“So there is no reason for us to be overly concerned about an intentional attack on data.” National Security Minister Stuart Young
I respectfully disagree with the Honorable Minister: Given these “little events” there is reason to have some concern with respect to your data.
- Have your organization ever conducted threat and vulnerability assessments of your facility, infrastructure and operations inclusive of your information technology systems?
- How much due diligence have you done on the vendor you engaged for your IT systems?
- How secure are the systems/applications said vendor(s) are using ?
- And is your BCP tested?
Cyber security, like risk management are buzzwords that are bandied about and discussed but apparently not actioned.
A riddle for you:
There are five executives in a meeting discussing cyber security. 3 of them have decided to enhance their IT security. How many have not enhanced their IT security?,,,,,,,,,,NONE
Decisions and agreements if not operationalized/implemented is just that….decisions and agreements.
Decisions must be followed by actions.
The recent “infiltration” or hacking of the websites of state entities demonstrate, in my humble opinion, that there are players out there that have the capability to attack the technology infrastructure of institutions in Trinidad and Tobago, and if one extrapolates these events, there is nothing that prevents them from doing or attempting to do the same to organizations in the private sector. That said, the assumption maybe that these private organizations have MORE integrated IT security employed to protect themselves than the public sector. And many do.
In the last 3 months some US cities , like Baltimore and Albany (NY), where Ransomware was employed by hackers, totally shut down many critical sites that serves the public and these cities were asked to pay a “ransom” to be allowed to regain access to their systems. Are we there yet? (Ransomware attacks use malware to lock out users unless the hackers get paid)
Is your organization sleepwalking into one crisis after another?
Let’s be careful out there.
Ken Hackshaw – Lead Faculty for Professional Certificate in Enterprise Risk Management. For more information on this professional certificate 868-645-6700 ext. 367