Permit me a space in your publication to highlight some of the perils which both private and public organisations in developing countries such as Guyana face on a daily basis.
The threats referred to are those which are birthed from our dependence on the technological platforms which are designed to allow for, inter alia, structured communication; targeted marketing of products and services; archiving and reporting on information critical to executive-level decisions; and overall enhancement of business processes which are intended to promote efficiency and efficacy at key levels.
More recently, on 6th Feb, 2019, the Guyana Power & Light Inc. (GPL), through a press release, informed of a “cyber-attack on the Company’s computerized systems”, which affected their Customer Information System. The statement further alluded to the request of a “ransom of bitcoins (digital money) to remove all encryptions from within its network”.
While the GPL Information Systems team should be commended for their quick response, for initiating a quarantine to prevent propagation, and for invoking the disaster recovery mechanisms to restore the systems in a timely manner, I am of the view that such a threat should never have occurred in the first place.
The issue here is that of ransomware, which occurs when a network of systems is penetrated by one of a myriad of various ways, to introduce a virus which propagates across that network insofar as it is able, and accesses files and performs an encryption on them. In simple terms, the only way to regain control of those files is through the decryption process, which requires a decryption key.
Due to its difficulty in traceability, perpetrators of ransomware attacks promise the decryption keys in exchange for digital currency, such as bitcoins.
In January 2017, the Guyana Water Inc. suffered a similar attack, which resulted in downtime of services. It should be noteworthy to mention also that the Guyana National Computer Incident Response Team (GN-CIRT), in May of that very year, issued a cybersecurity alert warning of the “Wanna Cry” ransomware, which exploited a vulnerability in the Windows Operating System. That vulnerability has since been patched.
The Symantec Internet Security Threat Report (https://resource.elq.symantec.com/LP=6819 – Feb. 2019) reveals that worldwide ransomware attacks were down 20 per cent during 2018, as opposed to 2017, when enterprise ransomware attacks had surged 12 per cent. This indicates a revolution in cryptovirology, which is intended to target more advanced infrastructure rather than the regular “mom and pop shops”.
In 2018, the report referenced the “chief ransomware distribution method” as being targeted email campaigns exploited due to dependence on the use of email.
In my experience, and through studies, most ransomware attacks are as a result of some form of negligence on the part of network administrators, whether directly failing to implement security and alerting platforms, or indirectly, through the inadequacies of their systems. The ever-evolving threat-landscape must be constantly analysed, and actions taken insofar as those are affordable to organisations across the spectrum.
Organisations and companies are urged to invest significantly in ensuring that their IT personnel are trained, and implement mechanisms which constantly keep security best practices in check. The importance of the formulation of a detailed Disaster Recovery Plan (DRP) should be as a result of careful studies of both the internal and external dynamics of any organisation, big or small, public or private. Brainstorming sessions intended to identify all risks and possible mitigative measures can also be of great utility to the formulation of a DRP.
IT administrators are further urged to assess the risk at every level of staff (from the customer service representatives straight up to executive management, and specifically IT personnel and the systems which they interact with) to ensure coverage and implementation of usage policies.