BRIDGETOWN, Barbados, Thursday May 18, 2017 – Caribbean companies are at risk of falling prey to large-scale cyber-attacks similar to the one that interrupted computer systems across the globe last week, unless they take operational risk more seriously, a risk analyst has warned.
Regional Risk Assurance Leader for PricewaterhouseCoopers (PwC) Caribbean Region Network Bruce Scott says he’s not satisfied that firms in the region are paying enough attention to assessing and mitigating such risks.
“I don’t think they are taking operational risks that seriously. Anything to do with money, there is a little bit more formality around that,” Scott told online newspaper Barbados Today on the sidelines of a PwC regional risk management seminar at the Radisson Aquatica Resort.
“I think operational risk, the stuff that have to do with your people and processes, doesn’t get the attention as much as the banking and the liquidity and loan financing. A lot of focus is placed on financial risks, but where we struggle is in the operations. We tend to just accept that, ‘yeah, a fraud is going to happen’,” he said.
A cyber-attack last Friday, dubbed WannaCry, saw computer malware quickly spread to 150 countries, holding an estimated 200,000 computers hostage by blocking access to files. Hackers demanded a ransom in Bitcoin, an untraceable digital currency. The attack slowed down by Monday after a British cybersecurity researcher found and inadvertently activated a “kill switch” in the malicious ransomware.
However, experts have warned that the hackers are likely to strike again after improving the malware to eliminate the kill switch.
Scott advised regional businesses to back up their data as a means of circumventing the ransomware, and to conduct diagnostic assessments of their vulnerability.
“They need to get a ‘friendly hacker’ who is not the criminal but behaves like one, to do an assessment of how vulnerable they are and then once they see the vulnerabilities they need to get the budget to close it down,” he advised.
“You have a response strategy and then you have a diagnostic to see where you are. The rest of it is just monitoring what you have put in place, because you can’t stop these guys. This is what we call risk avoidance. You can’t go out of business just because you don’t want to be attacked. So you just accept that this is reality and you move towards your goals, but you manage your risks while you are still trying to make profits, and give your employees a good experience.”
Computer security firm Symantec estimated that the varieties of ransomware have more than trebled since 2014, while the US Federal Bureau of Investigation calculates that CryptoWall, a particularly nasty strain of ransomware, netted at least US$18 million for hackers in 2015. (Adapted from Barbados Today)