Responding to the cybersecurity threat

For years, conversations about cybersecurity in Trinidad and Tobago have surfaced. Seminars have been held. Consultants have spoken. Minor hacks have been reported.

Two weeks ago, a major cybersecurity incident took place with an attack by a Russian ransomware organisation targeting the operations of Ansa McAl.

The attack began in Barbados and spread to the company's operations in TT, leading to a shutdown of Tatil and Tatil Life.

This is the first cybersecurity attack on a major company to go public. It would be naive to think it was the only one.

Ransomware is hacking gone commercial.

The object of the criminal enterprise is to make money, and these gangs do so by amplifying their reach through a network of affiliates who co-brand their malware tools and expand the attack surface on companies.

It's cybercrime organised as multi-level marketing.

The hacks that have gone public previously have been pranks. Websites defaced and tagged by hackers who went on to brag about their exploits.

Ransomware is a different level of threat, one that costs companies millions, both in downtime and in payments to retrieve irreplaceable data.

In a typical ransomware attack, company files are encrypted on its own servers so that it cannot be accessed. Sometimes, the data cache is downloaded and held for sale or auction.

Attacks usually begin with the injection of malware into a company's computer systems through a phishing email, correspondence that looks legitimate, but links to destructive software.

The malware seeks out data caches on servers and encrypts them.

Paying a ransomware demand carries all the concerns of any ransom payment. Payment identifies the victim as a soft target for future attacks.

The attack on Ansa McAl reveals some worrying issues.

When Newsday contacted the police about the issue, the response was hardly reassuring.

The muddled, disengaged attitude of officers to a cyberattack on one of the country's major insurance companies was shockingly casual and deeply worrying.

Ansa McAl for its part has managed the situation defensively, as information leaked about the incident over the course of the shutdown despite its silence.

The company has the resources and the IT support to handle the issue at a very high level, but that isn't the case for all businesses.

The attack is a shot across the bow for all local companies and for the government, which is responsible for managing critical national services.

There is need for preventive education for all computer users in business and government, particularly when many work from home, in order to strengthen attack surfaces.

Secure, screened backups of critical information are now necessity for operations continuity.

The neighbour's house is on fire, it's time to take clear and decisive steps to wet our own.