Growth & Jobs | Invest to protect your network, data – cybersecurity analyst | News

Companies should invest in ethical hacking as part of their security life cycle for applications, systems, and network resources, says Jamaica National Group cybersecurity analyst Garfield Rodriquez.

Rodriquez says a company should invest in securing its network and systems as penetration testing, attestation, vulnerability and risk assessments, and patching all play a crucial role in the company’s cybersecurity life cycle and also in strengthening security controls.

“If there is a failure to have the proper systems, policies, training in place for company employees and not addressing vulnerabilities found, there is an increased possibility of a breach occurring, which may have significant financial loss, reputational damage for companies and customers, as well as the exposure of pertinent information or data, ”Rodriquez explained.

Ethical hacking is the process of an organization granting authorized network, application, and system access to a hacker (white hat) so that they can attempt to infiltrate them via vulnerabilities, penetration methods, and other evasive techniques. It is often confused with penetration testing (pen testing). Considering pen testing focuses on a specific area defined for testing, ethical hacking is more comprehensive, with pen testing being one of the functions.

The ultimate aim of utilizing an ethical hacker is to test all layers of the organization’s security framework from a system, application, network, and policy perspective. The ethical hacker also aims to show how resilient the organization’s cyber defenses are. Through these tests, the ethical hacker will be able to formulate a report, showing all vulnerabilities and recommendations to address said discovered vulnerabilities, which, in effect, will strengthen the technical-security controls and posture for the organization.

The cybersecurity analyst says that using ethical hackers to detect vulnerabilities in companies’ networks and application is a growing trend in the Caribbean as more companies have made significant investments in IT security. While he was not able to state a definitive number, he says that with cybercrimes expected to cost the world US $ 10.5 trillion annually by 2025, more Caribbean companies are taking the need to protect their networks more seriously.

“Caribbean companies have embraced the use of more digital and web-based technologies, so they are more exposed to IT security threats such as viruses, malware, ransomware, Trojan, adware, spyware, denial of service attacks, just to name a few, He said.

“There have been major system breaches over the past decade in the Caribbean,” he added. “The COVID pandemic has transformed the workforce to be working more remotely, so there is a greater risk for breaches to occur. As a result, companies have to ensure that systems, network resources and applications, customer facing and internal, are utilizing a patch management cycle to facilitate the updating and strengthening of security modules and to test that these security modules have been updated properly. An ethical hacker is key in this process. ”


In 2020, an Inter-America Development Bank (IDB) report titled Cybersecurity: Risks, Progress and the Way Forward in Latin America and the Caribbean revealed that there was marginal progress, or lack thereof, in the maturity level of two-thirds of LAC countries in terms of education, training, and development of skills in cybersecurity. The report added that in these countries, the offer of specialized training in digital security was non-existent or incipient, and where it did exist, usually only considered the technical dimension of cybersecurity. It added that cybercrimes in the region was the third greatest area of ​​concern especially as more organizations embraced work-from-home models.

Henry Osborne, technical product manager, the Jamaica National Group, explains that in an era where there are more people working from home and using company virtual protocol networks (VPN), ethical hacking was beneficial in preventing company data from being stolen.

“It is not uncommon to discover that a ransomware attack was successful because an employee clicked a link, opened an attachment, or inserted a drive they weren’t supposed to. An organization’s end users also have a role to play in protecting the data resources. Security-conscious organizations will ensure their employees receive cybersecurity-awareness training so they’re better able to identify the threats and not become an attack vector, ”Osborne stated.

Rodriquez added that ethical hacking would also help to find vulnerabilities, whether through accessing the systems, applications, and network resources through VPN for remote workers and also for all other instances of employees, third-party contractors and companies accessing systems, network resources and web -based applications.

Professor Sean Thorpe, head of the School of Computing and Information Technology at the University of Technology, Jamaica explained that companies should see investment in cybersecurity engineers as essential, especially in this digital age. However, he believes that the region can also benefit from training ethical hackers.

“The availability of specialized cybersecurity academy training courses through certified ethical hacker (CEH) qualifications has become more urgent. This may be completed by specialized long-term offerings in computing and network security degrees at both the undergraduate and graduate level, ”he said.

Rodriquez added that there also needs to be an emphasis on the importance of ethical hackers in addition to training.

“By educating the public that there is a tremendous need for ethical hackers on both a local and global level and establishing that an ethical hacker is as a viable career path, more companies would begin to see its value,” he explained.

“Also, more local IT training institutions could incorporate courses geared towards this certification … show the availability of ethical hacking training programs online such as Udemy, Infosec, Cybrary, just to name a few of the accredited IT security-training institutions, would help more Caribbean companies to invest more in training their employees in this area as well, especially since cybersecurity is an area of ​​concern for many, ”he stated.

Leave a Comment