Bevil Wood­ing

Cy­ber se­cu­ri­ty is now a wide­ly used term to de­scribe how com­put­er sys­tems are pro­tect­ed from unau­tho­rised ac­cess, ma­li­cious dam­age or de­lib­er­ate at­tacks. Cy­ber se­cu­ri­ty is most strong­ly as­so­ci­at­ed with cy­ber­crime with good rea­son. Cy­ber crime is one of the fastest grow­ing crim­i­nal ac­tiv­i­ties in the world. It tran­scends bor­ders, ju­ris­dic­tions and economies. Es­ti­mates put the glob­al cost of cy­ber crime at some US$388 bil­lion a year.

Cy­ber se­cu­ri­ty should be the con­cern of every com­put­er user and a pri­or­i­ty for every busi­ness own­er. The dan­ger is re­al and in­cludes the abil­i­ty of dis­grun­tled em­ploy­ees to sab­o­tage your sys­tems; the use of mo­bile mes­sag­ing by crim­i­nal gangs to arrange ne­far­i­ous ac­tiv­i­ty; the ca­pac­i­ty of hack­tivists (hack­ers with a po­lit­i­cal agen­da) to ground busi­ness­es or desta­bilise so­ci­ety; the ca­pa­bil­i­ty of com­pet­ing busi­ness­es to steal your in­tel­lec­tu­al cap­i­tal; and the pow­er of an­oth­er na­tion to com­pro­mise crit­i­cal in­fra­struc­ture and in­dus­tri­al process­es. These re­al-world threats make cy­ber se­cu­ri­ty a top pri­or­i­ty for gov­ern­ments and busi­ness­es alike.

Clear and present dan­ger

The Nor­ton Cy­ber­crime Re­port 2011 found that some 431 mil­lion adults ex­pe­ri­enced some sort of cy­ber crime in the last year alone. More dis­turbing­ly, the glob­al eco­nom­ic cri­sis has cre­at­ed an en­vi­ron­ment in which cy­ber crime is good busi­ness for bad peo­ple. More busi­ness­es are tac­it­ly sup­port­ing cy­ber­crime in the in­ter­ests of strate­gic ad­van­tage. For ex­am­ple, there is a thriv­ing mar­ket for stolen cor­po­rate da­ta. Con­se­quent­ly, tech­ni­cal staff in­side of or­gan­i­sa­tions such as banks are be­ing court­ed by the crim­i­nals be­cause of their skills and in­side knowl­edge of sys­tems.

The grow­ing risks that at­tend our in­creas­ing­ly con­nect­ed so­ci­eties makes cy­ber se­cu­ri­ty an im­pos­ing chal­lenge for busi­ness­es and gov­ern­ments the world over. With­in the re­source-con­strained Caribbean con­text, the chal­lenge is par­tic­u­lar­ly acute. Caribbean busi­ness­es, es­pe­cial­ly those with large net­works, like fi­nan­cial in­sti­tu­tions and in­sur­ance and en­er­gy com­pa­nies, are un­der con­stant as­sault. Net­works man­aged by gov­ern­ments, man­u­fac­tur­ing sec­tor firms, small busi­ness­es and aca­d­e­m­ic in­sti­tu­tions are not spared ei­ther. Yet, cy­ber se­cu­ri­ty re­mains some­what of a "ter­ra incog­ni­ta" with­in the re­gion. Very lit­tle is re­port­ed about the lev­el or im­pact of cy­ber crime or the pro­file of vic­tims. Many com­put­er net­work ad­min­is­tra­tors are bliss­ful­ly ig­no­rant of the sever­i­ty of the threat, or the mech­a­nisms to de­tect in­tru­sion or pro­tect cor­po­rate sys­tems–leav­ing their or­gan­i­sa­tions ex­posed.

