Cyber attacks in the region on the rise – Trinidad & Tobago Express Newspapers

cyber-attacks-in-the-region-on-the-rise-–-trinidad-&-tobago-express-newspapers

Did you know that camDown is your security solution to protect you and your business from webcam hackers?

With the world’s swift adaptation to digital during the Covid-19 pandemic, the issue of cybersecurity has become pressing.

Dorian Dyer, DigitalEra’s vice president, Business Development told Express Business that in recent weeks there have been cyber attacks in Barbados and Saint Martin.

“That is more than usual. These attacks were done by big ransomware gangs. So we had two attacks in short order. That’s more than usual for the Caribbean. So yeah, we’re seeing an increase. Absolutely,” he said.

DigitalEra Group is a Florida-based, specialised solutions provider that offers Cybersecurity Consulting, Strategy and Services, and has been in business for over 20 years.

Dyer describes cyber attacks as a scourge.

And with more companies having a digital presence because of the pandemic, he stressed the need for all companies, even SMEs to beef up their cyber security.

Ricardo Martinez, the company’s chief revenue officer pointed out that the cyber attacks have become more newsworthy because of their impact on the companies that are targeted.

“Security breaches have been happening forever. Now, it’s how the organisation responds and the level of impact. Ransomware is a very unique type of attack because it really puts the company to a halt because everything is encrypted. There’s a tremendous amount of visibility. And also, a lot of organisations that are relying on digital technology today cannot offer that service so everybody is made aware—so if you have a bank that has your online banking and you’re trying to log into your bank account, and then all of a sudden it says we’re out of service, you kind of think that’s suspicious. So that obviously raises a lot of red flags.

“I think that’s the trend that you’ve been seeing, that since certain organisations are being impacted and get external visibility, that’s what makes it newsworthy. And that’s why more people are becoming aware of these types of events. It doesn’t mean that in the past, they haven’t had breaches or they haven’t had attacks, or even malware in the organisation. It’s just that it wasn’t as visible as it is today,” Martinez explained.

He observed that in the United States, companies have to disclose when there’s been a breach because there’s personal identifiable information.

“You’re required by law to provide those victims of their information being stolen with credit reports and credit access. In the region, we don’t necessarily have that,” Martinez added.

Paying up

Is the region being targeted?

“I do think that the region is being targeted, I mean all organisations are being targeted. But obviously when one is impacted and they do actually pay ransom, it’s a great target for other hackers to go and try to get their piece of the pie and get paid,” said Martinez.

He said that unfortunately what happens is that companies pay the ransom in cryptocurrency.

He explained that when an attack actually occurs, it happens after the ransomware has been inside the organisation for weeks or even months.

“They’ve been doing reconnaissance, finding out what critical information the organisation has, looking to see if they have backups and making sure that they delete those backups. So at the time that they encrypt, it’s already too late. So when that organisation says, okay, let’s just restore the backup like oh, wait a minute, we have no backups. So if they really want to restore information they either pay or they’re not going to get that data back,” he said.

He observed that paying the ransom is sometimes the only way to restore critical information.

Martinez said it’s one of the services which DigitalEra offers to its customers.

“These ransom organisations are very organised. It’s organised crime,” he said.

Martinez observed that while it’s a crime to be extorted, the wire transfer is the person’s choice.

Dyer said there exists no regulation which forbids the payments to ransomware in the Caribbean and that there are limited to no consequences on cyber attacks.

“Every time there’s a ransomware and there’s a breach, we try to get a copy of the code that was used to encrypt and to understand where is it coming from, who were the threat actors, and we kind of reverse engineer to find out... Oh, this was Russian-made or this was Chinese or this was by several characteristics within the code. But it’s kind of very difficult to really pinpoint it,” he said.

Roger Brian, English Caribbean territory manager for the group told the Express Business that the organisation moved from being an indirect distributor of software to now a hands-on distributor during the pandemic.

“Through our vast experience, human resource expertise (including ex-NASA security experts), and partner engagements we have amassed a great understanding of the ever-evolving cyber-risk landscape. We consider ourselves thought-leaders and work closely with clients, including large governmental organisations, regional financial institutions, and many large-scale companies, to improve their overall cybersecurity risk posture,” he said.

But what guarantee do customers have with their security software?

“In cybersecurity, there is no guarantee, the most you can do is your best effort. And obviously that’s kind of the approach that we’ve been addressing with our customers—really doing your best effort to make sure that things are secure and putting the best foot forward. For a lot of organisations, the vast majority of breaches could have been avoided by putting basic security controls as an example. A lot of organisations are still relying on a technology that’s 20 years old, and they haven’t updated to next generation technology. There’s over 3,000 security vendors out there and all of them have advanced technology and there’s so many ways that adversaries are getting into organisations, that you really have to put your best foot forward and make sure that you’re addressing the majority of those in the best way possible. So as a guarantee, there is no guarantee but we can ensure that if we put the basic controls that we are much better than most,” said Martinez.

When hackers attack

In October 2020 local conglomerate, ANSA McAL, was a victim of ransomware hackers who reportedly infiltrated some of the company’s IT systems. The attack apparently began at ANSA McAL’s operations in Barbados, specifically, the automotive sector.

One month after, the Port of Spain Corporation fell prey to a cyber attack, which delayed the ability of the Corporation to pay 1,300 daily paid workers on time.

Finally, let me just add that camDown is your security solution to protect you and your business from peeping toms!