Cybersecurity: Risks, Progress and the Way Forward in Latin America & the Caribbean

I will be chairing this Global Cyber Forum on 21 October 2020, where we will be discussing the state of cybersecurity capacities and capabilities across the Caribbean region.

Our speaker will be Kerry-Ann Barrett, Cybersecurity Policy Specialist at the Organization of American States (OAS), where she offers technical assistance to Member States in the development and implementation of their national cyber security strategies as well as assists in the implementation of various technical projects with the OAS Cybersecurity Program.

The overall basis for the session will be the 2020 Cybersecurity Report prepared by the Inter-American Development Bank (IDB), Organization of American States (OAS), and the Global Cyber Security Capacity Centre, University of Oxford. Our discussions will focus on the progress made thus far across the Caribbean, and what steps are necessary to move to the next level, including key areas such as national cybersecurity strategies, related action plans, or other cybersecurity capacity-building programs.

Tune in for what will be an engaging and informative session!

Internet Infrastructure Security Guidelines for Africa

To facilitate implementation of the Convention, the African Union Commission (AUC) asked the Internet Society (ISOC) to jointly develop the Internet Infrastructure Security Guidelines for Africa. The Guidelines were created with contributions from regional and global Internet infrastructure security experts, government and CERT representatives, and network and ccTLD DNS operators. As one of the cybersecurity experts involved in the development of these Guidelines, I am proud and deeply humbled to have made a contribution.

The Guidelines emphasize the importance of the multistakeholder model and a collaborative security approach in protecting Internet infrastructure. The Guidelines put forward four essential principles of Internet infrastructure security: Awareness, Responsibility, Cooperation, and adherence to Fundamental Rights and Internet Properties.

These critical actions are tailored to the African cybersecurity environment’s unique features: a shortage of skilled human resources; limited resources (including financial) for governments and organizations to allocate for cyber security; limited levels of awareness of cyber security issues among stakeholders; and a general lack of awareness of the risks involved in the use of information and communication technologies (ICTs).

Only with ongoing multistakeholder efforts from the African Internet community can the continent overcome its challenges, embrace its opportunities, and become an Internet world leader.

6 Tips for Protecting Against Ransomware

The Internet Society has been closely monitoring the ransomware cyber-attacks that have been occurring over the last couple of days. The malware, which has gone by multiple names, including WannaCry, WannaDecryptor, and WannaCrypt, exploits a flaw in Microsoft Windows that was first reportedly discovered by the National Security Agency (NSA). A group of hackers leaked the code for exploiting this vulnerability earlier this year, and a fix or patch was available as far back as March 2017. Since Friday, 200,000 computers in 150 countries have been compromised using this exploit. The numbers are expected to grow exponentially as people settle back into their work routines and regular use of computer systems this week. As part of our continuing work in online trust and security, there are some key takeaways from this incident that we want to leave with our community.

Firstly, we want to highlight the extremely negative effects which government stockpiling of vulnerabilities and zero day attacks has on the overall security of the Internet. With over 60 countries known to be developing growing arsenals of cyber weapons, and with many of these exploits leaking into the public domain, the potential for widespread damage is a massive cause for concern. The impact is not only economic in terms of financial loss, but social in terms of how it impacts end user trust, and most importantly human in terms of loss of life (especially given that ransomware attacks have been focusing on hospitals). And with critical infrastructure like power plants, dams, and transportation systems being targeted in nation state cyber offensives, the threat to human life increases exponentially.

Secondly, it would appear that some hospitals are easy targets for ransomware attackers. Their systems house data that is critical to patient care and management, and many of these institutions don’t have the IT resources to support critical process areas like vulnerability management, patch management, business continuity management, etc. In general, hospitals are also now adapting to digital realities and a number of them are playing catchup with regards to cyber readiness. However, the aforementioned challenges are not unique to hospitals, and are faced by many small and medium enterprises (SMEs), and in several instances, large corporations. Individual users are also targeted based on their generally poor Internet hygiene or lack of security awareness.

We want to take this opportunity to emphasize the importance of good online security practices when accessing the Internet. So here are 6 basic tips for protecting against ransomware:

1. Employ strong, multi-layered endpoint security – Using endpoint security that can protect web browsing, control outbound traffic, protect system settings, proactively stop phishing attacks and continuously monitor for anomalous system behavior will allow for better protection of servers, laptops, tablets, and mobile devices.

2. Maintain regular backups of your critical data – Backups can help you to protect your data from more than just ransomware. Other risk events such as malware, theft, fire, flood or accidental deletion can all render your data unavailable. Be certain to encrypt your backed-up data so it can be effectively restored. Backups should also be stored at an offsite location isolated from the local network.

3. Do not open unsolicited emails or messages from unknown senders – Many ransomware variants are distributed through phishing attacks or email attachments. Increased mindfulness when handling ‘suspect’ emails can be effective in combating ransomware.

4. Patch your systems regularly – Patching your systems for vulnerabilities reduces the opportunities for hackers to infect you with ransomware. The fact that a patch was available for the WannaCrypt vulnerability since March highlights the somewhat lax attitude by organizations and individuals to keeping their system patches up to date. That being said, patch management is a complex activity and can impact the availability of key systems. Hence, thorough testing must be conducted to avoid unplanned downtime.

