladion at the Jamaica Pegasus Hotel, in Kingston, Jamaica, was targeted at network security specialists and senior executives from both the public and private sectors.

Paladion is one of the leading information risk management firms, with a presence in 30 countries worldwide. It has been included in a number of internationally recognised rankings for the network/information security, such as those prepared by Deloitte, Gartner, Info Security Products Guide, and Red Herring.

Although the focus of the seminar were the talks by Paladion Networks’ Chief Operating Officer, Vinod Vasudevan, ICT Pulse’s Publisher, Michele Marius, was invited to share some views into cyber security in the Caribbean, based on her many posts on the subject:

In her talk, which was titled “Jamaica: Victim or Perpetrator of Cyber Crime and Threats”, Michele sought to provide some context on cyber security specifically in Jamaica and in the region. First, key insights gleaned from Caribbean network security experts featured in articles published by ICT Pulse were highlighted. Thereafter, the Jamaican situation was examined, and finally suggestions were made on how participants, and the wider community, could improve their individual and collective security. The slides that were presented are shared below.

Incident at the Tax Administration of Jamaica

It is interesting to note that at the time when the presentation was delivered, there was little information in the public domain to corroborate reports that the Tax Administration of Jamaica (TAJ) had experienced a cyber incident. The hacker had announced the leaked data on Twitter, but there was no mention of the incident in the local media, and neither had the TAJ confirmed its occurrence. Questions have even been raised about whether the TAJ realised that it had experienced an intrusion. However, members of the local tech community did find some of the leaked the hacker allegedly released.

The importance of establishing trust relationships

In keeping with the presentation, although every effort should be made by an organisation internally, to implement and maintain adequate security measures, that, in and of itself, as the TAJ situation highlights, might not be enough. Organisations would benefit considerably from having the support of a Computer Emergency Response Team (CERT), or similarly a Computer Security Incident Response Team (CSIRT).

Typically a CERT (or CSIRT) ensures

… that appropriate technology and system management practices are used to resist attacks on networks and to limit damage and ensure continuity of critical services in spite if attacks, accidents or failures… (CERT)

CERTs can vary in the scope of their responsibilities and by extension their complexity and cost. However, these ought not impede their establishment across the Caribbean.  Without a doubt, and as corroborated by the security specialists we have engaged, intrusions in the Caribbean are highly prevalent, but in the majority of instances, they have not been recognised as such. Furthermore, cyber threats have increasingly become more stealth, more deeply embedded and more persistent. In light of the millions of dollars that can be lost in time, revenue, productivity and remediation when an incident occurs, a CERT can be an invaluable resource supplementing the internal security measures, and critical support should an attack or other incident be experienced.

Image credit: Firewall Protection, jscreationzs (FreeDigitalPhotos.net)

___________