Guarding the Digital Gates - Belize to Host First National Cybersecurity Symposium

BELIZE CITY, Belize—In response to a growing incidence of cyber-threats, Belize will host its first national cyber security symposium from April 24 to 27.

“We have observed a disturbing rise in threats to critical network infrastructure, corporate networks and personal data. These threats are growing more frequent, more sophisticated and more harmful each year,” said John Avery, Chairman of the Belize Public Utilities Commission (PUC), which is jointly organising the event with the Caribbean Network Operators Group (CaribNOG).

Read More

Belize launches Caribbean’s latest Internet Exchange Point

APRIL 28, 2016. BELIZE CITY—The Belize Public Utilities Commission announced that Belize’s first Internet exchange point, named BIXP, was successfully launched in Belize City on April 27 at the campus of the University of Belize.

The launch was the culmination of unprecedented collaboration between Belizean Internet Service Providers (ISPs) in the highly competitive local telecommunication sector. The Belize Public Utilities Commission, the national regulator, facilitated the process, with support from regional and international agencies.

Read More

Securing Your Business

5 Leading causes of computer security breaches and what can be done to defend your corporate networks

by Bevil Wooding

Security breaches involving computer networks have been making headlines with frightening regularity. Yet despite several high-profile stories about network hacks, distributed denial-of-service (DDoS) attacks and data theft, many businesses remain unprepared or improperly protected from today’s security threats.

Growing Threat

Each new technology seems to be escorted by a new security threat and no organization is immune. In fact, even though small- to midsized businesses (SMB) don't have the luxury of dedicated information security teams and resources that larger enterprises can afford, they still face many of the same threats.

The harsh reality is that network security threats are becoming increasingly sophisticated as computer hackers become better funded and better organized. This presents a real challenges for IT professionals and network administrators. A recent Trustwave State of Risk Report, which surveyed IT professionals about security weaknesses, found that a majority of businesses had no or only partial systems in place for controlling and tracking sensitive data.

Defending Corporate Networks

So, what can companies do to better protect themselves and their customers’, sensitive data from security threats?

The experts at the Caribbean Network Operators Group, CaribNOG, have been looking at the issue of network security and specifically at the threats to Caribbean networks. Following are the five of the most common sources, or causes, of security breaches and what businesses can, and should, do to protect against them.

Risk 1: Internal Vulnerabilities

“Internal attacks are one of the biggest threats facing corporate data and systems,” states Stephen Lee, CEO of ArkiTechs Inc., an IT services firm specializing in IT security audits. “Disgruntled or disaffected employees, especially IT officers with knowledge of and access to corporate networks and administrative accounts, can cause major damage, measured in dollars, lost trust and a tarnished brand,” Lee says.

Solution: Companies should implement the both the protocols and the infrastructure to track, log and record privileged account activity. This can allow for a quick response to malicious activity and mitigate potential damage early in the attack cycle. The foundation for this is the input from business and technology managers to ensure that these security controls are adequate relative to risk and business priorities. IT departments, as well, must constantly evaluate internal security measures and policies to identify any shortcomings that may be exposing the company to risk.

Risk 2: Mobile Devices

According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.

“More employees are using their mobile devices to access corporate systems, like email, file servers and virtual private networks.  Loss, theft or even hacking of these devices via malware or other Trojan software can present a significant threat to corporate networks,” says Steve Spence, Managing Director at Data Shield, a Trinidad-based network security firm.

Solution: Make sure you have a carefully spelled out mobile security policy. With a mobile device policy, an a Bring-Your-Own-Device (BYOD) policy in place, employees can be better sensitized about device expectations and organizations can better monitor email, documents and other digital assets that are being downloaded to company or employee-owned devices. Effective monitoring provides companies with greater visibility into mobile data-loss risks, and enables them to quickly address exposures if mobile devices are lost, stolen or compromised.

Risk 3: Unpatched Devices

“Network devices, such as routers, servers and printers employ software or firmware in their operation. Too often, updates and security patches are not implemented in a timely manner,” says Robin Ryan¸ Network Administrator at Teleios Systems. “This can leave security holes in your network that can be exploited by attackers to gain access to your data or control of critical processes.”

Solution: Institute a patch management program to ensure that devices, and software, are kept up to date at all times. More importantly, is enforce of a policy that whereby if a certain piece of equipment is not or cannot be updated or patched within a certain amount of time, it is taken offline.

Risk 4: Cloud Applications

“As cloud computing becomes more ubiquitous in the business setting, corporate decision makers and IT professionals must take deliberate steps to become more sensitive to the real risks of cloud computing security,” according to Brent McIntosh, Network Specialist Data at Cable and Wireless and a peering coordinator at the Grenada Internet Exchange Point.

