JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Saturday, February 22, 2025

TSTT hires information security officer to protect network

by

28 days ago
20250125
TSTT CEO Kent Western

TSTT CEO Kent Western

Se­nior Re­porter

rhon­dor.dowlat@guardian.co.tt

TSTT CEO Kent West­ern is as­sur­ing the pub­lic that the com­pa­ny has tak­en de­ci­sive mea­sures to boost its cy­ber­se­cu­ri­ty frame­work fol­low­ing an Oc­to­ber 2023 da­ta breach that ex­posed six gi­ga­bytes of cus­tomer da­ta.

When con­tact­ed yes­ter­day, West­ern said, “Cy­ber­se­cu­ri­ty is now a top pri­or­i­ty at TSTT. We are work­ing tire­less­ly to pro­tect our net­work, our cus­tomers, and our em­ploy­ees.”

The breach, ex­e­cut­ed by the hack­ing group Ran­somExx, saw stolen da­ta up­loaded to the dark web, spark­ing pub­lic out­rage and con­cerns over trans­paren­cy. While TSTT main­tained that the da­ta was out­dat­ed and ac­count­ed for less than one per cent of its to­tal stor­age, the in­ci­dent prompt­ed an in­de­pen­dent in­ves­ti­ga­tion com­mis­sioned by the com­pa­ny’s board of di­rec­tors.

West­ern a vir­tu­al Chief In­for­ma­tion Se­cu­ri­ty Of­fi­cer (vCISO) had since been hired to ad­dress vul­ner­a­bil­i­ties.

“Short­ly af­ter I as­sumed the role of act­ing CEO, we in­tro­duced the vCISO po­si­tion to pro­vide on­go­ing lead­er­ship and con­sul­tan­cy on all mat­ters re­lat­ed to cy­ber­se­cu­ri­ty,” he said.

“This role was specif­i­cal­ly de­signed to iden­ti­fy and mit­i­gate cy­ber risks, strength­en our de­fences, and en­sure com­pli­ance with in­dus­try stan­dards. It’s not just about re­act­ing to in­ci­dents—it’s about be­ing proac­tive and strate­gic.”

He added, “The in­ves­ti­ga­tion in­to the 2023 cy­ber­breach was com­mis­sioned by TSTT’s board of di­rec­tors. The board has re­ceived the re­port and has sub­mit­ted the doc­u­ment to the Ho­n­ourable Min­is­ter of Pub­lic Util­i­ties for his re­view. I am, there­fore, not in a po­si­tion to com­ment.”

To ad­dress the cri­sis, TSTT en­gaged lo­cal cy­ber­se­cu­ri­ty firm Cy­ber­Eye to con­duct a root cause analy­sis and im­ple­ment a stronger cy­ber­se­cu­ri­ty frame­work.

The fi­nal re­port on the breach, pre­pared by in­de­pen­dent in­ves­ti­ga­tors, was sub­mit­ted to Pub­lic Util­i­ties Min­is­ter Mar­vin Gon­za­les on Thurs­day. It de­tails the cir­cum­stances of the breach, its im­pact, and rec­om­men­da­tions to pre­vent fu­ture in­ci­dents.

Min­is­ter Gon­za­les, in a state­ment, ac­knowl­edged the grav­i­ty of the breach, say­ing the re­port would be sent to the Na­tion­al Se­cu­ri­ty Coun­cil and the Joint Se­lect Com­mit­tee of Par­lia­ment for re­view.

Gon­za­les said, “I haven’t re­viewed the re­port as yet. Al­so, I don’t pro­pose to of­fer any pub­lic com­men­tary on the mat­ter. I com­mis­sioned the in­de­pen­dent in­ves­ti­ga­tion and promised that the find­ings would be made pub­lic in the in­ter­est of trans­paren­cy.”

The Com­mu­ni­ca­tions Work­ers’ Union has called for full dis­clo­sure of the re­port.

The fall­out from the breach was sig­nif­i­cant. For­mer CEO Lisa Agard was ter­mi­nat­ed in No­vem­ber 2023, fol­lowed by the de­par­ture of CFO Shi­va Ram­nar­ine. Cor­po­rate com­mu­ni­ca­tions head Khamal Georges re­signed in June 2024.

For­mer TSTT CEO Agard, when con­tact­ed, said, “I haven’t seen it, so I’m not in a po­si­tion to com­ment.” Asked if she’s some­what re­lieved to know that the re­port was hand­ed in to the min­is­ter, Agard replied, “No com­ment.”


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored