An­drea Perez-Sobers

Se­nior Re­porter

an­drea.perez-sobers@guardian.co.tt

Cy­ber threats, both in the re­gion and glob­al­ly, are in­creas­ing sub­stan­tial­ly and that is why gov­ern­ment min­istries and com­pa­nies must en­sure that their cy­ber­se­cu­ri­ty mea­sures are up to date and con­fi­den­tial da­ta is pro­tect­ed at all times.

That’s the ad­vice from Anil Per­sad, cy­ber­se­cu­ri­ty and da­ta pri­va­cy leader at Ernest and Young.

Per­sad told Busi­ness Guardian on Tues­day, that there are com­plex­i­ties and in­evitable con­se­quences when it comes to cy­ber­at­tacks, which con­tin­ue to plague the re­gion and T&T in ways that can be be­wil­der­ing to the av­er­age man on the street. Most re­cent­ly, he said a lo­cal telecom­mu­ni­ca­tions provider re­spond­ed to news cir­cu­lat­ing that there was an at­tack on, and breach of, its tech­nol­o­gy sys­tems.

“While there is some un­cer­tain­ty about the event at this time, what is cer­tain is that there is a con­stant bar­rage of cy­ber threats across the globe at­tempt­ing to ex­ploit and in­fil­trate net­works and tech­nolo­gies. Just a few months ago, one of our Gov­ern­ment Min­istries fell vic­tim to an at­tack and was se­vere­ly crip­pled. This type of news ap­pears com­mon­place to­day, and frankly, a sub­stan­tial num­ber of the at­tacks stay un­der the radar as the laws do not en­force dis­clo­sure,” Per­sad dis­closed.

On Mon­day, Telecom­mu­ni­ca­tions Ser­vices of Trinidad and To­ba­go (TSTT) con­firmed that it was a vic­tim of a cy­ber­at­tack on Oc­to­ber 9, but stat­ed there was no loss of cus­tomer da­ta from its data­bas­es, but it re­ject­ed re­ports that it suf­fered loss, ma­nip­u­la­tion or com­pro­mise of cus­tomer da­ta from its data­bas­es.

Over the week­end, Fal­con Feeds, an In­dia-based tech­nol­o­gy se­cu­ri­ty com­pa­ny, re­port­ed on its X so­cial me­dia ac­count that Ran­somExx, a ran­somware group, added TSTT (http://tstt.co.tt) to its vic­tim list. It claimed to have ac­cess to 6GB of or­gan­i­sa­tion da­ta.

One web­site de­scribed Ran­sonExx as a no­to­ri­ous ran­somware group that has car­ried out cy­ber­at­tacks glob­al­ly since 2018. It rose to promi­nence in 2020 af­ter it at­tacked high-pro­file or­gan­i­sa­tions.

Per­sad said in­di­ca­tors sug­gest that there has been an in­crease in cy­ber­at­tacks in Trinidad over the past year.

Shed­ding more light on is­sue, the cy­ber­se­cu­ri­ty ex­pert said the dig­i­tal trou­ble­mak­ers be­hind the cy­ber­at­tacks are typ­i­cal­ly or­gan­ised groups that ply their trade over the in­ter­net (Lock­bit, Con­ti, Lazarus to name a few), who are good at hid­ing their iden­ti­ties, and have fi­nan­cial, so­cial, or po­lit­i­cal mo­tives.

The most pop­u­lar over the past decade, he point­ed out, has cer­tain­ly been ran­somware at­tacks for fi­nan­cial gain.

“In ad­di­tion to break­ing in, tak­ing con­trol, and en­crypt­ing crit­i­cal tech­nol­o­gy sys­tems and mak­ing them un­us­able for the or­gan­i­sa­tion, the at­tack­ers make fi­nan­cial de­mands in ex­change for de­cryp­tion keys. The at­tack­ers al­so threat­en to pub­lish stolen da­ta even af­ter the vic­tim has paid the ran­som.

“While a seem­ing­ly sim­ple busi­ness mod­el, and with the ad­vent of next-gen­er­a­tion se­cu­ri­ty and mon­i­tor­ing tech­nolo­gies in to­day’s world, the process of track­ing and bring­ing these groups and in­di­vid­u­als to jus­tice is ex­treme­ly con­vo­lut­ed, es­pe­cial­ly in this age of dig­i­tal pay­ments, cryp­tocur­ren­cy, anonymi­ty, and the dark­net,” Per­sad re­vealed.

Why is this hap­pen­ing?

The cy­ber­se­cu­ri­ty ex­pert said as tech­nolo­gies and peo­ple evolve to meet the needs of the ever-chang­ing glob­al busi­ness en­vi­ron­ment, the cy­ber world has al­so adapt­ed, at the cost of in­creas­ing­ly com­plex so­lu­tions. The adop­tion of these tools has not been par­al­leled by se­cure prac­tices, and this has left an en­tic­ing and op­por­tunist play­ground for cy­ber-vil­lains.

In many in­stances Per­sad point­ed out that the at­tacks were suc­cess­ful as some em­ploy­ees may have fall­en vic­tim to a so­cial en­gi­neer­ing email, al­low­ing a vir­tu­al per­pe­tra­tor in­to the or­gan­i­sa­tion’s in­ter­nal vir­tu­al en­vi­ron­ment of the busi­ness, and there­after ex­ploit­ing some vul­ner­a­ble or weak sys­tem(s) that would typ­i­cal­ly ex­ist on a cor­po­rate net­work to­day.