There are several cloud-related risks organizations are exposed to, including data loss, data leakage and account hijacking. The prospect of seeing your organization’s valuable data disappear into the ether is real. Cloud computing also creates the real possibility of an attacker gains access to administrative credentials, which they can use to eavesdrop on activities and transactions, pilfer intellectual property, manipulate data or even redirect your users to illegitimate sites.

Solution: It is imperative that organizations identify precisely where the greatest cloud-related threats lie, and take decisive steps to mitigate against it. One of the best defenses against a cloud-based threat is to using strong encryption to prevent unauthorized third parties from accessing the data in the cloud.

Risk 5: Careless or Uninformed Users

“An absent minded worker who forgets his unlocked smartphone in a restaurant is as dangerous as a disgruntled user who maliciously leaks corporate information or sabotages computer systems,” says Clair Craig, Enterprise Applications Support Manager at the University of the West Indies. “Employees who are not trained in or constantly sensitized to security best practices pose an enormous security threat to their employers’ systems and data,” Craig added.

Using weak passwords, visiting unauthorized websites, clicking on links in suspicious emails or opening malicious email attachments are some of the common actions of careless or uninformed users.

Solution: “Training, education and supporting policy are key to sensitizing employees on cyber security best practices and changing default behavior. Some employees simply may not know how to protect themselves online, which can put your business at risk, Craig explained.

Regular training sessions can go a long way to helping employees learn how to serve as main line of defense against corporate threats.  Basic action like managing strong passwords and avoiding hacks like phishing and email related scams help keep corporate networks secure. Organizations should also provide ongoing support to make sure employees have the resources they need.

Bevil Wooding is a founding member of the Caribbean Network Operators Group, CaribNOG (www.caribnog.org), a volunteer-based group of Caribbean IT professionals, security specialists and network administrators. He is also an Internet Strategist with Packet Clearing House (www.pch.net) an international research and capacity building non-profit organization. Follow on Twitter: @bevilwooding

Barbados to Host Inaugural Caribbean Interconnection and Peering Forum

Expanding the Caribbean Internet

Barbados to Host Inaugural Caribbean Interconnection and Peering Forum

By Bevil Wooding 

Some significant changes have been taking place in the hidden architecture of the Caribbean internet over the past few years. The seeds of change are evident in developments ranging from the proliferation of Internet exchange points, a critical piece of Internet infrastructure that facilitates more efficient and secure internet traffic routing; to rollout of mobile broadband infrastructure, expanding the reach and speed to internet connectivity to hundreds of thousands of consumers across the region.

Access to broadband Internet services never been as ubiquitous, or as affordable. Internet speeds have also steadily increased, giving users access to new applications and new opportunities. Yet, for all the progress, there is still work to be done. The international content users seek has to be brought closer to home and more local content has to find its way onto the global Internet. How can this be effected? That’s where the local IXPs come in.

Role of the Local IXs

The over 400 Internet exchange points (IXPs) that exist around the world, serve as a catalyst to enrich a country’s Internet ecosystem. At the technical level, Internet exchange points are about improving security, speed and network resilience. From a development standpoint, however, local IXPs are about creating new incentives for local business and entrepreneurs to delivering new local services for the benefit of local Internet users, and develop the domestic Internet economy.

IXPs also attract content providers, such as Netflix, Akamai, Yahoo! and Google with the promise of a convenient and low cost point from which they can connect to multiple ISP networks.  Several of the young Caribbean exchanges are already benefitting from this. By connecting their servers to a local IXP, content providers can move their content shorter distances to get to customers. Likewise, ISPs connected to the IXP also have a shorter distance to connect to the content their customers crave. In the networking business, shorter is cheaper. Therefore, the closer content providers can deliver content to ISP customers and the closer ISPs are to the content their customers want, the more cost-effective it is for everyone.

The Power of a Handshake

Parties that interconnect at an IXP are called “peers” and their peering relationships are vital to the functioning of the global internet. But these peering relationships do not happen automatically. Realizing the larger economic and societal benefits of exchange points requires deliberate effort, clear strategy and ever-expanding peering connections to new content and new networks.

According to Internet Traffic Exchange: Market Developments and Policy Challenges an OECD report on Internet traffic exchange, most of the thousands of networks that exchange this traffic do so without a written contract or formal agreement.

In a blog post on the findings of the report, Rudolf Van der Berg of the Organisation for Economic Co-operation and Development (OECD)’s Science, Technology and Industry Directorate wrote:

“The report provides evidence that the existing Internet model works extremely well, has boosted growth and competition and brought prices for data down to 100,000 times less than that of a voice minute. A survey of 4300 networks, representing 140,000 direct exchanges of traffic, so called peerings, on the Internet, found that 99.5% of “peering agreements” were on a handshake basis, with no written contract and the exchange of data happening with no money changing hands.”

