Barbadian companies are at risk of falling prey to large-scale cyber attacks similar to the one that interrupted computer systems across the globe last week, unless they take operational risk more seriously, a risk analyst has warned.
Regional Risk Assurance Leader for PricewaterhouseCoopers (PwC) Caribbean Region Network Bruce Scott today said he was not satisfied that firms in Barbados and the rest of the region were paying enough attention to assessing and mitigating such risks.
“I don’t think they are taking operational risks that seriously. Anything to do with money there is a little bit more formality around that,” Scott told Barbados TODAY on the sidelines of a PwC regional risk management seminar at the Radisson Aquatica Resort.
“I think operational risks, the stuff that have to do with your people and processes doesn’t get the attention as much as the banking and the liquidity and loan financing. A lot of focus is placed on financial risks, but where we struggle is in the operations. We tend to just accept that, ‘yeah a fraud is going to happen,’” he said.
A computer malware that struck on Friday quickly spread to 150 countries, holding an estimated 200,000 computers hostage by blocking access to files with the hackers, demanding a ransom in Bitcoin, an untraceable digital currency.
The cyber-attack, dubbed WannaCry, slowed down by Monday after a British cybersecurity researcher found and inadvertently activated a “kill switch” in the malicious ransomware software.
However, experts have warned that the hackers were likely to strike again after improving the malware to eliminate the kill switch.
Scott advised local and regional businesses to back up their data as a means of circumventing the ransomware, and to conduct diagnostic assessments of their vulnerability.
“They need to get a ‘friendly hacker’ who is not the criminal but behaves like one, to do an assessment of how vulnerable they are and then once they see the vulnerabilities they need to get the budget to close it down,” he advised.
“You have a response strategy and then you have a diagnostic to see where you are. The rest of it is just monitoring what you have put in place because you can’t stop these guys. This is what we call risk avoidance. You can’t go out of business just because you don’t want to be attacked. So you just accept that this is reality and you move towards your goals, but you manage your risks while you are still trying to make profits, and give your employees a good experience,” he explained.
Computer security firm Symantec estimated that the varieties of ransomware have more than trebled since 2014, while the US Federal Bureau of Investigation calculates that CryptoWall, a particularly nasty strain of ransomware, netted at least $18 million for hackers in 2015.
During the PwC’s Better Risk Management, Better Business Performance seminar, Scott shared insights and techniques to prepare businesses to mitigate risk, while encouraging participants to identify their objectives in order to adequately address risks to their operations.