AmCham’s cybersecurity warnings

AT THE American Chamber of TT’s Health, Safety, Security and Environment event at the Hyatt Regency last week, there were some traditional security concerns aired. But this year’s conference drilled down into cybersecurity and dark-web threats to a quite alarming degree.

Forget warnings. These were horror stories of computer systems exposed through IT department carelessness, angry employee retaliation and determined hacking at budget prices.

According to Lloyd Mclelland, district sales manager of A10, on the dark web you can buy a week’s worth of DDoS (Distributed Denial of Service) attacks for just US$150, so it isn’t surprising that these denial-of-service attacks, which cripple internet-connected servers by flooding them with fake requests, have risen by 380 per cent since 2018.

Also on the rise? Ransomware attacks, which encrypt corporate and government systems. Attacks on US cities do not discriminate by size and even small cities are being hit with "fees" to release encrypted data in the hundreds of thousands of dollars.

In a ransomware attack, hackers break into to a network of computer systems and encrypt the data, making it inaccessible to legitimate users.

In August, the New York Times reported that 22 Texas towns were attacked in what is believed to be a single co-ordinated event by a single actor, reducing them to paper and pens to do government business.

Most range in size between 30,000 and 100,000 residents and were described as targets of opportunity, with security and intrusion detection levels far below those implemented by corporations.

Baltimore faced a US$76,000 ransomware demand in May and refused to pay. The city has since spent more than $5.3 million on updated computers and contractors to recover from the attack.

These cities and towns have had to grapple with the reality that paying the ransom is usually cheaper than the cost of restoring the data and time lost to unresponsive systems, but they are also forced to consider the ramifications of paying ransom demands with taxpayer money and being seen as soft targets.

Pushpendra Kumar Gupta, global presales lead for data protection, Dell Technologies, told a small audience at the AmCham cybersecurity discussion that downtime numbers are up by 28 per cent because of ransomware attacks and 95 per cent of corporate breaches start at the end point.

Hackers are also becoming more savvy in their attacks and now encrypt as many backup copies of working data as they can find on compromised networks, deepening damage and likelihood of a payout.

David Antonio Green, vice-president, sales and marketing, Hitachi, advocated for greater cyber-resilience in network construction, emphasising the need to prepare businesses for the eventuality of cyberattacks and ensuring business continuity.

“In modern IT management,” Green said, “attack surfaces are everywhere and traditional perimeter security has become obsolete.”

With more than US$1 billion paid in ransomware demands in 2016 alone and years of work lost in data that remains inaccessible, the cost of not securing networks has sharply risen in the last five years.

It’s considered normal practice for modern companies and governments to create a cyber incident response team, or CIRT.

The Government’s TT Cyber Security Incident Response Team’s website (ttcsirt.gov.tt) has been loading an out-of-date security certificate for more than a month and current browsers warn users from continuing to the website.

That aligns with private information reaching me that the Government CSIRT is dangerously understaffed. The tardy response to security breaches at 11 government websites in July (http://ow.ly/is5b30pN6wg), including the site of the Ministry of National Security, by what appears to have been a simple script injection, remains a low point in local cybersecurity defence measures.

Mark Lyndersay is the editor of technewstt.com. An expanded version of this column can be found there