Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Upcoming SlideShare
Loading in...5
×
 

Jamaica: victim or perpetrator of cyber crime and intrusions (final)

on

  • 998 views

Presentation given at the Paladion seminar, “Scaling up Security Management for Newer Threats”, on 26 June 2012 in Kingston, Jamaica

Presentation given at the Paladion seminar, “Scaling up Security Management for Newer Threats”, on 26 June 2012 in Kingston, Jamaica

Statistics

Views

Total Views
998
Views on SlideShare
728
Embed Views
270

Actions

Likes
0
Downloads
6
Comments
0

1 Embed 270

http://www.ict-pulse.com 270

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Jamaica: victim or perpetrator of cyber crime and intrusions (final) Jamaica: victim or perpetrator of cyber crime and intrusions (final) Presentation Transcript

  • Jamaica:  Vic)m  or  perpetrator  of  cyber  crime  and  intrusions?   INFOSEC  Execu)ve  Breakfast     Kingston,  Jamaica    Ÿ    26  June  2012  
  • Cyber  incidents  not  widely  reported   in  the  Caribbean  A  few  possible  excep.ons:  •  Tax  Administra.on  of  Jamaica  –  June  2012  •  Hacking  of  Trinidad  &  Tobago  Parliament   website  –  April  2012  •  Hacking  of  Trinidad  &  Tobago  Ministry  of   Finance  website  –  March  2012  •  DDoS  aHack  LIME  Barbados  network  –  March   2012  
  • What  do  Caribbean  network  security  experts  think  about  cyber  security  in   the  region?  
  • Intrusions  are  highly  prevalent  in  the   Caribbean  •  Success  rate  of  aHempts  unknown  •  Top  sources  for  threats  –  Russia,  China,  HK  •  Organisa.ons  have  a  narrow  view  of  security  •  Caribbean  has  not  commiHed  the  necessary   resources  or  effort  to  strengthen  frameworks  •  In  addi.on  to  threats  in-­‐country,  Caribbean   countries  can  be  used  as  jump-­‐off  points  for   aHacks  in  other  countries  
  • What  is  the  situa)on  in  Jamaica?  
  • A  legal  &  enforcement  framework     exists  for  cyber  crime  •  Cybercrimes  Act  2010  exists  along  with  a   Cybercrime  Unit  (CCU)  •  CCU  can  only  enforce  with  coopera.on  of   vic.ms  and  other  affected  interests  •  Unit  has  its  hand  full  tackling  local  crimes  plus   loHo/telemarke.ng  scams  targeted  at  the  US  •  LoHo  scams  are  affec.ng  country’s  reputa.on   –  “Beware  876”  campaign  
  • CCU  tackled  32  cases  in  2011  
  • So  far,  Jan—May  2012:  26  cases  
  • CCU  data  doesn’t  tell  us  much  •  Incidents  reported  as  cyber  crimes  are  done   according  to  Cybercrimes  Act  •  CCU’s  main  goal  is  prosecu.on  •  Focus  likely  to  be  incidents  origina.ng  in   Jamaica  •  LiHle  or  possibly  no  framework  for  incidents   affec.ng  Jamaicans  but  origina.ng  elsewhere  •  Cases  reported  to  CCU  only  a  drop  in  the   bucket    
  • How  can  we  stem  the  )de?  
  • Cyber  incidents  can  be     debilita)ng  and  isola)ng  •  Majority  of  organisa.ons  are  unaware  that   they  have  been  compromised  •  Incidents  cost  organisa.ons  $MM  –  .me,   revenues,  produc.vity,  remedia.on  •  Many  organisa.ons  could  be  having  iden.cal   experiences  –  unbeknownst  to  the  other  •  Oaen  limited  insight  into  scope  of  incidents  -­‐     frequency,  characteris.cs,  paHerns,  possible   solu.ons,  etc.  
  • Internally,  we  must  be  beUer   prepared  and  equipped  •  Comprehensively  examine  systems,  networks,   equipment  •  Strategically  establish  priori.es  &   con.ngencies  •  Invest  in  the  con.nual  maintenance  and   update  of  defences  •  Exercise  even  greater  vigilance    •  Support  staff  training  and  capacity  building  
  • We  must  also  be  prepared  to   establish  trust  rela)onships  CERTs/CSIRTs  are  urgently  needed:  •  Provide  expert  informa.on  and  support  •  Supplement  internal  security  plans/structures    •  Increase  awareness  of  incidents  -­‐  frequency,   characteris.cs,  commonali.es,  possible   solu.ons,  etc.  •  Ensure  that  appropriate  industry  standards   and  prac.ces  are  established  
  •   Thank  you!   Michele  Marius   Blog:    ict-­‐pulse.com  FB:  facebook.com/ICTPulse   TwiHer:  @ictpulse  
  • Image  credits  •  Stethoscope:  dreams  designs  /  FreeDigitalPhotos.net,   hHp://www.freedigitalphotos.net/images/view_photog.php?photogid=1449  •  Binocular  image:  Ntwowe  /  FreeDigitalPhotos.net,   hHp://www.freedigitalphotos.net/images/view_photog.php?photogid=2043    •  Hermosa  Wave  image:  watch4u  /  flickr,  hHp://www.flickr.com/photos/look4u/