AN­GE­LO JE­DIDI­AH

an­ge­lo.je­didi­ah@guardian.co.tt

With the glob­al uptick in cy­ber se­cu­ri­ty at­tacks and tech­nol­o­gy breach­es, Su­per­no­va Tech­nolo­gies Ltd is pre­pared to ush­er in dig­i­tal trans­for­ma­tion and change cy­ber se­cu­ri­ty im­ple­men­ta­tion across the re­gion.

The in­for­ma­tion tech­nol­o­gy ser­vice provider host­ed a Cy­ber Se­cu­ri­ty Road­show at Brix, The Au­to­graph Col­lec­tion, Port-of-Spain last week that at­tract­ed var­i­ous tech­nol­o­gy com­pa­nies, pro­mot­ing the theme: Get Cy­ber Smart.

Ac­cord­ing to Su­per­no­va Tech­nolo­gies’ CEO Nir­van Ben­i­mad­ho, the com­mon goal of the event was for tech­nol­o­gy com­pa­nies to show­case their prod­ucts and ser­vices that cater to the fight against the rise in what he de­scribes as ‘dig­i­tal war­fare.’

“We con­sid­er our­selves to be a dig­i­tal ag­gre­ga­tor. We sup­ply hard­ware-soft­ware so­lu­tions and smart build­ing in­fra­struc­ture. But the newest suite of ser­vices that we have in­tro­duced is cy­ber­se­cu­ri­ty. And that is be­cause we be­lieve that the Caribbean mar­ket is ripe for da­ta pro­tec­tion and dig­i­tal in­fra­struc­ture. As you guys are aware there is so much that could be im­proved,” Ben­i­mad­ho said.

Ben­i­mad­ho pos­sess­es a dec­o­rat­ed back­ground in both law and busi­ness man­age­ment. But as a new CEO in the tech­nol­o­gy space, Ben­i­mad­ho is con­fi­dent that Su­per­no­va Tech­nolo­gies will con­tin­ue be­ing sought af­ter for the “cut­ting edge soft­ware and top tier hard­ware ar­chi­tec­ture and sup­port” that they of­fer.

“There have been many cor­po­ra­tions in Trinidad that have been at­tacked and had cy­ber scares. And we be­lieve that be­ing proac­tive is ex­treme­ly im­por­tant. That is why we want to put for­ward so­lu­tions. We don’t just want to com­plain…we want to say this is what can be done,” he said.

Ear­li­er this year, the T&T Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team not­ed that there has been a sig­nif­i­cant in­crease in ma­li­cious cy­ber ac­tiv­i­ty and ran­somware at­tacks, tar­get­ing lo­cal or­gan­i­sa­tions and busi­ness­es.

“It’s not a ques­tion as to whether busi­ness­es want to do it. It’s a ques­tion of when they’re go­ing to do it. And our rec­om­men­da­tion is, why wait un­til you have a cy­ber at­tack,” Ben­i­mad­ho added.

In April, Massy Stores fell vic­tim to a ran­somware at­tack, crip­pling op­er­a­tions of the lo­cal su­per­mar­ket chain. It was re­port­ed that over 700,000 cor­po­rate files be­long­ing to the su­per­mar­ket gi­ant were il­le­gal­ly ac­cessed, rank­ing the in­ci­dent by a cy­ber­se­cu­ri­ty ex­pert as “the largest Caribbean da­ta breach dump to date.”

Last week Massy Stores’ CEO Rox­ane de Fre­itas said, “That ob­vi­ous­ly was not a good thing for us. We are very dis­ap­point­ed about what hap­pened how­ev­er we con­tin­ue to man­age through the sit­u­a­tion. What we can say is that cus­tomer in­for­ma­tion was not...we don’t keep that so none of that was re­leased or re­vealed and our sys­tems are back up and run­ning, and we are safe again.”

The gov­ern­ment of Cos­ta Ri­ca was over­tak­en by hack­ers ear­li­er this year al­so, that took con­trol of the com­put­er sys­tem of the coun­try’s fi­nance min­istry de­mand­ing US$10 mil­lion. Not will­ing to meet the de­mands of the hack­ers, 30 more gov­ern­ment agen­cies were at­tacked. The Cos­ta Ri­can gov­ern­ment was fur­ther crip­pled a few months lat­er by an­oth­er cy­ber-at­tack.

