Cyber Security Workshop

British Virgin Islands

Building for the Future:
Strengthening Caribbean
Businesses against Cyber
Attacks

David Wright
Manager, Cyber Security, Symptai
CISM, CISSP, CISA, CIPM

Agenda
Threat Actors Regional Use Cases Mitigating Risks

Statistics, Patterns & Trends Vulnerabilities Cyber Security Services

Security Scenarios Penetration Testing Demo Conclusion

 About 25+ 60+ 22+ 400+
Symptai
Years in Business The Team Countries Served Clients Served

CORE VALUES

CANDOR

INTEGRITY

CURIOSITY

EXTRAORDINARY PEOPLE

EXCEPTIONAL RESULTS

CISA: Certified Information Systems Auditor
CGEIT: Certified in the Governance of Enterprise IT
CISM: Certified Information Security Manager
CRISC: Certified in Risk and Information Systems Controls
CSXP: Cybersecurity Practitioner
CDPSE: Certified Data Privacy Solutions Engineer
CIPM: Certified Information Privacy Manager
CIPT: Certified Information Privacy Technologist
CIPP/E: Certified Information Privacy Professional
PCIP: Payment Card Industry Professional
PCI-QSA: PCI Qualified Security Assessor
Certifications & Affiliations
eWPT: Web application Penetration Tester
eJPT: Junior Penetration Tester
eMAPT: Mobile Application Penetration Tester
OSCP: Offensive Security Certified Professional
OSWP: Offensive Security Wireless Professional
ITIL Foundation
Scrum Master Certified
CISSP: Certified Information Systems Security Professional
ISSAP: Information Systems Security Architecture Professional
CSSLP: Certified Secure Software Lifecycle Professional
CCSP: Certified Cloud Security Professional
CEH: Certified Ethical Hacker
CCISO: Certified Chief Information Security Officer
CHFI: Computer Hacking Forensic Investigator
ECSA: Certified Security Analyst
CND: Certified Network Defender
SMC: Scrum Master Certified
SPOC: Scrum Product Owner Certified
A+
Server+
Security+
PenTest+
Linux+
Network +
Project+
MCSA: Microsoft Certified Solutions Associate
CySA+: Cybersecurity Analyst
MS-100: Microsoft 365 Identity and Services
CASP+: CompTIA Advanced Security
Practitioner AZ-500: Microsoft Azure Security Technologies
AZ-900: Microsoft Azure Fundamentals
AZ-104: Microsoft Azure Administrator
AZ-400: Designing and Implementing Microsoft DevOps
CCNA: Cisco Certified Network Associate
CCNP: Cisco Certified Network Practitioner
PMP: PMI Project Professional
PMI Agile Certified Practitioner
Some Questions to
Ask Yourself

What are the services that are critical to your

operations?
Can your key services be offered remotely?
(e.g., Cloud, VPN, Terminal Services, etc.)
Do you have a mobile device policy? (e.g.,
BYOD)
Have you adopted a cyber security
framework?
Do you have strong patch management
controls?
When was your last vulnerability
 Find the Hacker

A B C D E
7
 Threat Actors

Malicious
Nation State Employees
individuals

Contractors Neighbors Customers

IT
Friend Children
Professionals
 10
Source: FBI Archives
Inside the Mind of a Hacker
 Steps in a Ransomware Attack

Source: TRUESEC Threat Intelligence Report

 In 2022, 80% of
cyberattacks leveraged
identity-based techniques to
compromise legitimate
credentials and evade
detection.

Source: 2023 CrowdStrike 2023 Global Threat Report

Source: 2023 CrowdStrike 2023 Global Threat Report
Source: 2023 CrowdStrike 2023 Global Threat Report
17
18
19
20
21
 Regional Findings

Source: Verizon Data Breach Investigation Report 2023

 Symptai Cyber Review Findings
Top 3 exploits against our clients.

42 %
Improperly Configured Devices
and Systems
16%
Ineffective Patch Management
Controls
11%
Insufficient
Cryptography

Caribbean Cyber attack

attempts in 2022

360+ Billion

IPS

Source: 200 Cyber Security Assessment conducted by Symptai Consulting (2020 – 2022)
Source: FortiGuard Caribbean Spotlight 2022
Vulnerability on the Dark Web …select Caribbean Islands

British Virgin Islands

IP/Assets Available: 32,636
IP/Assets with a vulnerability: 1,588
Top 10 Vulnerabilities in BVI
Vulnerability available on
the Dark Web for BVI
Source: https://www.fortiguard.com/threat-research
Source: https://www.fortiguard.com/threat-research
Source: https://www.fortiguard.com/threat-research
Source: 2023 CrowdStrike 2023 Global Threat Report
When is Cybersecurity brought Into New Business Initiative?

Times cheaper when

6x security is addressed at
design vs
implementation

Times more expensive

15x when security issues are

addressed at testing
A B A B A B A B

Source: NIST, 1 IBM Systems Institute

 Average cost and frequency of data breaches
USD millions
Measured in

Source: IBM Cost of a Data Breach Report 2022

 Passwords
93% of the passwords used in brute force attacks include 8 or
more characters
54% of organizations do not have a tool to manage work
passwords
48% of organizations do not have user verification in place for
calls to the IT service desk
41% of passwords used in real attacks are 12 characters or
longer

Source: Specops Software Weak Password Report 2022

37
Demo - Pen Testing

Application Security
Testing Tool

Inspecting application
requests and response

Directory enumeration

Exploiting a software
vulnerability
 Image Placeholder

Image Placeholder
Mitigating the Risks

Strong Two-factor Security Backup Update Email Enable

Passwords Authentication Awareness hygiene Security
(2FA) Training Tools

GET CYBER TESTED

40
Mitigating the Risks

Access Continuously Incident Minimise Encrypted Lock out

Controls monitor Response attack communication Notifications policy
network traffic Plan surface

GET CYBER TESTED

Cybersecurity Service
Breach & Threat Detection
Detect and inform when breaches occur immediately

Endpoint Protection
Enforce policy on mass amounts of devices

SIEM & SOC

Industry specialists Alerting and Protecting 24/7

Managed Firewall
For Specific Sections of your network that need extra
protection

Penetration Testing
Check your Infrastructure regularly for backdoors or
vulnerabilities

Vulnerability Assessment
Find out in advance where you are prone

Resource Cyber Training

Train your people to identify and avoid malicious attacks
Presenter: Rory Ebanks

We all have a role

to play in Users are The key to
Cybersecurity ultimately protecting
responsible! yourself is
being aware!
Questions & Answers
THANK YOU