The second installment in our 2013 series in which we discuss with network/IT security professionals across the region cyber intrusion and security in the Caribbean.
In this the second in our Expert insights series for 2013 in which we revisit matters related to cyber threats and security in the Caribbean, we have Garfield Gordon, Territory Systems Engineer for Cisco Systems Inc., and Chief Technology Officer for Wise Point Business Intelligence Solutions. Garfield, who is based in Jamaica, has over 20 years’ experience in the IT/ICT space. His areas of expertise include: Systems Integration, Networking, Internet, Security, Wireless, Mobile, Application Development and Business Enablement.
ICT Pulse: In the last year there has been numerous reports of intrusions across the Caribbean – both on government and private sector networks. Based on your work in the field, do you think incidents have increased, or is it just a case that more information is reaching the public domain?
Garfield Gordon: Without any empirical data, it is my opinion that the number of intrusion attempts remains relatively constant. However, the sophistication of the attacks has improved and they are meeting the desired goals.
ICT Pulse: Over the past year, have you witnessed any increased awareness or concern among organisations, or even individuals, regarding cybercrime and security in Jamaica?
GG: Since the intrusions within the service providers and the third party entities that manage the credit card information for the banks were publicized, there has been an increased awareness and interest in data security and what are the best practices to employ. The interest extends beyond using firewalls to secure data traffic and into other areas such as:
- Cloud Computing
- Bring Your Own Device (BYOD)
- Data Loss Prevention (DLP)
- E-mail encryption
- Web 2.0
- Video Surveillance, and
- Physical Security.
ICT Pulse: Have you observed any patterns or commonalities in the types of intrusions that have been prevalent in Jamaica, or possibly across, the region?
GG: Throughout the Caribbean and to a larger extent, this hemisphere, I continue to observe that the attacks are focused in the following sectors: Telecommunications, Financial Services, Remittances and now the Business Process Outsourcers (BPO). The attackers always seem to target entities dealing with money, credit ratings and large volumes of information.
ICT Pulse: Are there still any lingering misconceptions that organisations still seem to have about network security? If so, what are your observations?
GG: A number of persons within organizations still have the belief that a firewall is sufficient to protect them. They do not review the audit files as frequently as they should, and this is what makes some of the intrusions successful. For some of the environments, having improperly configured wireless routers and wireless networks have led to data loss. However, there are training courses that will help to identify and mitigate against a large number of intrusion attacks. Some of these courses and certifications are:
- Cisco Certified Internetworking Expert (CCIE) – Security
- Cisco Certified Network Professional (CCNP) – Security
- Check Point Certified Master Architect (CCMA)
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Wireless Security Professional (CWSP)
- GIAC Secure Software Programmer (GSSP) and
- CompTIA Security+.
ICT Pulse: Many organisations, especially our SMEs, that recognise the importance of network security, can be challenged by budget limitations, vis-a-vis the likely cost of a comprehensive suite of solutions. What advice would you share, in terms of how best to spend their modest allocation for network security?
GG: Across the Caribbean, both the Service Providers and the established IT companies are either offering or beginning to offer a “managed services” portfolio targeted to the SME segment. These large companies are now becoming more nimble and flexible to the constrained budgets of the SME sector. Most SME owners still prefer to deal with their “IT guy” but they should be aware that there are options out there. Some of them encourage their “IT guy” to do trainings in security and produce the certificates.
As an alternative, they may engage one of these established entities to perform a security audit and some of them may do it for free if you sign up for a particular service.
Across the globe, the most valued items for a SME owner are: relationship, trust and reputation. This is why there will always be a market for the “IT guys” catering to this segment because they take the time to develop the values that SME owners are looking for and not just view them as a number.
ICT Pulse: Finally, is there any single emerging trend or type of threat that you would flag as requiring extra vigilance in the region?
GG: Technology and processes change so rapidly so it is difficult to focus on any single trend. The following trends, whilst beneficial and helping to harmonize the elusive work/life balance, will need some extra vigilance:
- Business Process Outsourcing
- Cloud computing
- Bring Your Own Device (BYOD).
Do you have any questions or comments for Garfield? Do share them the Comments area below.
Looking forward to your feedback!
Image credits: FreeDigitalPhotos (for featured image)