Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: Vic)m or perpetrator of cyber crime and intrusions? INFOSEC Execu)ve Breakfast Kingston, Jamaica 26 June 2012
Cyber incidents not widely reported in the Caribbean A few possible excep.ons: • Tax Administra.on of Jamaica – June 2012 • Hacking of Trinidad & Tobago Parliament website – April 2012 • Hacking of Trinidad & Tobago Ministry of Finance website – March 2012 • DDoS aHack LIME Barbados network – March 2012
What do Caribbean network security experts think about cyber security in the region?
Intrusions are highly prevalent in the Caribbean • Success rate of aHempts unknown • Top sources for threats – Russia, China, HK • Organisa.ons have a narrow view of security • Caribbean has not commiHed the necessary resources or eﬀort to strengthen frameworks • In addi.on to threats in-‐country, Caribbean countries can be used as jump-‐oﬀ points for aHacks in other countries
A legal & enforcement framework exists for cyber crime • Cybercrimes Act 2010 exists along with a Cybercrime Unit (CCU) • CCU can only enforce with coopera.on of vic.ms and other aﬀected interests • Unit has its hand full tackling local crimes plus loHo/telemarke.ng scams targeted at the US • LoHo scams are aﬀec.ng country’s reputa.on – “Beware 876” campaign
CCU data doesn’t tell us much • Incidents reported as cyber crimes are done according to Cybercrimes Act • CCU’s main goal is prosecu.on • Focus likely to be incidents origina.ng in Jamaica • LiHle or possibly no framework for incidents aﬀec.ng Jamaicans but origina.ng elsewhere • Cases reported to CCU only a drop in the bucket
Cyber incidents can be debilita)ng and isola)ng • Majority of organisa.ons are unaware that they have been compromised • Incidents cost organisa.ons $MM – .me, revenues, produc.vity, remedia.on • Many organisa.ons could be having iden.cal experiences – unbeknownst to the other • Oaen limited insight into scope of incidents -‐ frequency, characteris.cs, paHerns, possible solu.ons, etc.
Internally, we must be beUer prepared and equipped • Comprehensively examine systems, networks, equipment • Strategically establish priori.es & con.ngencies • Invest in the con.nual maintenance and update of defences • Exercise even greater vigilance • Support staﬀ training and capacity building
We must also be prepared to establish trust rela)onships CERTs/CSIRTs are urgently needed: • Provide expert informa.on and support • Supplement internal security plans/structures • Increase awareness of incidents -‐ frequency, characteris.cs, commonali.es, possible solu.ons, etc. • Ensure that appropriate industry standards and prac.ces are established