Caribbean companies are at risk of falling prey to large-scale cyber-attacks similar to the one that interrupted computer systems across the globe last week, unless they take operational risk more seriously, a risk analyst has warned.
Regional Risk Assurance Leader for PricewaterhouseCoopers (PwC) Caribbean Region Network Bruce Scott says he’s not satisfied that firms in the region are paying enough attention to assessing and mitigating such risks.
“I don’t think they are taking operational risks that seriously. Anything to do with money, there is a little bit more formality around that,” Scott told online newspaper Barbados Today on the sidelines of a PwC regional risk management seminar at the Radisson Aquatica Resort.
“I think operational risk, the stuff that have to do with your people and processes, doesn’t get the attention as much as the banking and the liquidity and loan financing. A lot of focus is placed on financial risks, but where we struggle is in the operations. We tend to just accept that, ‘yeah, a fraud is going to happen’,” he said.
A cyber-attack last Friday, dubbed WannaCry, saw computer malware quickly spread to 150 countries, holding an estimated 200,000 computers hostage by blocking access to files. Hackers demanded a ransom in Bitcoin, an untraceable digital currency. The attack slowed down by Monday after a British cybersecurity researcher found and inadvertently activated a “kill switch” in the malicious ransomware.
However, experts have warned that the hackers are likely to strike again after improving the malware to eliminate the kill switch.
Scott advised regional businesses to back up their data as a means of circumventing the ransomware, and to conduct diagnostic assessments of their vulnerability.
“They need to get a ‘friendly hacker’ who is not the criminal but behaves like one, to do an assessment of how vulnerable they are and then once they see the vulnerabilities they need to get the budget to close it down,” he advised.
Adapted From Barbados Today