CEO: Cyber security is always an afterthought
The Bahamas, along with the rest of the Caribbean and Latin America, should be doing significantly more to combat cyber crime, a rapidly growing threat estimated to reach a global cost of $6 trillion by 2021, according to an industry leader in cyber security.
“From our prospective, it’s not just a Bahamas problem, it’s a Caribbean and Latin America problem,” said Scott MacKenzie, chief executive officer of Cloud Carib, a technology and cyber security firm based in The Bahamas with clients throughout the region. “It’s a problem really in any developing region. Cyber security is always an afterthought.”
MacKenzie insisted that until people start to demand international standards, most companies in this region would more than likely choose to ignore risks until they are forced to address them.
“For instance, there are lots of research studies that basically demonstrate what would happen after a security breach: directors or executives in a company would get convened and only about 25 or 30 percent of boards or executive committees would see security attacks in the data through and actually remediate what caused the breach in the first place,” he said.
“About 65 to 70 percent of companies would accept the risk and basically leave themselves open to it happening again. That is either because it’s cost prohibitive or they find it too complex to deal with at the time.”
But risks are changing, according to MacKenzie, who said most cyber attacks in the region are carried out internally by some agent who has already been exposed to a company’s network system.
“The challenge now is, even with advanced firewalls and intrusion detection systems, hackers have gotten smart enough that they’re no longer sending things in easier-to-detect formats. So, what they do now is they embed viruses in a PDF document, and then they label that PDF document ‘resume’ and send it to a human resources department. Those are where the attacks are becoming trickier because now you really have to have sophisticated technology and sophisticated support personnel that can design, monitor, change and operate those systems. Because your human resources director or your human resources employee, their job is to open every resume that comes in and review it. Well if there’s a malicious code in that, now you’ve all of a sudden got a security compromise,” he said.
“That’s really where we see most of the problems in the Caribbean region and Latin America. It’s those business processes that are being targeted that are creating the biggest risks, that and from within. You always have to consider within as much as the external actors.”
With a control center that is operational 24 hours a day, seven days per week, Cloud Carib specializes in enterprise management, network management and security operations, with security professionals on staff every day of the year to for possible attacks.
MacKenzie said the company leverages sophisticated technology to design state-of-the-art security systems for its customers.
“So, as an example, using that human resources document, that document will pass through a system that will look for a signature within the PDF file. If it’s recognized it lets the document through the system and if it is not recognized, the system actually takes the attachment from the email, opens the attachment in what’s called a sandbox environment, and if there’s malicious code it would then register that malicious code,” he said.
“It’s not something that we necessarily specifically do. We use a system called Palo Alto and one of Palo Alto’s features is allowing you to do that. All of these things are based on cost. That’s a more advanced technology for people that are very security conscious: government, banks, financial services, law firms, those are what we specialize in.”
Paige started working as a business reporter in August 2016.
Education: Palm Beach Atlantic University in 2006 with a BA in Radio and Television News
Latest posts by Paige McCartney (see all)
- Customs dept. stands by Click2Clear despite criticism - December 13, 2019
- Union, resort make progress on new industrial agreement - December 13, 2019
- National cybersecurity plan within next nine months - December 12, 2019