Azure Monitor & Application Insight to monitor Infrastructure & Application
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
1. Jamaica:
Vic)m
or
perpetrator
of
cyber
crime
and
intrusions?
INFOSEC
Execu)ve
Breakfast
Kingston,
Jamaica
Ÿ
26
June
2012
2. Cyber
incidents
not
widely
reported
in
the
Caribbean
A
few
possible
excep.ons:
• Tax
Administra.on
of
Jamaica
–
June
2012
• Hacking
of
Trinidad
&
Tobago
Parliament
website
–
April
2012
• Hacking
of
Trinidad
&
Tobago
Ministry
of
Finance
website
–
March
2012
• DDoS
aHack
LIME
Barbados
network
–
March
2012
3. What
do
Caribbean
network
security
experts
think
about
cyber
security
in
the
region?
4. Intrusions
are
highly
prevalent
in
the
Caribbean
• Success
rate
of
aHempts
unknown
• Top
sources
for
threats
–
Russia,
China,
HK
• Organisa.ons
have
a
narrow
view
of
security
• Caribbean
has
not
commiHed
the
necessary
resources
or
effort
to
strengthen
frameworks
• In
addi.on
to
threats
in-‐country,
Caribbean
countries
can
be
used
as
jump-‐off
points
for
aHacks
in
other
countries
6. A
legal
&
enforcement
framework
exists
for
cyber
crime
• Cybercrimes
Act
2010
exists
along
with
a
Cybercrime
Unit
(CCU)
• CCU
can
only
enforce
with
coopera.on
of
vic.ms
and
other
affected
interests
• Unit
has
its
hand
full
tackling
local
crimes
plus
loHo/telemarke.ng
scams
targeted
at
the
US
• LoHo
scams
are
affec.ng
country’s
reputa.on
–
“Beware
876”
campaign
9. CCU
data
doesn’t
tell
us
much
• Incidents
reported
as
cyber
crimes
are
done
according
to
Cybercrimes
Act
• CCU’s
main
goal
is
prosecu.on
• Focus
likely
to
be
incidents
origina.ng
in
Jamaica
• LiHle
or
possibly
no
framework
for
incidents
affec.ng
Jamaicans
but
origina.ng
elsewhere
• Cases
reported
to
CCU
only
a
drop
in
the
bucket
11. Cyber
incidents
can
be
debilita)ng
and
isola)ng
• Majority
of
organisa.ons
are
unaware
that
they
have
been
compromised
• Incidents
cost
organisa.ons
$MM
–
.me,
revenues,
produc.vity,
remedia.on
• Many
organisa.ons
could
be
having
iden.cal
experiences
–
unbeknownst
to
the
other
• Oaen
limited
insight
into
scope
of
incidents
-‐
frequency,
characteris.cs,
paHerns,
possible
solu.ons,
etc.
12. Internally,
we
must
be
beUer
prepared
and
equipped
• Comprehensively
examine
systems,
networks,
equipment
• Strategically
establish
priori.es
&
con.ngencies
• Invest
in
the
con.nual
maintenance
and
update
of
defences
• Exercise
even
greater
vigilance
• Support
staff
training
and
capacity
building
13. We
must
also
be
prepared
to
establish
trust
rela)onships
CERTs/CSIRTs
are
urgently
needed:
• Provide
expert
informa.on
and
support
• Supplement
internal
security
plans/structures
• Increase
awareness
of
incidents
-‐
frequency,
characteris.cs,
commonali.es,
possible
solu.ons,
etc.
• Ensure
that
appropriate
industry
standards
and
prac.ces
are
established