Com­pa­nies in Latin Amer­i­ca and the Caribbean have had gi­ga­bytes of da­ta stolen by lo­cal and in­ter­na­tion­al pri­vate hack­ing groups. In var­i­ous sur­veys, more than half of cor­po­ra­tions in the re­gion re­port be­ing vic­tims of cy­ber at­tacks and da­ta theft. These cor­po­ra­tions, when they de­tect the in­tru­sion, gen­er­al­ly do not re­port the prob­lems to the gov­ern­ment se­cu­ri­ty ser­vices. For most coun­tries, cur­rent leg­isla­tive frame­works do not ad­e­quate­ly ad­dress is­sues of pros­e­cu­tion, pe­nal­i­sa­tion or resti­tu­tion. Even where statutes are in place, se­cu­ri­ty forces are ill-equipped to deal with the grow­ing com­plex­i­ty of cy­ber risks. In light of the glob­al na­ture of cy­ber crime, and in the ab­sence of a co­her­ent na­tion­al or re­gion­al cy­ber se­cu­ri­ty frame­work, the busi­ness com­mu­ni­ty needs to take de­ci­sive steps to pro­tect their in­tel­lec­tu­al and eco­nom­ic in­ter­ests. At the same time, gov­ern­ments need to take ur­gent ac­tion to en­sure that cit­i­zens, crit­i­cal in­fra­struc­ture and na­tion­al in­ter­ests are ef­fec­tive­ly pro­tect­ed.

Se­cu­ri­ty be­gins at home

For pri­vate and pub­lic sec­tor or­gan­i­sa­tions, a good cy­ber se­cu­ri­ty pol­i­cy must ad­dress is­sues of:

Ac­cess con­trol: En­sure the right peo­ple have ac­cess to the right in­for­ma­tion and tools at the right time. This ap­plies not just to sys­tems at the of­fice, but to mo­bile phones, tablets, lap­tops and home com­put­ers. An in­te­grat­ed ap­proach is need­ed. Poli­cies and staff train­ing: The abuse of In­ter­net ac­cess and cor­po­rate e-mail cre­ates gaps for cy­ber crim­i­nals to ex­ploit. It al­so places a busi­ness' brand and rep­u­ta­tion in dan­ger. Staff train­ing and the de­vel­op­ment of a cul­ture of se­cure busi­ness prac­tices is crit­i­cal to both pre­ven­tion of and re­cov­ery from se­cu­ri­ty breach­es. No­ti­fi­ca­tion, back-up and re­cov­ery: In the event a se­cu­ri­ty breach or a cy­ber at­tack, busi­ness­es need to have a co­her­ent no­ti­fi­ca­tion and re­cov­ery strat­e­gy. These in­clude ini­tial steps for im­me­di­ate­ly lim­it­ing the im­pact of the se­cu­ri­ty breach, find­ing and se­cur­ing the se­cu­ri­ty flaw and restor­ing nec­es­sary tools and da­ta.

Pub­lic-pri­vate di­a­logue and part­ner­ship: Who does one call? What help should IT ven­dors pro­vide? What role law en­force­ment agen­cies play? What le­gal re­course is avail­able? These ques­tions are prob­lem­at­ic for Caribbean busi­ness­es. Greater col­lab­o­ra­tion be­tween busi­ness­es, law en­force­ment of­fi­cials, acad­e­mia and pol­i­cy­mak­ers is a must. A mul­ti-pronged at­tack needs a mul­ti-faceted de­fense. It is not suf­fi­cient to sim­ply be afraid. Busi­ness­es and users need to be in­formed, be alert and, most im­por­tant­ly, they need to act.

Bevil Wood­ing is the chief knowl­edge of­fi­cer at Con­gress WBN, an in­ter­na­tion­al non-prof­it or­gan­i­sa­tion and an In­ter­net strate­gist with US-re­search firm, Pack­et Clear­ing House.

He is al­so the founder of Bright­Path Foun­da­tion, cre­at­ing Caribbean-fo­cused dig­i­tal con­tent, apps and train­ing pro­grammes.

Twit­ter: @bevil­wood­ing Face­book:

face­book.com/bevil­wood­ing