By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

A cyber security specialist yesterday urged Bahamian businesses and government agencies to identify “extremely sought after” soft targets in their IT systems following the attacks on the Registrar General’s Department.

Philip Darville, SolveIT Bahamas’ managing director, told Tribune Business: “We [The Bahamas] have a long history of attacks; this isn’t something new for The Bahamas. We have had companies, banks and institutions held hostage until they release payments to international groups.

“This is a history of recurring exposure, and for a nation that thrives on information integrity with the offshore sector being a prevalent part of our economy, it is sad that we haven’t put cyber security as a number one priority given the amount of monies and investments made in this country by international groups and associations. We have to make cyber security a number one priority so that information is secure, accessible and safe.”

Mr Darville added that hackers, in particular, seek to target perceived weak points within a company’s IT system and probe these areas continuously. He said: “It all starts with identifying targets. The way the Internet is set up now we all can find access to resources that store information.

“The platforms that are public facing, which have portals where people can login to either do business or gain access to information, is something that is extremely sought after. Banking institutions that have access to client accounts, they are at risk. Information portals via government agencies, they have been more targeted because they are not as secure in many cases,” he added.

Whenever an intruder is successful, he advised businesses that “there needs to be a immediate cessation of any online access, and they should switch to a legacy system, which is just a manual way of doing things until this has been secured.

“But there has to be a top-down assessment, and that not only starts with the systems, both internal and external, but also the human element. How the users function, and how susceptible are users to this; which users can be grouped into levels or layers of susceptibility,” Mr Darville added.

He said solutions that “randomize testing within companies’” to detect system users who are more inclined to click suspicious links in their e-mail box, or who are unaware of company protocol when it comes to handling sensitive data, must be a primary focus for Bahamian companies.

Mr Darville added: “This is a combination of human resources, compliance, information technology to be able to look at business processes and identify who are exposed and what is going to be exposed. Some companies don’t know to what extent they are exposed and that is the most dangerous thing.”