Ac­cord­ing to Ben­i­mad­ho, these past in­ci­dents are re­minders that these types of threats and at­tacks ex­ist and can oc­cur suc­cess­ful­ly on a large scale, which is why Su­per­no­va Tech­nolo­gies con­tin­ues on­go­ing con­ver­sa­tions with var­i­ous lo­cal gov­ern­ment min­istries.

“We be­lieve that as cor­po­rate cit­i­zens as well, it’s not just the gov­ern­ment’s re­spon­si­bil­i­ty. Yes, the gov­ern­ment is im­por­tant for leg­is­la­tion and in­fra­struc­ture, but the pri­vate sec­tor al­so has a re­spon­si­bil­i­ty to so­ci­ety at large, to dri­ve change and in­no­va­tion,” he said.

In at­ten­dance at the event were glob­al tech­nol­o­gy com­pa­nies and cy­ber se­cu­ri­ty spe­cial­ists that have part­nered with Su­per­no­va Tech­nolo­gies, cov­er­ing var­i­ous as­pects of the dig­i­tal and tech­no­log­i­cal space.

In an in­ter­view with Guardian Me­dia, Ce­quence Se­cu­ri­ty re­gion­al sales man­ag­er, Cortne Pap­pas made an im­por­tant call, “don’t trust your emails.”

From work­ing at Ce­quence Se­cu­ri­ty, he said that many com­pa­nies con­tact him to en­sure their net­work in­fra­struc­ture is up to date. He point­ed out that has be­come very im­por­tant that peo­ple, es­pe­cial­ly those of the younger de­mo­graph­ic, should not trust their Ap­ple and An­droid de­vices.

“So as ap­pli­ca­tions grow and the apps grow, there are more op­por­tu­ni­ties for bad peo­ple, threat ac­tors, crim­i­nals to com­pro­mise those apps and get your per­son­al in­for­ma­tion and go on the dark web and sell that in­for­ma­tion,” Pap­pas said.

Ac­cord­ing to Er­ic An­der­son, of Sym­bol Se­cu­ri­ty, 95 per cent of da­ta breach­es start with hu­man er­ror or so­cial en­gi­neer­ing, which he claims can be sig­nif­i­cant­ly re­duced through ed­u­ca­tion and aware­ness train­ing, both in the state and pri­vate sec­tor. A ‘well-cu­rat­ed cy­ber aware­ness pro­gram’ he says, can re­duce the risk to the or­gan­i­sa­tion by 60-70 per cent in the first year

“Nine and a half out of ten times, it’s just some­body who is duped by an email or some­thing that looked le­git­i­mate and they clicked on the wrong thing and they put their com­pa­ny at risk. With se­cu­ri­ty aware­ness train­ing and phish­ing sim­u­la­tion, ed­u­ca­tion is key and keeps peo­ple vig­i­lant in what they do every day around un­der­stand­ing po­ten­tial risks in the or­gan­i­sa­tion,” he said.

Through­out the event, it re­mained con­stant that cy­ber se­cu­ri­ty aware­ness is not on­ly for cor­po­ra­tions or busi­ness­es, but should be for any­one that us­es any form of tech­nol­o­gy. IG Tech­nolo­gies CEO, Iris Gar­cia be­lieves oth­er mea­sures such as hav­ing da­ta back­up, can lessen the neg­a­tive im­pact of a po­ten­tial cy­ber se­cu­ri­ty risk oc­curs.

“It is very im­por­tant to back up your da­ta, es­pe­cial­ly be­cause you nev­er know who can hack in­to it right? Now hack­ers don’t care, they are go­ing to come af­ter you for $50, $1,000 or even more,” Gar­cia said.

“If some­thing were to hap­pen, you should al­ways have that back­up so you don’t have to go and pay them. Most im­por­tant­ly, when you do that back over the da­ta, please do it out­side of your busi­ness, right?

“Make sure that you back it up in a da­ta cen­tre or even we rec­om­mend even hav­ing one on a hard dri­ve. But take that hard dri­ve away from your of­fice.”