By NEIL HARTNELL
Tribune Business Editor
The ransomware attack on the ZNS radio servers is “a clarion call” for all businesses to focus on their cyber security defences, the Chamber of Commerce’s chief executive urged yesterday.
Jeffrey Beckles told Tribune Business that companies “across the board must take every precaution” to guard against, and prevent, attacks such as those that effectively crippled the state-owned broadcaster by locking staff out of their computers and information technology (IT) system.
Pointing out that such “vulnerabilities and threats” are now commonplace in a globalised economy, the chamber chief said the ever-growing reliance on electronic data and IT - even among those self-employed, and in home-based and “Mom and Pop” type businesses - meant the risk was only likely to increase.
He added that too many Bahamian companies were conducting transactions and important commerce using platforms such as Yahoo and Hotmail, which were “not sophisticated enough” to provide the level of protection necessary to guard against experienced, determined hackers.
“The short answer is yes, I believe the ZNS matter is a wake-up call,” Mr Beckles told this newspaper. “Outside of private interests in The Bahamas, maybe security is not necessarily a major discussion. But the unfortunate incident at ZNS is a good example of what could happen.
“That doesn’t speak to anything other than we as a community should take every precaution, and the Chamber wants to remind members across the board that part of living in a global village is the vulnerability and threats that come with it.”
The Chamber will highlight cyber crime’s impact at its annual Data Protection and Security conference, set to be held in June, but Mr Beckles added of ZNS’ misfortune: “This has happened out of the gate.
“It’s an early call to attention for all concerned. Not just businesses, but we have a lot of home-based businesses, self-employed and businesses that are run from home. They need to be equally concerned about protecting data and systems that are tied into security protocols. There are a lot of people out there looking to take advantage of those kinds of businesses running from home on what we think is a secure network.”
Mr Beckles added that too many Bahamian companies and entrepreneurs still relied on platforms more suited for social activities, such as gmail, and in doing so exposed themselves to data breaches, hacks and other cyber crimes.
“We use Yahoo, hotmail and Gmail platforms,” he told Tribune Business. “The truth is that while they’re nice for social interaction, there are many Bahamians that use these platforms to conduct business.
“While they offer a degree of security, they’re not secure enough to secure business transactions. This [the ZNS ransomware] should serve as a wake-up call for us to use appropriate platforms to conduct business.
“The bad guys out there don’t care who we are or understand the business we operate; if they feel there is information they can take from you to use, you will become a victim. It’s a clarion call for all of us to pay attention. Bear in mind we live in a globalised economy that has good and bad. This is a good example of that.”
Mr Beckles said the Chamber was encouraging its members, and all businesses, to hire certified IT security technicians to “take a second look, a third look if they have to” at their data protection and system defences in the wake of the ZNS attack.
He emphasised, though, that such technicians should have the necessary skills and qualifications as “connecting to the wrong people leaves you just as vulnerable. Speak to certified security people who can analyse the needs of their system and provide the basic security for your business”.
Cyber-related attacks on both Bahamian businesses and public institutions are nothing new, with the ZNS ransomware demands just the latest example of the growing threat posed to this nation’s economy and infrastructure by overseas criminals exploiting technology for their own financial benefit.
The Central Bank of The Bahamas suffered a “denial of service” event just prior to Christmas 2018, with hackers boasting that its website was an “easy target” for them to take down. The regulator, though, said its website was stabilised within 24 hours of the attack.
Still, the hacker allegedly responsible, named ‘Shizen’, openly boasted to the website, Rogue Media Labs, that the Central Bank of The Bahamas website was vulnerable because it lacked basic security measures.
“The Central Bank of The Bahamas is an easy target,” ‘Shizen’ was quoted as saying. “The website is protected by Cloudfare, but as long as the DDoS (distributed denial of service) doesn’t exceed the 1 TBPS limit.
“I have attacked with a Python script. The website has been taken down for 28 hours before it changed over to Cloudfare. Now, if you make a check-host, you can see an error ‘503 Service Temporarily Unavailable’. The website now works because they have changed the Cloudfare, so I think I’ll try to take it down next with an IRC Botnet or an MIRAI next.”
Fidelity Bank (Bahamas), the BISX-listed bank, in 2015 faced similar demands to those made of ZNS when a group called ‘Hack for Trump’ sought a $30,000 ransom payment for not publicly releasing clients’ personal financial data via the Internet.
No client data was hacked or revealed, though, with Fidelity saying the group appeared to have breached an external server hosting Fidelity’s public website that held “minimal information”. No ransom was paid.
Several Bahamian banks, though, were impacted in 2013 when they were forced to reissue client credit cards after an offshore data processor/acquirer was compromised and customer details revealed. Atlantis, too, has been hit by breaches of customer debit and credit card data, while the Court of Appeals’ website has also been hacked.