One disgruntled employee can take down any government, says security specialist from Sint Maarten
“The Internet is in a state of crisis” and most regional governments are not prepared to deal with it, says Network Security Specialist Gregory Richardson.
Richardson, who is CEO of Secure Tech International St. Maarten and 1337 (Leet) Networks Inc. in North Carolina, was one of the presenters at the 8th Caribbean Telecommunications Union (CTU) Caribbean Ministerial ICT Strategic Seminar which took place in Trinidad on Tuesday.
His presentation “Response to the WikiLeaks Dilemma: Security and Trust” looked at the lessons which Caribbean governments and corporations must learn from the WikiLeaks Saga, where thousands of confidential files from governments around the world were exposed on line.
The specialist who identifies himself as an ethical hacker says just “like a woman in labor, it is evident from the sheer frequency of the occurrences of penetrations and other network violations, that we [the Caribbean] are on the brink of something huge.”
He said the Trinidad & Tobago government had over 400 documents leaked with 82 rated confidential and two secret. Richardson added that an advisor to the new Prime Minister of St. Maarten had his e-mail compromised thereby exposing (currently on the web) 100’s if not 1000’s of damaging e-mails.
“In this day and age a government official has no business using a free e-mail service for the people’s business. The security risks are simply too big. People need to keep in mind that e-mail is like a postcard, anyone can simply turn it over and read the contents,” the techpreneur told the gathering of government officials and others in the ICT industry.
“Now more than ever, the WikiLeaks dilemma proves that the biggest security risk on any network comes from the users on the inside. One disgruntled employee is all it takes to bring a government down,” he cautioned.
Richardson believes governments must move quickly to enact proper legislation that addresses the present network security and privacy issues that the region is facing. “One, we need laws that require banks, insurance companies and health care providers at the very least to report when they experience a security breach. And two, we need laws now that make it punishable to violate a network in the similar manner as it is illegal to break and enter physical property.”
He advised that governments and large corporations should be more discerning of the security vendors they employ, adding that regional resources must be improved and better utilized.
The techpreneur said all relationships should be built on trust, both internal and external. “Internally, a single disgruntled staffer is a very large risk, and controls need to be implemented to mitigate their possible impact and monitor if and when a security violation occurs. Externally, you need an on-going relationship based on trust and a strong contract with your security provider.”
He concluded by stating that we need to strive for purposeful excellence, desiring integrity and security for the region’s networks. “This will only occur by determined planning and implementation.”