You would have to be stuck on an island with no internet connection to not be aware of cybersecurity issues in the news. But just in case, here is a recap of what is noteworthy:
In May, the WannaCry ransomware infected an estimated 230,000 systems in more than 150 countries. Technology vendors reacted with patches, updates and other mechanisms to detect and prevent further spread of the threat. More recently, in June, a variant of the Petya ransomware, Notpetya, started making the rounds of the internet. Initial assessments suggested that Notpetya was simply more ransomware but evidence emerged indicating that Notpetya was actually a cyberweapon designed to take down the infected systems.
And, in very local news, very well crafted and formatted emails purporting to come from several Cayman companies, were being circulated. The bad guys even compromised the websites and domains of other Cayman companies in their efforts. If you wait a few more days, there will be more cybercrime in the news.
Cybercrime is big business
While there are many kinds of cyberthreats, such as data theft, website defacement and hactivism, ransomware remains the poster child for the cybercrime industry due to its immense popularity and success. We need to face the reality that cybercrime is a very big business. Like any business, they need to be profitable to survive. Cybercrime is not just surviving but is a thriving industry with ransomware reaping an estimated $1 billion in 2016. If no one paid the ransoms, the business model would fail. Clearly, people are paying the ransoms.
So, you might think that cybercrime is alive and well in Cayman, but instead, recognize that Cayman is actively being targeted by cybercriminals. They have done their research and carefully copied the email templates and crafted the language in reasonable and unbroken English. Now that we know we’re actively being targeted and that bad things are constantly happening, what can we do about it?
I’m not going to bore you with yet another discourse on having board-level investment in cybersecurity or having cybersecurity policies. You can Google that for yourselves or just talk to an IT auditor. Instead, I would like to offer you some practical guidance for you and your organizations.
Moving with the times
“Best practices,” in reality, is a marketing buzzword. Instead, I like to borrow a term from Gartner: “useful practices.” These are processes or practices that the leaders in the field are implementing today, and generally lead to useful results with cost effectiveness.
Let us start by accepting that firewalls, antivirus, web and email systems are insufficient. Firewalls and antivirus tools were invented over 25 years ago to address problems from 25 years ago. Just as we cannot expect a delivery service today to run on horse and carriage, we cannot expect yesterday’s tools to protect against tomorrow’s or even today’s threats.
You can be sure that in every headlining breach or attack, every one of those organizations had those tools in place, and yet they were still impacted. Insanity is doing the same thing over and over and expecting a different result. Please, let’s stop the insanity!
Organizations should look to invest in complementary and advanced tools. IT or cybersecurity staff are collectively groaning at this point thinking great, more things to manage. This is key. It is possible to not only provide additional layers of security, but do so in a way that is easy to use, can save time and reduce work.
Look for terms like “automation,” “Artificial Intelligence,” “machine learning” and “mathematics. Do not just believe the sales and marketing hype either. Take the time to evaluate and test these in your organization. You have little to lose and everything to gain. These tools can be endpoint, network or cloud-based. Partnering with a cybersecurity service provider for these tools is cost effective and beneficial, due to collaborative nature of service providers.
Answer key questions
Compliance does NOT equal security. Compliance is more about doing your defined job correctly. The real question is: are you doing the right job? An organization that can accurately and consistently answer the following questions will be in a very good position to address cybersecurity issues and concerns.
What or who is connected to your organization?
What applications or processes are running in your organization?
Who has administrative rights?
How are you continuously monitoring your organization?
How are your tools working together to correlate, integrate and automate threat detection/prevention/containment?
Accept that every organization will suffer a breach or significant cybersecurity event sooner or later. Short of gross negligence, it isn’t going to be anyone’s fault – it just is. As a potential customer of said organization, I accept that. However, I would want assurance that the event was quickly detected, contained and mitigated. It is paramount to learn from the event to help prevent a similar recurrence. Ensuring cybersecurity staff/groups/teams are regularly informed and stay abreast of the industry trends is the key here.
Seek local and regional networking opportunities for cybersecurity. This can be at levels such as board members developing policies or technical means for security staff to interact with peers. Perhaps the most important networking aspect is for threat sharing. Obviously, most organizations cannot disclose details about a breach or tools employed, but there is a middle ground somewhere. This is often through a trusted third party such as common cybersecurity provider. It may be simply a matter of allowing the transmission of a new malware file or phishing email/url. The more people know about a threat, the better the chances of prevention. An ounce of prevention is worth a pound of cure.
Lastly, you will note that I have always used the term cybersecurity and not IT or network security. Cybersecurity is only partially an IT issue. It is first and foremost a business issue but also falls under human resources, training, legal, public relations, marketing and yes, compliance. Cybersecurity, part of information security, is its own discipline. While seemingly a trivial detail, it is an important one and change has to start somewhere. Why not have it start with the readers of The Journal.
Sean Slattery is founder and CTO of Caribbean Solutions Lab, a cybersecurity service provider that helps businesses throughout the Caribbean and North America to defend and protect themselves from cyber threats. Based in Cayman for nearly 20 years, Slattery has spent the last nine years focused on cybersecurity, holds a U.S. government secret security clearance, is an FBI Infragard member and regularly delivers cybersecurity presentations.