Cybersecurity

first_imgDear Editor,Permit me a space in your publication to highlight some of the perils which both private and public organisations in developing countries such as Guyana face on a daily basis.The threats referred to are those which are birthed from our dependence on the technological platforms which are designed to allow for, inter alia, structured communication; targeted marketing of products and services; archiving and reporting on information critical to executive-level decisions; and overall enhancement of business processes which are intended to promote efficiency and efficacy at key levels.More recently, on 6th Feb, 2019, the Guyana Power & Light Inc. (GPL), through a press release, informed of a “cyber-attack on the Company’s computerized systems”, which affected their Customer Information System. The statement further alluded to the request of a “ransom of bitcoins (digital money) to remove all encryptions from within its network”.While the GPL Information Systems team should be commended for their quick response, for initiating a quarantine to prevent propagation, and for invoking the disaster recovery mechanisms to restore the systems in a timely manner, I am of the view that such a threat should never have occurred in the first place.The issue here is that of ransomware, which occurs when a network of systems is penetrated by one of a myriad of various ways, to introduce a virus which propagates across that network insofar as it is able, and accesses files and performs an encryption on them. In simple terms, the only way to regain control of those files is through the decryption process, which requires a decryption key.Due to its difficulty in traceability, perpetrators of ransomware attacks promise the decryption keys in exchange for digital currency, such as bitcoins.In January 2017, the Guyana Water Inc. suffered a similar attack, which resulted in downtime of services. It should be noteworthy to mention also that the Guyana National Computer Incident Response Team (GN-CIRT), in May of that very year, issued a cybersecurity alert warning of the “Wanna Cry” ransomware, which exploited a vulnerability in the Windows Operating System. That vulnerability has since been patched.The Symantec Internet Security Threat Report (https://resource.elq.symantec.com/LP=6819 – Feb. 2019) reveals that worldwide ransomware attacks were down 20 per cent during 2018, as opposed to 2017, when enterprise ransomware attacks had surged 12 per cent. This indicates a revolution in cryptovirology, which is intended to target more advanced infrastructure rather than the regular “mom and pop shops”.In 2018, the report referenced the “chief ransomware distribution method” as being targeted email campaigns exploited due to dependence on the use of email.In my experience, and through studies, most ransomware attacks are as a result of some form of negligence on the part of network administrators, whether directly failing to implement security and alerting platforms, or indirectly, through the inadequacies of their systems. The ever-evolving threat-landscape must be constantly analysed, and actions taken insofar as those are affordable to organisations across the spectrum.Organisations and companies are urged to invest significantly in ensuring that their IT personnel are trained, and implement mechanisms which constantly keep security best practices in check. The importance of the formulation of a detailed Disaster Recovery Plan (DRP) should be as a result of careful studies of both the internal and external dynamics of any organisation, big or small, public or private. Brainstorming sessions intended to identify all risks and possible mitigative measures can also be of great utility to the formulation of a DRP.IT administrators are further urged to assess the risk at every level of staff (from the customer service representatives straight up to executive management, and specifically IT personnel and the systems which they interact with) to ensure coverage and implementation of usage policies.Regards,Aneal Giddingslast_img read more

FIU Introduces Measures to Curtail Illegal Entry of Money

first_imgThe financial Intelligence Unit (FIU) has begun implementing several regulations on cross-border movement of currency.Addressing the Ministry of Information regular press briefing on Thursday, the Deputy Director General for operations at the FIU, Gabriel Bellepea, said Liberia having subscribed to an international financial task force regulation requires countries to regulate the movement of currency across borders.Bellepea pointed out that the FIU has put in measures to detect people traveling with money above the threshold.He explained that to ensure that Liberia complies with international standards, the FIU has begun enforcing the deduction of of 33.3 percent on any undeclared amount that is above the threshold of US$10,000 and investigate the legality of the money as applied by law.He disclosed that many people are in the habit of traveling with huge amounts of undeclared money so as to avoid paying taxes and because that source of the money is not legitimate.Bellepea also pointed out that cross border regulations have direct impact on fiscal policy and monetary policy, and that they “ensure stability in price levels, ensure that taxes are collected and that the relevant authorities to are aware of what is going out and what is coming in the country.”He noted that if monies going out and coming in the country are not declared, it poses serious challenges to the economy and country as a whole.He note that the FIU is about to commence the training of its staff and deploy them at various entry points around the country to effectively regulate the movement of currency in and out of the country.Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)last_img read more