Following a spate of recent cyber attacks in Jamaica, tTech Limited is urging local organisations to adopt a proactive approach to IT security before they face a critical cyber event.
Pointing to the rapid changes in the tech landscape over the past few decades, tTech’s CEO Norman Chen and security team lead, Jaleel Henry, painted a perilous picture of the state of cyber security in Jamaica.
“Businesses in general, even some of the large enterprises, typically have a traditional antivirus,” shared Henry. “They set it and forget it, not even bothering to check for gaps to fill them in.”
But according to both Chen and Henry, the days of the traditional antivirus being sufficient on its own are long over. With the technology growing and most people doing business online, the attacks have also grown and the perpetrators are increasingly efficient at bypassing those traditional security methods.
Chen conveyed that relying solely on a conventional antivirus solution for cybersecurity is analogous to depending solely on a standard door for home security. Just as homeowners invest in supplementary security measures such as security guards and gated communities, an organisation also needs multiple layers of protection.
This includes advanced endpoint detection and response, a 24/7 security operating centre, and various other security layers.
Beyond the traditional antivirus, they said that an incident response plan, regular tabletop exercises to test that plan, patching or updating devices frequently, and having a security incident and event management (SIEM) solution are other basic cybersecurity measures that businesses need to have.
In addition, the tTech team members shared that there has been a recent spike in ransomware attacks hitting Jamaica. And they say that without a proper cyber incident response plan the trend will only continue.
“The reality is cyber criminals don’t care about the size of a company. They’re searching for companies by using AI to make themselves more efficient, and any company that is not taking security seriously is an easy target,” expressed Chen.
As for the smaller businesses which may not have the capacity to build out an expansive IT security strategy, Henry said that they ought to have an IT security strategy plan and security awareness training for the users at minimum.
“Companies need to look at their approach to security, and ensure that it is layered; they need to implement strategies and take appropriate measures to properly secure their data, their customer’s data as well as their employees’ data,” stated Henry.
With these measures, organisations are better prepared to face the inevitable attacks on their cyber infrastructure.
Chen urges business leaders across industries to consider the risks of forgoing a proper cybersecurity plan, saying, “We always ask companies to think about what would happen to their business if they could not access any of their systems for one week. If a company’s core banking application or their core enterprise planner was down for a week, what would be the impact of that? If a company could not use technology in their business for one week, how would the company survive? Imagine being out of business for days, weeks or half a year. That is the risk a company takes and the impact of not putting measures in place is threatening to the business.”