Expert insights 3: Cyber threats and security in the Caribbean 2014 update

In this the third instalment of our 2014 Insights series, McAfee, through its Caribbean office, shares some thoughts on cybersecurity in the Caribbean.

STUXNET by marsmet481 (flickr)The impact of cybercrime and threats cannot be underestimated. To varying degrees, based on news reports and public advisories issued, we all may have some inkling of the extent of the devastation caused when major firms and organisations experience a breach. However, all too frequently, be it directly or indirectly, the fallout extends to us, as customers and users, resulting in a loss trust, credibility and an overall sense of being vulnerable.

In this the third instalment of our Insight series, we are thrilled to have Hector Diaz of McAfee Caribbean. McAfee, which is being rebranded as Intel Security, is a globally recognised and well known computer security software firm. Its Caribbean office is in the Dominican Republic, and in addition to the Dominican Republic, it serves Puerto Rico, all of the West Indies, and Bermuda. Hector is a Security Advisor with extensive experience in the IT security space, and possesses a diverse skill set that includes a strong technical background in infrastructure and security.

ICT Pulse: Hector, give us a quick recap of what were the most prevalent incidents in the Dominican Republic and/or in the Caribbean region in 2013?

Hector Diaz: During 2013, McAfee recorded and average of 200 new threats every minute, more than three every second worldwide. In the case of the Caribbean region, we saw an increase in multiple advanced threats now targeting the data instead of affecting the infrastructure. Now more than ever, we are seeing attacks oriented to hijack ATMs, a more sophisticated type of phishing that tries to lure 2nd factor authentication methods, as well as database-targeted attacks. Regulations and standards have helped to create awareness of the importance of IT Security in the healthcare and financial institutions, particularly in the Dominican Republic and Puerto Rico, creating a trend that is expanding across the region based on the prevalence of these new forms of cybercrime that in the past we thought were only a problem of more developed countries.

Two-factor authentication definition (Wikipedia)ICTP: Although we are still early in 2014, how is the threat landscape changing? Are there any particular areas of concerns that you have for Caribbean organisations this year?

HD: The threat landscape is changing based on the new technologies that we are seeing in the market. Now attackers are targeting mobile devices, fixed function devices such as POS, ATMs, handhelds, and also social media, in order to take advantage of vulnerabilities in areas that typically most companies don’t pay enough attention. Also, we are seeing an increase in the complexity and the number of different vectors utilised to execute these attacks. At Intel Security, our concern and our message for Caribbean organizations have been the implementation of a Security Framework capable of protecting customers’ assets from “the Silicon to the cloud” in an integrated fashion that creates an environment where situational awareness helps companies to respond proactively to these threats.

ICTP: At the CARICOM/regional level, there appears to be a growing awareness of cybercrime and calls by leaders that something be done. In your opinion, have there been any improvements in the cybersecurity-associated resources or support structures in the Dominican Republic, and/or perhaps regionally? What might still be missing?

McAfee_logo (Wikipedia)HD: Technology adoption in the region is at an all-time high. With this adoption, security has become an important pillar of computing. In the Caribbean region, we have seen important improvements in the cybersecurity policies adopted by private and government institutions; some of them based on security initiatives, and some others based on compliance requirements in order to conduct businesses in a safe environment with overseas business partners.

From my personal perspective, we still need some understanding that security is a business enabler instead of a cost for organisations. Even though we have seen improvements, there is still some struggle from CSOs [Chief Security Officers] to justify specialized security projects across the region based on a lack of understanding of the importance of IT Security as the umbrella that covers and protects all the business processes in an organization.

ICTP: Are you observing any real evidence of a greater willingness among organisations to take cyber/network security more seriously? How is that awareness (or lack thereof) being manifested?

HD: There’s definitely a greater willingness in the region to adopt cybersecurity more seriously. An evidence of this is the number of positive steps that C-level executives are taking with their companies: to increase security-conscious behaviour from their employees; to create security awareness training; and to advise on how to counter social engineering, as well as strengthening their infrastructure, with a holistic approach to security that now protects the most valued assets instead of just the infrastructure with the traditional solutions. There is also a growing need for a Security Connected Framework that permits interconnectivity across multiple security layers in order to provide real-time visibility and the ability to respond no matter where the threat comes from.

ICTP: Are there any key areas businesses should be investing their network security/IT dollars this year?

HD: Our recommendation is to invest in technologies oriented to protect businesses in three key areas:

  1. Streamline business processes with solutions such as Database Security, Secure API Management, multi-factor authentication, and Application/Change Control.
  2. Obtain situational awareness and real-time visibility: Customers need to integrate all the security layers that they currently have in place, in order to analyse security from all angles with the adoption of next generation SIEM technologies, as well as real-time components to deal with incidents in seconds instead of hours or days.
  3. Evaluate (and update if necessary) your security countermeasures: Security is constantly evolving and based on that fact, companies need to evaluate if their current solutions are capable of handling the new types of threats, and whether they provide the ground layer for security integration. The time is appropriate to assess the state of your environment and make the changes to prepare yourself and your infrastructure.

Security information and event management definition (Gartner)ICTP: Finally, as you are aware, there has been considerable discussion about the recently discovered “Heartbleed bug”. If there is one thing that people should know about this vulnerability, what would that be? And what would be your best advice to minimise its effect?

HD: There has been a tremendous amount of activity over the past few weeks in response to the Heartbleed bug discovered in OpenSSL, an open source tool used by thousands of web sites to encrypt web traffic. The bug enables an attacker to obtain a random 64K chunk of memory, which could contain sensitive information, such as a user ID or password. The result has been a mad scramble to fix the vulnerability by the many web site owners and security software vendors who rely on OpenSSL.

McAfee, as a company, was also affected by Heartbleed, but we worked quickly to identify all our products that use OpenSSL. We made updates and sent them out as quickly as possible. We have also spent time talking to our customers to reassure them, and letting them know that we have products and services to keep them safe.

For all of our customers, we have created an online SSL testing tool that you can use to verify whether a site you are accessing contains the vulnerability or not. Today, McAfee is also offering a free tool to McAfee Web Gateway customers, which can automatically check sites that their users visit for the vulnerability, and either warn the user or block their access until it has been remediated. The tool relies on a service that McAfee is hosting to check for the presence of the bug, but you can also configure your own Heartbleed checking service so you won’t be dependent on McAfee’s service.

And finally, we’ve created a campaign to create awareness and protection to all of our consumer-oriented customers with recommendations and precautions to keep in mind, especially if you are a mobile user:

Do you have any questions for Hector? Do you agree/disagree with this views? Do share your thoughts in the Comments section below.


Image credit:  marsmet481 / flickr; Wikipedia




Comments are closed.