JaCIRT: Jamaica’s cyber security vulnerable
Published:Thursday | September 7, 2023 | 12:24 AM
To access this article in full please login or register today
A “SIGNIFICANT amount of inertia” in generating a culture of cyber hygiene has left Jamaica’s cyber security vulnerable, head of the Jamaica Cyber Incident Response Team (JaCIRT) Lieutenant Colonel Godphey Sterling has said. His assessment comes...
A “SIGNIFICANT amount of inertia” in generating a culture of cyber hygiene has left Jamaica’s cyber security vulnerable, head of the Jamaica Cyber Incident Response Team (JaCIRT) Lieutenant Colonel Godphey Sterling has said.
His assessment comes amid yesterday’s cyber attack on the Financial Services Commission’s systems.
The Financial Services Commission (FSC) did not indicate the nature of the attack but said in a statement that all efforts were being made to protect personal information and data.
The FSC is the state agency responsible for regulating and supervising non-deposit-taking financial institutions.
“With respect to bodies corporate, probably one of the biggest challenges remains unmitigated vulnerabilities, and these vulnerabilities can be exploited by cyber attackers as well as by the malicious or inadvertent actions of employees,” Sterling told The Gleaner yesterday.
“The fact that these vulnerabilities, some dating from as far back as 2014, continue to linger on corporate networks in Jamaica. that remains probably the biggest challenge,” he added.
Sterling said that there has been significant investment over the last three to five years in the Government’s capacity to respond to cyber incidents.
He said that JaCirt and the Major Organised Crime & Anti-Corruption Agency have been investigating the matter since it was reported and will remain on the case until both entities can provide “cogent steps on the way forward”.
He said bodies corporate must ensure that the recommendations of cyber security experts are adopted.
He said if the status of their cyber security is unknown, a vulnerability assessment must be done “so they can appreciate how their posture is both from the outside ,for example, the vulnerability to their Internet-facing resources, and from the inside, the vulnerability to malicious or inadvertent acts by employees”.
“If they do not appreciate what their digital assets are then they need to have that audit done. It’s impossible to secure everything, and so with limited resources, one has to really prioritise, and that priority is going to come from what your digital assets are and what the business-impact assessment will tell you in terms of the vulnerability and the potential for exploitation and the risk to your business process as well as your stakeholders, employees, clients suppliers, or partners,” Sterling said.
No hack-free system
He said that the lesson to be taken from the cyber attack on the FSC and others is that there is no hack-free system or any that is 100 per cent secure.
“The boardroom needs to now begin to appreciate that cyber security and information technology are not the same things. Information technology are the resources that you have to manage your digital assets. Cyber security is how you secure them,” he said while adding that the human element “is always going to be a big challenge” in maintaining secure infrastructure.
He said training, awareness, and buy-in of clients and employees are critical in maintaining a certain level of security posture to mitigate the eventuality and shorten the return to operational functionality.