Dangers cyber threats pose

A cyber-security incident can destroy a profitable company in less than 24 hours. Deloitte PNG information technology and cyber security specialist ALBERTO CIMAS has seen companies in PNG being hit by ransomware or hacking attacks and losing all their data, including their backups. Cimas discussed with Business reporter PETER ESILA about the latest software, technology and methods to combat this threat

Question: What is cyber-security?
Cimas: In my opinion, cyber-security is the environment and practices we put in place to protect individual or company data, cash and reputation.
Nowadays, this word has a very broad meaning.
If you read the reports from national security agencies around the world, there is a common agreement in the fact that “the World War 3 has already started and it is being fought with non-conventional weapons in cyberspace”.
The one who manages to control cyberspace, will control the worldwide trade markets, the world currencies, the political will of the world and even the minds and the way people think.
PNG, as a sovereign nation, should control its cyber-space ensuring full autonomy as a country as well as full freedom for its citizens.
Nowadays, many people in PNG read newspapers or hear words on television such as “cyber-security”, “big data”, “artificial intelligence”, but few of them have seen with their own eyes what these words mean.
This needs to change.

In the news, a powerful economy, such as the United States, is facing a crisis around big tech and data confidentiality, does that affect PNG in any way?
In the US, there is a big debate now around big techs and data confidentiality which affects PNG in a straight way.
When PNG citizens use Facebook, Twitter or US-grown phone applications, they are giving away very valuable personal and confidential data.
US companies can later sell that data or use it to their own advantage.
If PNG citizens knew how much data and what data exactly they share when they use Facebook or other apps, they would think twice before using these apps or opening an account on their websites.
In fact it is a big scandal and all media in the West is currently talking about this current issue.
The companies that play “dirty” with our personal data include Google, Amazon, Twitter, Apple, Microsoft and Facebook, just to name a few.

How would you rate the PNG public sector’s approach to cyber-security compared to the private sector, have you assisted some Government offices too?
Yes, I’ve worked for some Government agencies.
The private sector is well ahead of the public (Government) sector in terms of technology and in terms of cyber-security.
Dramatic hacking attacks are more common in the public sector than in the private sector.
The problem is, it is very hard to find people with good IT and cyber-security skills in PNG.
Government or companies cannot be blamed for this.
This is a big issue and it does not have an easy way to fix this.
I must also say that the PNG Government is currently moving into a more digital type of public service.
In the future, citizens will not need to go to government offices to fill forms, liaise with government officials, obtain licenses, etc.
Citizens will be able to do this online.
I hope by then, the PNG Government has enough cyber-security mechanisms in place to protect the identity and privacy of its citizens.
I am currently involved in a few initiatives in this regard and I must say that the PNG Government is aware of the current importance of cyber-security, and although slowly, the Government is firmly moving in the right direction.

There are many links being forwarded in WhatsApp messages and computers, is it safe to click on those links?
If these links are sent by a person or source you don’t trust or you don’t recognise, don’t open them.
Don’t forget that mobile phones are little powerful computers that fit in your pocket.
They are powerful computers.
Hackers, nowadays, are targeting mobile phones, rather than computers because they know that there are more phone users out there, than computer users.
Hacking a mobile phone will usually give you greater “rewards”.

Are there any hackers in PNG, or how do you identify them?
In PNG, I have met some people who are interested in hacking.
They are not criminals, they are just passionate about computers.
Hackers are good people, people who enjoy programming, computers and everything about technology.
Criminals are a completely different type of people; they are ruthless people who use their knowledge of technologies to commit serious crimes.
Thank God, in PNG, we don’t have such criminals at the moment.

What are some of the latest cyber threats/issues that PNG companies are dealing with?
During 2020, we saw a dramatic increase in the number of hacking attacks in PNG.
Hacking attacks were of two very different types:

• RANSOMWARE attacks that are indiscriminate and target absolutely every computer user.
  These attacks are usually performed via spam e-mails the sort of “you won the lottery and if you click this link / you open this attachment, we will pay you the prize…”
  In PNG, most computer or phone users are not aware of cyber-security risks and how hackers operate, and they easily fall victim to these attacks.
  Things can get worse when you fall victim of these attacks using your company computer, because the ransomware will infect other computers and devices in your company’s network, creating ultimately a huge disaster.
  As a cyber-security specialist in PNG, I have witnessed some of these attacks and I’ve helped many companies recover from such attacks. In some cases, the results of these attacks have been absolutely disastrous; and,
• TARGETED attacks that target only a single and specific individual or company.
  These type of attacks are roughly about 10 per cent of the hacking attacks we see in PNG.

They are not very common but they are very dangerous because there is a real criminal group behind the attack, and a real and strong motivation (eg cash, confidential data, reputational damage, etc).
We have seen a few of these attacks last year and this is extremely serious because it means that PNG is not an isolated and “forgotten” country in terms of cyber-security, but we are now on the spotlight of cyber-criminals.
This should be taken very seriously.

With efforts to make internet cheap and move towards digitalisation, what is the pace now in PNG?
Digitisation can take many forms, depending on the nature of your organisation.
In general, we are now seeing an increasing interest in moving to digital platforms as a way to achieve efficiencies, become more automated, achieve time savings, reduce the use and cost of paper and provide better and faster customer care.
The level of digitisation in PNG is decades behind the digitisation achieved in places such as Europe, US or Australia; however, this has two positive consequences or advantages for PNG:

• PNG can learn from other developed places such as Europe or the US, and avoid committing the huge mistakes they committed when they were digitising their economies.
  This will make the path towards digitisation of PNG cheaper and straight; and,
• GIVEN the low and immature starting point of PNG, in terms of digitisation, any small digital initiative or improvement, will have a huge positive effect.

Achieving good return on investment out of digitisation initiatives is easier for countries such as PNG.
I encourage all companies in the public and private sector, to take small steps towards digitisation.

What are some of the risks of digitalisation that companies should be aware?
There are many risks and many of them will depend on the sector or industry of each company.
If we look at what is happening around the world, countries and companies are generally worried about three types of risks:

• CYBER-SECURITY risk which we have already briefly described;
• DATA RISK: how are companies going to use customer, employee and client data without compromising their privacy? How are they going to keep confidential data safe and secured? How is that confidential data going to be used?; and,
• FINALLY, companies are worried about the risk of failure in their digitisation processes.

Moving from manual paper-based processes to digital automated processes, requires skills, technology, proper planning and money to invest.
If you don’t have these three, you are at risk of wasting time and money during your digitisation journey and that is hard to recover later.

Final comments?
Cyber-security is high in the agenda of most companies in PNG right now.
Deloitte can help companies improving their cyber-security strategies, setup, configurations and also to recover from hacking attacks.
We also provide training and many highly technical services around cyber-security in PNG.
I’ve been in the country for more than eight years and I know the cyber-security challenges faced in the country very well.
I also have a team of PNG nationals whom I personally train in this skill.
I will be happy to assist any company willing to improve its cyber-resiliency.