Guest contributor, Deon Olton of the Caribbean Cyber Security Center in Barbados, recommends three cybersecurity resolutions Caribbean organisation should adopt to be better prepared in 2014
Cybersecurity predictions for the Caribbean for 2014 paint a dismal picture for the private and public sectors in the region. We expect to see a spike in the number of security breaches, ranging from website defacement and invasion of privacy on smartphones, to full-scale attacks on systems still running Microsoft Windows XP. These breaches will have an impact on the confidentiality, integrity and availability of data, as well as the systems organisations need to stay online and in business. Some may think that these predictions are merely a scare tactic, but I am sure those who are foolhardy and not take them seriously will end-up on the front page of the leading publications in the region.
Despite the gloom and doom there is hope. There are three cybersecurity resolutions that governments and organisations ought to consider in order to avoid much of the dangers that lie ahead. A new approach to cybersecurity in 2014 is needed because all of the headline news of 2013 suggests that we are under attack.
Raising the cybersecurity profile of an organisation or government in 2014 will not get any easier. The threat landscape is ever evolving, as there are vulnerabilities in software, PCs, smartphones, servers, routers, firewalls, security policies, and the list goes on. The recommended resolutions are critical to ensure that we, in the Caribbean, reduce the possibility of a breach, or the downtime as a result, and will assist organisations in moving to a better cybersecurity state.
Resolution 1: Recognize the threat
There ought to be a clear understanding of what impact a network breach will have on your organisation. Questions to be answered include:
- How much money will you lose for each hour or day the systems is offline?
- What is the cost associated with restoration of service?
- What is the public relations cost to manage the effects of the breach?
- Further, should data be lost, how will it affect your organisation from an operational, financial and customer retention perspective?
Cyber threats must be seen as a business continuity issue and not an IT problem. It requires direction from upper management since the effects can bring the entire business to a halt. The days when installing an antivirus programme on all PCs was the answer to all our problems are long gone. There is need for awareness at all levels of an organisation to foster a security-minded culture.
Our predictions show that the level of sophistication of attacks will continue to increase and will make identification, detection and remediation harder for systems administrators. However, ensuring that every employee understands how he or she contributes to the overall organisational defences is critical.
Resolution 2. Invest in your organisation’s cybersecurity defences
Investing in your organisation’s defences is critical and can make a big difference in securing its data, and its financial and infrastructural assets, as an outage or breach will have high cost implications. Buying a firewall and antivirus is a good starting point, but it is not enough. There is rarely a good time to argue for investment dollars for IT, especially during times of budget cuts and job lay-offs. However, investments in security now will be far cheaper than fixing breaches after the fact.
Greater efficiencies are now needed to offset reduced staffing and services that are a result of budgetary curtailing. Nevertheless they can be accomplished, provided the IT and security teams plan and invest in technical, management and employee awareness solutions that address the most pertinent threats.
The past pattern of cyber intrusions in the region, plus the predictions for more aggressive activity on critical infrastructure clearly shows the need for proactive cybersecurity. Losing valuable data, in and of itself, is bad enough. However agencies cannot put an accurate price tag on the loss of public trust and company image that accompany highly publicized data breaches. A smaller investment up front can go a long way towards avoiding such a dire scenario.
3. Choose a cybersecurity partner
With all of the uncertainty of whether your organisation has an adequate defence system, or which phase of the attack progression it is in, it is critical to leverage the resources of a cybersecurity partner who can help. No matter who handles your network security, you need to have an independent assessment of where you are.
Do you get reports on the number of attempted intrusions? Do you know who has access to your data, where it is and if it is secure? Have you ever had a penetration test and or network vulnerability assessment as part of the overall IT Risk Assessment? If you answered NO to any of these questions, your organisation needs to determine the state of the attack progression it is in.
Getting an independent third party assessment is mandatory at this stage of the region’s maturity. Your cybersecurity partner must have the ability to take a 360-degree look at your organisation, classify the threats and quantify the losses as a result of a data breach. In essence, a good cybersecurity partner will have key knowledge and experience that your internal IT staff may not possess and should be vender agnostic. These qualities are essential to ensure that your chosen partner has the skills and capabilities to help you find and remediate weaknesses in your organisation that investments in technical solutions and tools alone cannot identify.
In summary these three resolutions are essential for any organisation that is serious about not being hacked or exposed to data losses, and should be used as a roadmap to navigate this ever-evolving threat referred to as cybersecurity.
Mr. Deon Olton, a UWI graduate and Certified Ethical Hacker has worked with LIME, FLOW and Barbados Shipping and Trading (now Neal and Massy) and in his outstanding career, and has made a noteworthy contribution to ICT and Cyber Security across the Caribbean.
Mr. Olton’s experience in telecoms, ICT and Cyber Security has allowed him to perform roles in Business Process Re-engineering, IT Risk Assessment, Security Awareness Training and long-term strategic IT planning. With this depth of experience and passion he has founded Enterprise Solutions to provide Telecoms Cost Management consulting services. As co-Founder, of the Caribbean Cyber Security Center, as CTO he is responsible for developing proactive plans to address the growing Cyber Security threats to the Caribbean region’s economies.
Image credit: Free Press Pics (flickr)