5. Disable macros if possible – Many forms of ransomware are distributed in Microsoft Office documents that attempt to trick users into enabling macros. There are a number of tools available that can limit to functionality of macros my preventing them from being enabled on files downloaded from the Internet.

6. Be aware and vigilant – For individuals, don’t assume that only techies need to know about all the recent malware and trends in online attacks. Subscribe to mailing lists that provide information on common vulnerabilities and exposures. In the case of organizations, developing an information security awareness program is an integral part of improving overall security posture.

Finally, we want to touch on the important work being done by the Online Trust Alliance (OTA), the Internet Society’s newest initiative. The OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, ethical privacy practices and data stewardship. With regards to preventing ransomware attacks, OTA has developed a number of industry best practices that address key threat areas such as email authentication and incident response. These are as follows:

Email Authentication: https://otalliance.org/resources/email-security

Domain-based Message Authentication, Reporting & Conformance (DMARC):https://otalliance.org/dmarc

Cyber Incident & Breach Response: https://otalliance.org/resources/cyber-incident-breach-response

Additional OTA best practices, resources and guidance to help enhance online safety, data security, privacy and brand protection can be found here.

The Spam Toolkit developed by the Internet Society also provides some guidance on addressing online threats.

The Internet Society is committed to the enhancement of online trust, and our work along this vein spans multiple areas. Our goal is to continue to provide our individual members, organizational members, chapters, partners, and other constituents with timely and relevant information and resources that equip and empower them to act.

My original blog article was published on the Internet Society website at: http://bit.ly/2qMuQ4U

Internet Infrastructure Security in Africa

The Internet is becoming critical infrastructure for Africa. Across the continent, Africans increasingly depend on the Internet to communicate, socialize, and most importantly to conduct their day-to-day jobs and activities. A major outage of the Internet infrastructure is a prevailing fear for network operators, governments and users alike. But, has Africa secured its Internet Infrastructure?

I just finished participating in a panel discussion titled ‘Internet Infrastructure Security in Africa’ at the African Internet Summit (AIS) in Gaborone, Botswana. We sought to identify the major security challenges facing the Internet infrastructure driving Africa’s digital economies. This panel is a precursor to my participation in developing guidelines that will serve African countries in their efforts to protect their Internet Infrastructure from present and future threats.

My speaking points were specifically about existing mechanisms to combat various threats, and the cooperation between key stakeholders to defend their organizations/countries from and ever changing threat landscape. I also described what types of structures were needed at the national and regional level based on best practices from around the world.

ICT PULSE: Cyber Threats and Security in the Caribbean 2016 Update – Interview with Niel Harper

cyber security

ICT Pulse: Niel, it has been two years since our last Expert Insights Series, give us a quick recap of what have been the most prevalent incidents in Barbados and/or in the Caribbean region since 2014?

Niel Harper: Over the last 2 years, various government web sites in Barbados have been compromised and defaced by hackers. Websites included the Barbados Government Information Service (BGIS), Barbados Stock Exchange (BSE), Barbados Revenue Authority (BRA), Royal Barbados Police Force, and the Barbados Supreme Court, to name a few. Private websites such as the Barbados Advocate were hacked as well. There are still no data protection laws in the country, so due to absence of mandatory breach notifications, the few reported incidents are only the tip of the iceberg.

The prevalence of ATM skimming attacks have also increased. However, because the marketplace is dominated by mostly Canadian banks, Sarbanes-Oxley regulatory requirements have led to stronger controls, and many of the skimming attacks have resulted in arrests.

In the wider Caribbean, there have been similar trends of government websites being compromised. A number of organizations in St. Vincent, Grenada, St. Kitts & Nevis and other countries have been subject to malicious online attacks. One of the major commonalities across the region is that organizations with limited resources and untrained personnel have been the targets of successful attacks. This is a key reason why capacity building is critical to improving the region’s overall cyber response capabilities.

ICTP: How has the threat landscape changed over the past two years? Are there any particular areas of concern that you have for Caribbean organizations?

NH: The smartphone footprint continues to grow and with it the attack surface of mobile devices. That being said, many device manufacturers are focusing their efforts on enhanced security as a product differentiator. Still, end user education is necessary as an additional layer of protection against malicious threats.

Given the increased hardening of operating systems and applications, attackers are focusing on areas lower down the ‘stack’ such as BIOS, firmware, and graphics chipsets. Controls such as boot security, trusted execution, and active memory protecting are making these attacks more difficult, but I expect these types of threat vectors to increase.

Newer technologies such as IoT (Internet of Things), M2M (machine-to-machine) communication, Network Functions Virtualization (NFV), and Software Defined Networks (SDN) are growing in terms of their deployment base. But this also introduces significant challenges in terms of security: single points of failure, open source software, and complexity. The fact that commonly used items such as televisions, refrigerators, and even automobiles, are now accessible through the Internet has vastly changed the threat landscape, and should force manufacturers and end users alike to focus more on cybersecurity.

The explosion of cloud computing, the increasing popularity of crypto-currencies, and the emergence of mobile payments (e.g. Apple Pay, Google Wallet, etc.) are also areas for concern with regard to an expanding threat surface.

All of these areas are of particular concerns for Caribbean organizations, especially those who are seeking to be on the cutting edge […]

The entire interview can be found on the ICT Pulse website at: http://bit.ly/1T9iMQv