Notorious hackers threatened Bermuda attack
International hacking group Anonymous threatened an attack on Bermuda and other offshore centres, it was revealed yesterday.
And Colin van den Bosch, senior vice-president and head of IT at Clarien Bank, told a conference on cybersecurity that Bermuda could be seen as a juicy target for hackers.
Mr Van den Bosch, part of a panel discussion on cybersecurity, said afterwards that Clarien’s virus protection and malware protection supplier had last year sent out a bulletin warning that Anonymous had threatened to target offshore banking centres around the world.
He added: “We saw some attempts, but it didn’t feel like an Anonymous attack and nobody broke the perimeter.”
Mr Van den Bosch added that the bank, as part of its own security system, regularly paid to have its system attacked by an outside source to check how staff responded.
He said: “Once a year, we actually have a third party come in and test us. Only two people in the organisation, me and the chief operating officer, know when that’s going to happen.”
The “hacker” uses phone phishing, e-mail phishing in a bid to extract information from the firm.
But Mr Van den Bosch said that heightened awareness — especially after well-publicised major attacks on major corporations — meant that staff were far more aware of potential threats than they used to be.
Mr Van den Bosch added: “Last year, they launched the phishing attack and within 15 minutes, I had three e-mails and two phone calls.
Mr Van den Bosch sat on a panel including Lloyd Holder, vice-president of IT services at the Bermuda Hospitals Board, and Janet Wilth, information security manager at US legal firm Dorsey & Whitney in Minnesota to discuss cybersecurity in healthcare, banking and finance, education and retail.
Mr Van den Bosch told the Hamilton Princess conference: “Having that defence in depth is vital. We have to detect it, we to contain it and we have to control it.
“If we don’t, we will find people running rampant on our networks and we don’t need that.”
He added that security had to be seen as a companywide responsibility with every staff member playing a part.
Mr Van den Bosch said: “Information security is not an IT problem and everybody has to realise that. Yes, I work in IT, but it’s everybody’s problem.”
Mr Holder said that keeping sensitive information held as part of medical records safe was a unique challenge in Bermuda due to the island’s small size and the fact there was only one hospital, so staff were retained longer than would the case elsewhere and often became used to particular working procedures.
Mr Holder added: “People tend to get comfortable doing things the way they have always done.”
And he said: “From a security perspective, we have to do a lot more work to raise the profile of the type of risk we are susceptible to.”
Mr Holder added: “For us, on a global scale, health records are a key area of focus.”
He said that, as well as medical information, records contained other personal data which could be used for fraud.
Mr Holder added: “People could use the healthcare space to get into someone’s pockets, essentially.”
He said that information is moving faster than ever before, with the transfer of information using mobile devices increasingly common, while individual doctors may not have the high levels of security the hospital has.
Mr Holder added: “We are looking very closely at trying to fill that gap right now.”