Trinidad and Tobago needs cyber security experts
SPEAKER after speaker lamented the shortage of cyber security experts in TT, amid a plethora of cyber attacks, at the launch of a regional arm of a global network for collaboration in cyber security.
The Caribbean chapter of the International Information System Security Certification Consortium (ISC2) was launched on July 16 at the Hyatt Regency, Port of Spain.
Devon Seale, chairing the event, said the group aimed to equip professionals with the knowledge to safeguard their data and to build resilience.
"In the past two years we have been bombarded by many cyber attacks," Seale said. "Cyber security is a shared responsibility."
Anthony Peyson, chapter president, said in 2019 he had found no help when he sat a very challenging exam – Certified Information Systems Security Professional (CISSP) – and was later motivated to set up the chapter to help others in a similar predicament.
He said the global organisation has 160 chapters in 50-plus countries.
He warned that all the protection now existing against cyber attacks will become null and void when cyber attacks are launched by way of a combination of artificial intelligence (AI) and quantum computing. Such attacks, he said, will crack into systems by brute force, by going through all possible permutations of code until finding one that works. (Quantum computing uses quantum mechanics to solve problems too complex for classical computers.)
Peyson said the world now has 5.5 million cyber security professionals, but 10.2 million were now needed.
He said 42 is the average age of a cyber security professional, but many retire very early because of the high stress of the job, and instead go into unrelated areas like farming.
Only 25 per cent of cyber security professionals were female, up from 11 per cent five years ago.
The region has seen a doubling of ransomware attacks in 2022-2023, he said, costing US$1 billion, that otherwise could have been used for things like healthcare.
"This is a very serious situation we are in. We need to help and support each other to become resilient to the cyber threats out there."
He predicted a serious challenge when cyber attacks become perpetrated by both quantum computing and artificial intelligence.
Scofield Thomas, of the firm 800 TECH Ltd, said the Caribbean had a serious shortfall in cyber security professionals. Saying his firm had sought to recruit last January but applicants had not had the requisite skills, he said the firm ended up retooling and training its staff, three of whom graduated in May. He urged support for the ISC2 chapter, saying, "That will boost that pool of resource people."
Shiva Bissessar, CEO of Pinaka Consulting Ltd, said TT has a dearth of cyber security experts, and he expected the launch of the chapter to help to remedy this.
Amid the threats of cyber crimes and cyber warfare, he lamented the lack of an environment to foster the growth of cyber security professionals in TT.
Bissessar recalled a Microsoft official several years ago saying he knew many nationals who were world-class information security professionals, but all worked outside TT.
He cited one author as describing an cyber crime underground economy as "a complex ecosystem of actors within a value chain" where profit centres were built upon support infrastructure.
"This allows criminal entrepreneurs to devise scams by procuring the necessary resources a la carte, taking advantage of specialisation and economies of scale and resulting in a web of interactions which potentially span the globe.
"One can argue that such a criminal ecosystem, like many other cyber security threats, can only be disrupted by an equally powerful cyber security ecosystem of professionals."
Bissessar said TT seemed to focus on passing legislation on cyber security rather than initiating technical controls against attacks.
He wanted the development of an ecosystem of cyber security professionals.
"The Government needs to facilitate the creation of opportunities within the private sector to build and develop competencies which they can call upon in the future. We need security researchers, writers, lecturers, practitioners, policy-makers, legal specialists and technical experts, to name but a few."
He urged people to take advantage of training and capacity-development exercises from international bodies to upskill the national pool of experts in cyber security.
"The Government must lead by example and procure services from fledgling entities seeking to provide services in cyber security."
Ian John, CEO of CyberEYE, said cyber attacks were not a matter of "if" but "when." He said if an attacker has sufficient time and tools he could eventually hack a system.
Considering cyber security measures, he said, "Do you have a plan? Have you tested it? Will the plan work?"
John agreed the job of cyber security experts was extremely stressful.
"The job doesn't end. Many people opt out for an easier life."
He felt many cyber attacks were linked to disgruntled ex-employees.
John warned that IT professionals who were first responders to a cyber attack may actually inadvertently destroy evidence. "Someone wiped a machine. Data has been destroyed."
He said in the Caribbean the entities most vulnerable to cyber attacks were small and medium enterprises (SMEs).
"Forty-five per cent of SMEs that suffer a cyber attack or ransonware attack go out of business."
This was due to class-action lawsuits – presumably from their clients – and the cost of recovery, he said.
Saying the origin of a cyber threat can be internal or external to an organisation, John urged, "Know what is happening on your network 24/7."
Comments
"Trinidad and Tobago needs cyber security experts"