In the last year there has been a significant increase in the number of cyber related criminal activity in the Caribbean. In recent days the unauthorized changes made to a key regional tourism website represents yet another troubling component of the growing cyber threat we face called “website defacements”.
Website defacement is a type of cyber-attack where a hacker makes unauthorized changes the content of a website that is offensive, embarrassing, or destructive in nature. When hackers make unauthorized changes to the websites of Caribbean businesses, governments and organizations that alter their content, or appearance it is considered by many as a type of corporate sabotage that can cause severe reputational damage, lower customer confident, or adversely impact revenues. Unfortunately this reality makes any Caribbean business, government or organization with a website vulnerable to website defacement, however something can be done about it.
To carry out website defacements hackers often use one of the oldest and most common cyber-attack methods called the SQL injection technique. This proven cyber-attack method used by hackers enables them to gain unauthorized administrative access to a website or in some cases the host network. Website defacers will often post negative messages or content to the website administrator, business, government or organization.
In additional to the fact that website defacements can cause significant public embarrassment to an organization when their website is defaced, they can also be a gateway for greater unauthorized access and compromise of a system/network, or lead to data losses depending on the business function of the website. For example a website that is defaced that has online payment processing capabilities may loss significant customer confident causing them to be reluctant to use the online capabilities due to security concerns, as a result a loss of online revenue could occur.
The Caribbean Cyber Security Center (CCSC) believes that the best way for Caribbean businesses, organizations and government to prevent website defacements is to have their websites tested for website application and hosting platform vulnerabilities and threats a hacker can exploit, and fix all identified issues by severity as soon as possible. CCSC also urges the region to utilize local and trusted ICT resources to conduct the recommended website testing as far too often we are outsourcing our IT security support needs to sources in Canada, the U.K, or the U.S for no good reason, which often cost us more. Additionally we as a region can’t just pay lip service to ICT development in critical areas like Cyber Security, and then outsource our IT\Cyber security support needs to ICT companies abroad with the IT\Cyber security talent and expertise right within our shores.
We at the CCSC believe strongly that cultivating local and regional IT\Cyber security talent and expertise to conduct routine website security testing and a ranges of other IT security support services, will be critical to sustaining the regional fight against the evolving cyber threat in a cost effective manner. Ironically in most cases the fixes for website security weaknesses or vulnerabilities identified are free but you can’t fix what you don’t know, hence the importance of getting your website tested. If you need guidance on how to get your website tested by regional IT\Cyber security resources you can contact the Caribbean Cyber Security Center for guidance at 1-246-232-9009.
As we become more dependent of the internet and ICT generally as an economic development driver, it is critical that Caribbean businesses, organizations and governments budget to have their website’s independently tested at least “twice” a year. A small investment in having your website tested and identified issues fixed has been proven worldwide to be significantly less than the reputational damage, and loss in customer confidence that can occur as the result of a defaced website.