Watch out: hackers are upping their game
Hackers are upping their game and many organisations are not even aware of serious holes in their own network defences.
That is the warning from Hari Acharya, chief operating officer of Canadian firm PomeGran, which is partnering with start-up CryptoScan Bermuda to offer a new cybersecurity service in Bermuda and across the Caribbean.
Mr Acharya said hackers were using artificial intelligence to ramp up their abilities to access data to use for identity fraud, blackmail, theft of money or to break into systems to cause disruption.
Cryptography is the foundation of digital security and any weaknesses in a network's cryptographic architecture present opportunities for hackers.
“Everyone has some sort of encryption in their infrastructure, but people don't take a look at it on a regular basis,” Mr Acharya said in an interview when visiting the island for the launch of CryptoScan last week.
“It might be software, PKI [public key infrastructure] certificates that have been there for many years, certificates that may have expired or that may not be valid — that's the prime way hackers can get through to the network and your data.”
Breaches like that involving international hotel chain Marriott — in which more than 500 million records were released — grab the headlines. But many more cyberattacks impact small businesses.
Almost half of US small businesses suffered a cyberattack within the past 12 months, a report last year by Bermudian insurer Hiscox found.
Coral Wells, director of CryptoScan, said cybersecurity was even more critical for Bermuda at this time, given the Government's efforts to establish the island as a fintech and digital asset business centre. That was one of the reasons she decided to join forces with PomeGran to launch the company.
“I know where Bermuda's going with fintech, blockchain and the digital age,” Ms Wells said.
“Going down this technology path, we need to make sure we're all protected. It's imperative that the companies here are protecting themselves.”
Mr Acharya said that identity theft was at the root of much of the fraud being perpetrated these days.
“Using details from social media, people can mimic others to get loans, for example. Once someone's personal information has been exposed, you don't know where it's going to end up.
“I know people whose identities were stolen and there were mortgages taken out for hundreds of thousands of dollars, based on their credit histories.
“They only found out when they tried to get a loan from a bank.”
With hackers constantly improving their abilities to break in, cyber defences will need to keep evolving. Quantum computers would be able to crack all forms of cryptography known today — something that would become a significant security issue during the next five to seven years, Mr Acharya said.
Despite the financial and reputational risks of data breaches, enterprises generally are not doing enough to ensure their security, Mr Acharya said.
“We're in 28 customer engagements across North America right now — and we find that cryptography is something people don't really think about,” he said.
“Many companies do assessments based on policies and procedures, which are very important, but not enough. The challenge is they are subjective tests of where your infrastructure is today, not objective.
“People are filling in questionnaires under pressure from their managers, without the expertise to do it accurately. That's where we come in.”
CryptoScan's service will analyse organisations' cryptographic assets objectively, report vulnerabilities and flag up expiring certificates.
The company says its service will reduce the risk of data and network breaches and cut costs by automating complex cryptographic assessment processes and replacing lengthy manual reviews.
The service will also help organisations to comply with rapidly increasing data protection obligations, including the EU's General Data Protection Regulation, Payment Services Directive and Bermuda's Personal Information Protection Act.
Kalai Kalaichelvan, PomeGran's chief architect, said the island's digital ambitions made it the obvious place to base the new company, while aiming to service the Caribbean region.
“Our vision for CryptoScan is to make Bermuda a centre of excellence for cryptography scanning,” Dr Kalaichelvan said. “Bermuda is moving towards advanced technology industries, so if we make CryptoScan Bermuda the centre of it, it can benefit the region.
“We're extremely impressed with what Premier Burt is doing, with regards to digitising everything and putting Bermuda on the map. It's a great leap forward for the region and we're very supportive of that vision for the country.”
Ms Wells expects the company to expand in the coming years and build up a workforce.
“It would be great to hire some local staff,” Ms Wells said. “How many depend on how well the business takes off.”
As the owner of ConnecTech, based in Cedar Avenue, Hamilton, a company that provides technology training for young people and businesses, she sees job creation potential in the technology field.
“We see the need for more people in the cybersecurity industry,” Ms Wells said. “I'm really big on making sure that we get young Bermudians trained in the different areas of technology and the biggest thing we see coming down the path from a career standpoint is cybersecurity.”