Van De Berg’s post went on to explain, “These peering agreements save both parties money and improve quality for their users at the same time. The alternative is to pay third parties, so-called transit providers, which still remains necessary to reach all networks. Paying for transit currently costs between $2 and $150 per Mbit/s per month, depending on country and competition, irrespective of whether a network sends or receives it.”

A generally accepted way of facilitating these handshake agreements is via special peering forums. Peering forums are essentially networking events to encourage interconnection among networks, content, cloud, and digital media organizations and related entities. At these events network operators and content providers get together to hammer out deals and build and cement relationships that underpin the growth interconnectivity and resilience of the global Internet.

Caribbean Peering Forum

The Caribbean will be having its first such forum, dubbed the Caribbean Peering and Interconnection Forum (CarPIF), from 27 – 28 May 2015. Designed as a multi-stakeholder forum, CarPIF is expected to see participation from high-level industry stakeholders, including: infrastructure providers, Service Providers, IXPs, governments and regulators.

The event is being hosted by the Caribbean Telecommunications Union (CTU) and the Caribbean Network Operators Group (CaribNOG), in conjunction with Packet Clearing House (PCH) and the Internet Society (ISOC). These organizations have all been at the forefront of promoting development of the Internet in the Caribbean.

“CarPIF will provide participants with regional as well as global insights on how the Caribbean can maximize the opportunities that can be derived for greater interconnection and peering,” said Ms. Bernadette, Secretary General of the CTU.

Shernon Osepa, ISOC Regional Coordinator and a co-organizer of the event shared, “CPIF will address key interconnection challenges and opportunities, including: national and cross-border interconnection possibilities; strategies for encouraging and increasing local digital content development; and opportunities for content delivery network operators in the Caribbean.”

Positive Sign

The staging of a Caribbean peering event is definitely a positive sign that networks in the region are on a good development path. With each new local IXP, individual nations get a more robust, more secure and more economical domestic Internet.

The result is greater opportunity for intra-regional Internet traffic exchange, greater incentive for hosting Caribbean content within the region and greater likelihood of attracting international content providers and incenting them to stage their content within the region. Altogether, this is better for consumers and businesses, better for spurring new enterprise, and better for strengthening the Caribbean Internet economy.

Bevil Wooding is the an Internet Strategist with US-based research firm Packet Clearing House and the founder and Executive Director of BrightPath Foundation, an technology education non-profit organization. Reach him on Twitter @bevilwooding or on facebook.com/bevilwooding or contact via email at technologymatters@brightpathfoundation.org. 

Telecom infrastructure upgrades key to regional development—experts

Creating Caribbean futures

Why data infrastructure upgrades are the next step in regional evolution

Many Caribbean livelihoods are made and lost around seasonal fluctuations in foreigners’ travel. For much of the region, tourism, an all-too-inefficient form of intraregional human traffic, is economic lifeblood. But for one group of Caribbean islands, a different kind of traffic is generating a new model for intraregional economic partnership.

Read More

Experts join heads on Caribbean cyber security

Cyber security topped the agenda as 60 technology professionals from 13 countries gathered in Curacao for the second day of a major regional technology conference.

The meeting is the eighth gathering of the Caribbean Network Operators Group (CaribNOG) and the sixth in a series of Caribbean meetings hosted by the Latin American and Caribbean Internet Addresses Registry (LACNIC).

The choice of venue for discussions about Internet security seemed fitting. Curacao is an exceptional Caribbean island, in that its critical Internet infrastructure development allows it to offer data centre services to a global market.

Read More

Partnering for greater good at CaribNOG 8-LACNIC Caribbean 6

Dozens of technology professionals from across Latin America and the Caribbean are gathered in Curacao for one of the most highly anticipated gatherings of the region’s technology community.
 
The opening day of the event attracted over 50 attendees.  And more are expected to participate in Day Two, which is dedicated to covering issues related to cyber security in the region.
 
The week will cover a range of other technology topics including Internet exchange points, cloud computing, mobile broadband and other critical Internet infrastructure. 

Read More

Tech heavyweights networking for Caribbean development at CaribNOG 8-LACNIC Caribbean 6

Caribbean people have an appetite for technology that rivals any other region of the world. But who is working behind the scenes to maintain and upgrade the Internet-based services on which we’ve come to depend?
 
On September 29, the answer to that question was to be found in Curacao, at one of the most highly anticipated gatherings of the region’s technology community.

Read More

Manufacturing Internet Bandwidth

ow IXP Proliferation Strengthens the Domestic Internet Economy

The complex arrangements that have evolved to support the flow of traffic on the Internet remain a mystery to many. At the center is a simple facility, with a very significant role – the Internet exchange point – the bandwidth factory of the Internet and a cornerstone in the foundation of the Internet economy. Those countries coming into an understanding of this foundation are the ones positioning themselves to take advantage of it. Such countries are also the ones with the best chance of securing their digital future.

Read More