TSTT: 'Security increased after cyber attack'

THE Telecommunications Services of TT (TSTT) says it has strengthened its safeguards to protect itself and its customers from any future cyber attack.

Company CEO Lisa Agard made this statement during a virtual investor-relations call held by the company on Friday.

On October 9, TSTT was the victim of a cyber attack.

Agard told investors, "We take the security of our customer information very seriously and we have spent millions of dollars over the years protecting it."

She said when the attack happened on October 9, TSTT's response was immediate.

"As soon as we detected the breach, we activated our international cyber security experts including Check Point, to support the recovery and restoration efforts."

Founded in 1993 and based in California, US, Check Point Software Technologies Ltd is described as "a leading provider of cyber security solutions to corporate enterprises and governments globally."

Agard said, "We launched our incident response plan, which triggered steps to minimise the security vulnerability."

She told investors, Frrom the onset, we isolated our systems and applications from the hackers.

"These applications were subsequently quarantined, rebuilt and put back into production."

Simultaneously, she continued, TSTT's international cybersecurity experts and partners advised the company on "the implementation of appropriate additional security measures and protocols."

For obvious security reasons, the details of these new measures and protocols are confidential.

Agard said these measures and protocols are being implemented.

"We have already begun implementing further aggressive preventative actions to ensure no reoccurrence and to improve the company's security posture."

The reinforcement of TSTT's cybersecurity systems is not stopping there, she said.

"We have also engaged the services of a local independent cybersecurity company, Cyber Eye, that is affliated to Cross Word Cyber Security PLC in the UK, to do a number of additional things for us."

When the Russia-Ukraine conflict began last February, Cross Word advised several UK companies on measures to protect themselves from Russian cyber attacks.

Agard listed assessement of current cybersecurity controls, threat monitoring and control as some of the work Cross Eye is doing for TSTT.

She said, "To date, all of our critical systems have been restored."

Agard lamented that cyber attacks were an unfortunate reality in a modern digital world.

TSTT has not been the only victim of such attacks, she said, as an official TT-CSIRT incident response report between 2022 and 2023 indicated, "There have been 55 known attacks of various types between the government and the private sector."

TT-CSIRT is the National Security Ministry's cybercrime response team.

She added, "Those are the only ones that have been reported publicly."

The Office of the Attorney General and Legal Affairs and the Judiciary were victims of cyber attacks earlier this year.

In the Senate on May 24, Attorney General Reginald Armour, SC, said Government was working to strengthen legislation to protect citizens against different forms of cybercrime.

He also disclosed that TT was invited in October 2021 to formally ratify the Budapest Convention, the first international treaty seeking to address internet and computer crime by harmonising national laws, improving investigative techniques and increasing co-operation among nations.

TT has observer status to the convention and has five years in which to ratify the treaty. Armour said once this happens, TT can benefit through partnership with other nations to combat various types of cybercrime.

In July, the Opposition agreed with the Government about an urgent need to deal with cybercrime.

In that month, the UNC said some of its MPs attended a special two-day workshop on cybercrime organised by the Parliamentarians for Global Action (PGA) International Peace and Security Program, focused on engaging Caribbean parliamentarians in the implementation of the Budapest Convention.

The workshop was held at the Radisson Hotel, Port of Spain.

The UNC said it will "continue to push for greater education and public awareness of the threats posed by cybercriminals as well as advocate for policies that keep TT citizens safe from all aspects of crime including those committed in cyberspace."