In the final instalment in our Expert insights series on cyber threats and security for 2022, and with Obika Gellineau of KPMG in Trinidad and Tobago, he discusses, among other things: what may have happened in the Massy Stores hacking incident; whether organisations are focusing on risk, reputation, and business continuity in how they approach cybersecurity; and three key things organisations should be doing in 2023 to improve their network/IT security posture.

 

This episode is also available on SoundCloudApple iTunes, Google Play Music, Spotify, Amazon Music and Stitcher!

In the Caribbean region and on a regular basis, there are news reports about organisations being hacked, and in some instances, data being stolen. Although the number of news reports might be just the tip of the iceberg, the situation is considerably better than it had been just a few years ago when very few incidents were made public.

It thus seems that Caribbean organisations’ attitude to cyber threats and security has been evolving, and it may also be argued, increasingly recognising the need for greater vigilance and investment in security. However, although there might be more awareness, security experts are concerned that basic security measures are still absent in many organisations across the region.

To set us all up to be even more security-vigilant in 2023, this is the final update in our longstanding Expert Insight series on cyber threats and security. Once again, we have invited security experts, to share their knowledge and experience on network intrusion and security, generally and in the Caribbean region.

 

Introducing our guest

Obika Gellineau

Obika Gellineau is the Cyber Services Manager in KPMG’s Advisory with over 10 years of experience involving Forensics, Criminal Investigations and Information Technology. He has a Master of Science degree in Information Management from the University of Strathclyde in Glasgow. He is Security+, Cybersecurity Analyst+, Pentest+ and CASP+ certified by the Computer Information Technology Industry Association (CompTIA). He is also an Offensive Security Wireless Professional and a Certified Cryptocurrency Auditor.

In his current professional capacity, Obika is the Certifications Coordinator of the Information Systems Audit Control Association (ISACA) Trinidad and Tobago Chapter and is the Communications Director for the Business Continuity Management Information Exchange (BCMIE Caribbean)

Obika has held security positions in both public and private sector institutions, including the Trinidad and Tobago Forensic Science Centre, the Special Anti-Crime Unit Trinidad and Tobago (SAUTT) and First Citizens Bank Limited. During his time in the private sector, he has been instrumental in developing and implementing various projects and cybersecurity/BCP risk methodologies that support ISO and PCI-DSS standards.

At KPMG, Obika continues to design and develop cybersecurity programmes for KPMG’s various clients to provide innovative solutions. You can follow him on LinkedIn where he regularly shares articles and insights into security and science-related activities.

 

Insight into our conversation

If there is anything that this conversation with Obika drove home is how sophisticated and patient many of the intrusions are. They are not necessarily about making a buck quickly, instead, there is an emphasis on acquiring information, learning more about an organisation’s operations and capitalising on its weaknesses. When intrusions are examined through that lens, the need for considerably more vigilance and comprehensive policies and procedures – which everyone follows – is essential.

One of the observations Obika has made, which he shared with us, is that Caribbean organisations still do not focus on the ‘people’ leg of the security trifecta – people, process and technology. People, which would cover staff, are not trained in the basics of cyber security, or in the policies and procedures that they ought to be following, which in turn underpin the digital security of organisations. A point highlighted by many of our past experts is that an organisation’s employees tend to be its greatest security vulnerability, as it is unwittingly through their actions that hackers get access to networks that they can exploit.

Below are a few of the questions posed to Obika during our conversation.

  1. To start, do tell us a little more about yourself and how you got into cyber and information security.
  2. Give us a quick recap of what has been happening in Trinidad and Tobago and/or the wider  Caribbean region regarding cybersecurity threats and incidents.
  3. In what areas have you observed organisations making cybersecurity investments, versus where you believe they should actually be investing?
  4. You would be aware that Massy Stores in Trinidad and Tobago experienced one or more cyber-attacks this year, which started to become public in April. At that time, they denied any intrusion occurred, but it appears that they did not they in fact had been breached until about October. What can organisations do to better detect a breach, and how should they respond?
  5. To what degree do think Caribbean organisations are focusing on risk, reputation, and business continuity in how they approach cybersecurity?
  6. What might be three (3) key things organisations should be doing in 2023 to improve their network/IT security?

 

We would love to hear from you!

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Below are links to some of the organisations and resources that either were mentioned during the episode or otherwise, might be useful:

 

 

Images credit:  O Gellineau;  Gerd Altmann (Pixabay); kat wilcox (Pexels);  Freepik

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell

Podcast editing support:  Mayra Bonilla Lopez