Latest update February 25th, 2025 10:18 AM
Latest News
- Five dead in road accidents
- 25 helicopter trips required weekly for preparatory work on 7th oil project—Exxon says in EIA
- Israel deploys tanks as assault on occupied West Bank intensifies
- Govt. seeking contractors for $1.9B Parika to Goshen Road project
- GHRA urges Gov’t to follow laws in dealing with US deportation issue
Threats birthed from our dependence on the technological platforms
DEAR EDITOR,
Permit me a space in your publication to highlight some of the perils which organisations, both private and public in developing countries such as Guyana face on a daily basis. The threats referred to are those which are birthed from our dependence on the technological platforms which are designed to allow for, inter alia, structured communication, targeted marketing of products and services, archiving and reporting on information critical to executive-level decisions and overall enhancement of business processes which are intended to promote efficiency and efficacy at key levels.
More recently, on 6th Feb, 2019, the Guyana Power & Light Inc. (GPL), through a press release informed of a “cyber-attack on the Company’s computerized systems” which affected their Customer Information System. The statement further alluded to the request of a “ransom of bitcoins (digital money) to remove all encryptions from within its network”.
While the GPL Information Systems team should be commended for their quick response and initiating a quarantine to prevent propagation and invoking the disaster recovery mechanisms to restore the systems in a timely manner, I am of the view that such a threat should have never occurred in the first place.
The issue here is that of ransomware which occurs when a network of systems is penetrated by one of a myriad of various ways to introduce a virus which propagates across that network insofar as it is able and accesses files and performs an encryption on them. In simple terms, the only way to regain control of those files are through the decryption process which requires a decryption key. The perpetrators of ransomware attacks promise the decryption keys in exchange of digital currency, such as bitcoin, due to its difficulty in traceability.
In January 2017, the Guyana Water Inc., suffered a similar attack which resulted in downtime of services. It should be noteworthy to mention also, that the Guyana National Computer Incident Response Team (GN-CIRT), in May of that very year, issued a cybersecurity alert warning of the “Wanna Cry” ransomware which exploited a vulnerability in the Windows Operating System which has since been patched.
The Symantec Internet Security Threat Report (https://resource.elq.symantec.com/LP=6819 – Feb. 2019) reveals that worldwide ransomware attacks are down 20% during 2018 as opposed to 2017, enterprise ransomware attacks have surged 12%. This indicates a revolution in cryptovirology which is intended to target more advanced infrastructure rather than the regular “mom and pop shops”. In 2018, the report referenced the “chief ransomware distribution method” as being targeted email campaigns exploited due to dependence on the use of email.
In my experience and through studies, most ransomware attacks are as a result of some form of negligence on the part of network administrators whether directly failing to implement security and alerting platforms or indirectly, through the inadequacies of their systems.
The ever-evolving threat-landscape must be constantly analysed and actions taken, insofar as it is affordable to organisations across the spectrum. Organisations and companies are urged to invest significantly in ensuring that their IT personnel are trained and implement mechanisms which constantly keep security best practices in check.
The importance of the formulation of a detailed Disaster Recovery Plan (DRP) should be as a result of careful studies of both the internal and external dynamics of any organisation, big or small, public or private.
Brainstorming sessions intended to identify all risks and possible mitigative measures can also be of great utility to the formulation of a DRP. IT administrators are further urged to assess the risk at every level of staff (from the customer service representatives straight up to executive management and specifically IT personnel and the systems which they interact with to ensure coverage and implementation of usage policies.
Regards,
Aneal Giddings
Similar Articles
THE BLUNT OF THE DAY
Sports
Features/Columnists
The PPP/C’s rotten return
Peeping Tom… Kaieteur News- The People’s Progressive Party/Civic (PPP/C) ought to have treated its loss in the... more
Why the U.S. Should Strengthen Trade Ties with the Caribbean
By Sir Ronald Sanders Kaieteur News- A rules-based international trading system has long been a foundation of global commerce,... more
Weekend Cartoon
