Jamaica:  Vic)m  or  perpetrator  of  cyber  crime  and  intrusions?  

INFOSEC  Execu)ve  Breakfast    Kingston,  Jamaica    �    26  June  2012  

Cyber  incidents  not  widely  reported  in  the  Caribbean  

A  few  possible  excep.ons:  •  Tax  Administra.on  of  Jamaica  –  June  2012  •  Hacking  of  Trinidad  &  Tobago  Parliament  website  –  April  2012  

•  Hacking  of  Trinidad  &  Tobago  Ministry  of  Finance  website  –  March  2012  

•  DDoS  aHack  LIME  Barbados  network  –  March  2012  

What  do  Caribbean  network  security  experts  think  about  cyber  security  in  

the  region?  

Intrusions  are  highly  prevalent  in  the  Caribbean  

•  Success  rate  of  aHempts  unknown  •  Top  sources  for  threats  –  Russia,  China,  HK  •  Organisa.ons  have  a  narrow  view  of  security  •  Caribbean  has  not  commiHed  the  necessary  resources  or  effort  to  strengthen  frameworks  

•  In  addi.on  to  threats  in-­‐country,  Caribbean  countries  can  be  used  as  jump-­‐off  points  for  aHacks  in  other  countries  

What  is  the  situa)on  in  Jamaica?  

A  legal  &  enforcement  framework    exists  for  cyber  crime  

•  Cybercrimes  Act  2010  exists  along  with  a  Cybercrime  Unit  (CCU)  

•  CCU  can  only  enforce  with  coopera.on  of  vic.ms  and  other  affected  interests  

•  Unit  has  its  hand  full  tackling  local  crimes  plus  loHo/telemarke.ng  scams  targeted  at  the  US  

•  LoHo  scams  are  affec.ng  country’s  reputa.on  –  “Beware  876”  campaign  

CCU  tackled  32  cases  in  2011  

So  far,  Jan—May  2012:  26  cases  

CCU  data  doesn’t  tell  us  much  

•  Incidents  reported  as  cyber  crimes  are  done  according  to  Cybercrimes  Act  

•  CCU’s  main  goal  is  prosecu.on  •  Focus  likely  to  be  incidents  origina.ng  in  Jamaica  

•  LiHle  or  possibly  no  framework  for  incidents  affec.ng  Jamaicans  but  origina.ng  elsewhere  

•  Cases  reported  to  CCU  only  a  drop  in  the  bucket    

How  can  we  stem  the  )de?  

Cyber  incidents  can  be    debilita)ng  and  isola)ng  

•  Majority  of  organisa.ons  are  unaware  that  they  have  been  compromised  

•  Incidents  cost  organisa.ons  $MM  –  .me,  revenues,  produc.vity,  remedia.on  

•  Many  organisa.ons  could  be  having  iden.cal  experiences  –  unbeknownst  to  the  other  

•  Oaen  limited  insight  into  scope  of  incidents  -­‐    frequency,  characteris.cs,  paHerns,  possible  solu.ons,  etc.  

Internally,  we  must  be  beUer  prepared  and  equipped  

•  Comprehensively  examine  systems,  networks,  equipment  

•  Strategically  establish  priori.es  &  con.ngencies  

•  Invest  in  the  con.nual  maintenance  and  update  of  defences  

•  Exercise  even  greater  vigilance    •  Support  staff  training  and  capacity  building  

We  must  also  be  prepared  to  establish  trust  rela)onships  

CERTs/CSIRTs  are  urgently  needed:  •  Provide  expert  informa.on  and  support  •  Supplement  internal  security  plans/structures    •  Increase  awareness  of  incidents  -­‐  frequency,  characteris.cs,  commonali.es,  possible  solu.ons,  etc.  

•  Ensure  that  appropriate  industry  standards  and  prac.ces  are  established  

 Thank  you!  

Michele  Marius  Blog:    ict-­‐pulse.com  

FB:  facebook.com/ICTPulse  TwiHer:  @ictpulse  

Image  credits  •  Stethoscope:  dreams  designs  /  FreeDigitalPhotos.net,  

hHp://www.freedigitalphotos.net/images/view_photog.php?photogid=1449  

•  Binocular  image:  Ntwowe  /  FreeDigitalPhotos.net,  hHp://www.freedigitalphotos.net/images/view_photog.php?photogid=2043    

•  Hermosa  Wave  image:  watch4u  /  flickr,  hHp://www.flickr.com/photos/look4u/