Source: The Tribune
It would be misleading to state or infer that cyber security management and compliance are easy tasks. These topics can often appear daunting to many top executives, small business owners and all those in between. To further complicate the discussion, there are so many acronyms, technology jargon, controls, regulations, codes of conduct and more that must be carefully analysed in an effort to create the safest environment for your privacy, communications, professional and personal data.
However, despite the best efforts of governments, regulators, companies,and individuals, there are mounting statistics which confirm data breaches and other cyber crimes are increasing. And locally, police commissioner Paul Rolle, when addressing the CARICOM IMPACS virtual security conference, said: “In the last six months, we have seen some increase in fraud-related matters, particularly cyber fraud. There was a 36 percent increase in hacking and extortion.”
The Bahamas is not alone in this regard. The Caribbean Financial Action Task Force (CFATF) quotes Marina Walter, the United Nations resident coordinator for Trinidad and Tobago, Suriname, Aruba, Curacao and Sint Maarten, expressing concern about the lack of comprehensive cyber security policies among member states due to “the high number of unsecured servers”.
Given that October has been celebrated as Cyber Security Awareness Month for the past 17 years, I believe it is important to provide simplicity on this otherwise technical topic by explaining several of the aspects that both small and large businesses, individuals and governments, should be aware of and how compliance fits into the mix.
Threat Actors
These are the source of an event, incident or breach. This person can be an employee or an outside that launches a cyber attack. While it is widely accepted that insiders account for the greatest threat to a company’s security, the 2020 Data Breach Investigation Report suggests this is inaccurate. Although there has been an uptick in internal actors, “financially motivated breaches are more common than espionage by a wide margin”.
Threat Actions
These are the ploys used by criminals to gain access to protected information. These are numerous. However, placing them into the following topics, helps provide perspective. These topic areas include malware; hacking; social; misuse; physical; error; and environmental.
Cyber security Compliance
The role of compliance in the cyber security space is multi-faceted. Risk and compliance professionals ensure that our companies are aware of both applicable laws and global best practices. They provide creditable challenges surrounding controls implemented by our respective organisations. Moreover, they ensure staff and owners alike are made aware of implemented cyber security standards and protocols.
In conclusion, as technology continues to grow so will cyber threats. Compliance regulators, business owners, executive leaders, compliance professionals and employees all have strategic roles to play in the security of data. As cyber security standards become embedded, I submit company resilience will increase as a direct result.
NB: Derek Smith Jr is a compliance officer at a leading law firm in The Bahamas, and a former assistant vice-president, compliance and money laundering reporting officer (MLRO), at local private bank. His professional career started at a ‘Big Four’ accounting firm and has spanned over 15 years, including business risk management, compliance, internal audit, external audit and other accounting services. He is also a CAMS member of the Association of Certified Anti-Money Laundering Specialists (ACAMS).