“Information Security is not an IT issue, and it can never be owned by IT. It is a management issue…” but it requires everyone across an organisation to be knowledgeable and do their part. These are just a few of the insights shared by David Gittens, President of the Barbados Chapter of the Information Systems Security Association, in this interview to commemorate cybersecurity month. Learn about the current threat landscape, emerging threats; things were are (still) doing that sabotage our information security both personally and within organisations; plus tips to improve your organisation’s information security.
This episode is also available in Apple iTunes and on Stitcher!
In virtually all Caribbean countries and during the course of this month, October, there would have been some activity in recognition of cybersecurity month. To some degree, many of us believe we know the headlines of the issue: be safer online, ensure your antivirus is up to date; ensure you have robust passwords; do not use passwords multiple times; etc. However, truth be told, those tips are just the tip of the iceberg.
What might not be readily appreciated is the pace at which the digital threat landscape is changing and becoming more sophisticated, not just in the Caribbean, but globally. Further, our efforts should no longer focussed exclusively on protecting our hardware, but more importantly, our information. Although we might believe our information has little or no value to anyone else besides ourselves, that is not true. It may not necessarily be about immediate financial gain, such as being able to steal money from your back accounts. Through mining our information – learning who we are, our values, behaviour, what motivates us, etc. – we can be manipulated.
David Gittens (ISSA, Barbados Chapter)
This is just one of the many insights shared in this interview with David Gittens, a 30-year veteran in the technology/security field, who is also the President of the Barbados Chapter of the Information Systems Security Association. In our discussion, David was eager for us to appreciate that Information Security is its own dedicated field. All too often, it is assumed that individuals possessing IT (Information Technology) knowledge and expertise can automatically and competently address the broad range of information Security issues an organisation (or individual) may experience. That is not the case.
Further, through the examples David shares, we are invited to question and better appreciate some of the unspoken implications of the digital conveniences we not only enjoy, but also aspire to own. It does not mean that we should give up those conveniences and devices, but we could more carefully consider the access we are inherently permitting; whether we are comfortable with allowing such access; and what we might be able to do to limit our exposure.
In our interview with David, the areas we discussed included the following:
- The current state of cybersecurity and cybercrime in Barbados and the wider Caribbean
- How the threat landscape has changed over the years
- Practices or behaviour that Caribbean organisations engage in, that in the past, would have been okay, but now open them to threats
- Basic things that companies, or even individuals, are (still) not doing that seriously compromise the security of their devices and information
- From a security perspective, whether David is excited or concerned about some of the newer technologies, such as Bitcoin (cryptocurrencies) blockchain, and the Internet of Things
- The Information Systems Security Association, what it is about, and who should consider joining the ISSA
- Whether there are any new and emerging threats of which we should be more aware
- Three (3) key things organisations should be doing to improve their network/IT security.
We would love to hear your thoughts!
Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.
Select links
Below are links to some of the organisations and resources that either were mentioned during the episode, or otherwise, might be useful:
- David Gittens
- Information Systems Security Association
- Information Systems Security Association Barbados Chapter – website; Twitter
- Information Systems Security Association – Member benefits
- ICT Pulse article, 5 password managers to help you remember what you cannot afford to forget
- ICT Pulse article, When passwords are not enough: alternatives to consider
- Shadow IT
- ICT Pulse article, Considering BYOD in the workplace? What you should know
- Social engineering
Image credits: JanBaby (Pixabay); D Gittens
Music credit: Ray Holman
I had to listen about twice to this podcast to fully appreciate the deeper and broader perspective that the discussion highlights. When David G talks about organisations that could never have been considered as criminal organisations, but have in fact been found harvesting ( basically stealing ) data to use that for marketing purposes, for eg. That is unlikely to immediately register as a “criminal” activity. But in fact it is!