Tue | Dec 12, 2017

JSE performance draws hacker attention to Jamaica - Companies advised to automate cybersecurity

Published:Friday | October 13, 2017 | 12:00 AMAvia Collinder

Businesses are being advised to invest more in cybersecurity systems and tech security talent to protect themselves against hackers and cybercrime.

Cybersecurity expert Karl Chambers, president and CEO of Diligent Security from Atlanta in the United States, says Jamaican companies have been seeing an increase in the number of attacks following the history-making performance of the Jamaica Stock exchange in 2015, with higher incidents of ransomware, phishing and malware attacks.

"Boards of directors need to own cybersecurity. They also need to know the risks their companies are facing. Too many of them are not even aware of what they have - including servers - which need to be protected," the cybersecurity expert said in a presentation to the two-day Anti-Money Laundering/ Counter-Financing of Terrorism Conference in Kingston.

Chambers cited examples of increased phishing in which CEOs and CFOs of Jamaican companies are being targeted with emails appearing to order payment for goods signed for under their name or coming from their email.

He was unable to provide a full count, but said anecdotal reports have been increasing, and significantly so, since December 2015.

The expert said that wives of company heads were also being targeted. The perception, he said, is that there is wealth in Jamaica because of the publicity brought by the stock exchange is outperformance in 2015, when it was adjudged the world's top market for that year.

Chambers said the dark web - initially created by the United States Navy for secure government communications - was now being used for illicit trade in criminal services.

It is now a source, he said, of malware and hacker service for hire, paid for in cryptocurrencies. The hackers often require a relatively small upfront fee as well as profit-share when they succeed.

"Because of the dark web, cybercriminals can use outsourced services to launch attacks. Every day, there are millions of attacks," Chambers said.

In July, he said, the US Federal Bureau of Investigation, FBI, and other crime-fighting agencies "discovered and shut down one marketplace, called Alpha Bay - the largest discovered to date."

Alpha Bay had 200,000 users and 40,000 vendors trading goods and services, including sex and guns and hacking tools, and had 100,000 listings of fraudulent documents, Chambers said. The site, which was created in 2014, had seen US$1 billion in transactions from inception to its shuttering by the FBI.

He also highlighted the cases of LabMd and Equifax Inc, which had their data stolen, costing them millions of dollars.

"(The year) 2017 was a particularly frightening year with ransomware attacks, including the encryption of data belonging to individuals and companies, and the demand in payment in bitcoin in return for a code for their release," he said.

WannaCry ransomware, for example, affected 30,000 victims in 150 countries, including courier company FedEx, which reported US$300 million of lost revenue, while Equifax lost US$70 million, he added.

Chambers advised Jamaican companies that they should not pay ransom to cyberthieves, while noting they would be in a better position to resist if their data were secure. He also advised that they employ automated tools to detect vulnerabilities, and beef up their staff with skilled cyber personnel, including a chief information security officer.

"Your organisation may not survive in the future without automated cybersecurity," he warned.

avia.collinder@gleanerjm.com