“One would as­sume that se­cur­ing/mon­i­tor­ing the sys­tem and ed­u­cat­ing the em­ploy­ee would be an easy fix, but it is eas­i­er said than done. Com­pa­nies to­day have un­doubt­ed­ly raised aware­ness of the need and chan­neled in­vest­ments in­to cy­ber­se­cu­ri­ty, but the ef­forts are not al­ways stacked us­ing the best strate­gies. We see lead­ing se­cu­ri­ty soft­ware be­ing bought by many com­pa­nies, but they are not op­ti­mised,” he re­marked.

Per­sad not­ed that in the ab­sence of a well-tai­lored cy­ber­se­cu­ri­ty pro­gram to de­sign, op­er­ate, mon­i­tor, and con­tin­u­ous­ly im­prove the cy­ber­se­cu­ri­ty pos­ture, com­pa­nies will con­tin­ue to face enor­mous chal­lenges with hav­ing an ad­e­quate re­sponse to cy­ber­at­tacks.

“This is even more top­i­cal for our com­pa­nies with­in Trinidad and To­ba­go to­day, in light of the Cy­ber­se­cu­ri­ty In­vest­ment Tax Al­lowance that is be­ing of­fered in­vest­ments in cy­ber­se­cu­ri­ty soft­ware and net­work se­cu­ri­ty mon­i­tor­ing equip­ment.”

So, what can be done to keep the cy­ber at­tack­ers at bay Per­sad ad­vised that com­pa­nies should not on­ly en­hance their se­cu­ri­ty tech­nol­o­gy en­vi­ron­ment but de­vel­op the abil­i­ty to iden­ti­fy and re­spond to cy­ber­at­tacks with­in the short­est pos­si­ble time­frame via ef­fec­tive op­er­a­tional process­es and clear as­signed re­spon­si­bil­i­ties for its per­son­nel.

“Notwith­stand­ing, if the com­pro­mise does oc­cur, there should be ad­e­quate in­fra­struc­ture, plans, and process­es to get the com­pa­ny back to a good state with­out be­ing at the mer­cy of the at­tack­er,” he added.

Al­so giv­ing in­sight in­to cy­ber­at­tacks was Ter­rence Nichols, in­for­ma­tion se­cu­ri­ty man­ag­er at ANSA McAL Group of Com­pa­nies, who said the trend of the cy­ber­at­tacks has been across mul­ti­ple in­dus­tries such as in­sur­ance, dis­tri­b­u­tion, re­tail, and telecom­mu­ni­ca­tions.

“Email is al­ways a ma­jor con­cern as it is of­ten the source of the at­tacks through phish­ing or mal­ware. At­tack­ers al­so heav­i­ly take ad­van­tage of un­patched vul­ner­a­bil­i­ties in sys­tems.”

Nichols said in the pre­ven­tion of at­tacks email pro­tec­tion is im­por­tant, but there should al­so be a heavy fo­cus on pro­tect­ing iden­ti­ties from com­pro­mise.

“Mul­ti­fac­tor au­then­ti­ca­tion (MFA) should be en­forced by de­fault. There is no sil­ver bul­let but se­cu­ri­ty aware­ness train­ing for em­ploy­ees is al­so es­sen­tial. IT de­part­ments must pay strict at­ten­tion to patch­ing vul­ner­a­bil­i­ties prompt­ly. In­ci­dent re­sponse and back­up and dis­as­ter re­cov­ery ca­pa­bil­i­ties are al­so crit­i­cal for get­ting the busi­ness op­er­a­tional again af­ter a cy­ber­at­tack.

“Pro­tect­ing da­ta re­quires a mul­ti-lay­ered ap­proach and each busi­ness would have its own unique set of chal­lenges. Risk as­sess­ments can help in de­vel­op­ing a strat­e­gy that de­fines the ap­proach based on the ac­tu­al gaps that ex­ist and the spe­cif­ic busi­ness needs,” the in­for­ma­tion se­cu­ri­ty man­ag­er con­clud­ed.

Rise in glob­al cy­ber­at­tacks

Ac­cord­ing to a cy­ber­se­cu­ri­ty re­port by Fortinet in Ju­ly, dur­ing the first half of 2022, there were 137 bil­lion cy­ber-at­tack at­tempts reg­is­tered in Latin Amer­i­ca.

The cy­ber­se­cu­ri­ty so­lu­tions and ser­vices com­pa­ny based in the US said the main type of cy­ber-at­tack was ran­somware at­tempts, which aim to en­crypt a com­pa­ny’s in­for­ma­tion and pro­hib­it sys­tem ac­cess un­til a ran­som is paid.

“These at­tempts dou­bled com­pared to 2021. The re­port iden­ti­fies Mex­i­co as hav­ing the most cy­ber-at­tacks in the re­gion, fol­lowed by Brazil and Colom­bia. This in­crease is not on­ly in num­bers but in so­phis­ti­ca­tion. New vari­ants of this ma­li­cious pro­gram have been cre­at­ed, as well as “ran­somware as a ser­vice” (RaaS), where de­vel­op­ers sell or dis­trib­ute ran­somware to third par­ties (usu­al­ly on the dark web) in ex­change for a per­cent­age of the prof­its,” the com­pa­ny ex­plained.