Companies across the Caribbean are seeing the importance of putting measures in place to promote cyber security.
That’s according to Bruce Scott, Regional Risk Assurance Leader with PricewaterhouseCoopers (PwC) Caribbean Region Network. He told The Barbados Advocate in a recent interview that a number of high profile ransomware and cyberware acts have triggered discussions in boardrooms across the region and wider world, causing them to take action to protect themselves.
“So a bad thing has become a good thing. There are more companies spending money on this and asking their IT departments and internal audit departments to give them a budget to do assessments, almost like a tech-nical hack,” he said.
While pleased about this development, the risk management expert said there is still some way to go, but he is confident that it is moving in the right direction.
“Some companies also assess the risks of why somebody would want their data, but the people want their data because it is important to them and that is where ransomware comes in,” he explained.
On the topic of ransomware and referencing the recent ‘WannaCry’ ransomware attack, he said that the region must not take these attacks lightly and must become mindful of the importance of having persons with the requisite skills within their organisations to address such issues and protect sensitive data. He made the point while noting that while there are Caribbean nationals trained in the area of cyber security, many of them do not reside within the region.
“The talent pool to do the kinds of technical reviews is not always here and so the service has to be brought in. So you have to literally to wait and go through the whole engagement process, rather than calling your IT guy to deal with it,” Scott noted.
With that in mind, he said additional work has to be done regionally and revealed that PwC Trinidad has invested in training staff in cyber security and are making those services available to other PwC offices within the region.
“Some of my large bank clients, they now have persons with the title ‘Information Security Officer’ on their team and they do specialised training. But as you would appreciate, small companies with sensitive data would not have the budget to hire full-time Information Security Officers and so they use a managed service provider who is based overseas,” he stated. (JRT)
