Problems in the management of email servers, use of unauthorized proxies to connect to the Internet, outdated antivirus in state enterprises and agencies, as well as the lack of proper application of security controls and users' minimum knowledge when using different technologies, are just some of the most frequently reported difficulties in terms of computer security in Cuba.
Cuba is not impervious to malware that circulates in the virtual world, causing damage to computers, applications, and operating systems. Although there is no significant impact stemming from ransomware (a type of malicious software that hijacks information until a ransom is paid), through October, the Computer Networks Security Office (OSRI) had reported more than 600 incidents relating to cybersecurity. The data was announced by Miguel Gutiérrez Rodríguez, OSRI director general, on the occasion of the recent National Meeting on Information and Communications Technology Security.
Speaking to Granma International, Gutiérrez noted that other threats detected were related to the vulnerabilities of Cuban websites and configuration errors. He also explained that there are cases of malicious codes that are introduced into a network to hijack machines and electronic devices to assault third parties, scan information or read files.
This is not a widespread issue, but it does occur. Whenever such an incident has been reported, immediate steps have been taken to minimize the damage and the OSRI also plays an important role in this as part of the country’s cybersecurity system, he added.
Attached to the Ministry of Communications (Mincom), the OSRI has a cyber incidents response team that works in different ways. As its director explained, one of these is the management of the incident itself.
Having implemented a cybersecurity management system, when events are detected in data traffic, the OSRI issues a notification to the affected entity to contain the problem, since an incident of this type, supported by interconnected computer networks, has every possibility of escalating. The next step is to investigate, to clarify what happened.
“Likewise, we implement measures to detect vulnerabilities (through ethical hacking techniques). The idea is that, before a malicious user enters the network and detects the gaps in the system, we will do so. Meanwhile, there is a third process of control and supervision to ensure compliance with the rules and regulations that exist on ICT security,” Gutiérrez outlined.
In this regard, he added, the most complete regulations are found in Mincom Resolution 127, which although implemented in 2007, has a broad scope, since it was designed based on international standards for good practice. In fact, Gutiérrez noted, more than 95% of cybernetic incidents that occur today in the country can be classified based on this resolution, even when organizations and companies do not always comply with all its postulates.
However, he acknowledged, the Ministry is working to create a regulatory framework around ICT security, since a resolution is not enough, and must include other processes related to the computerization policy underway in Cuba.
USERS... THE WEAKEST LINK
Although new malware versions constantly emerge as hackers perfect the mechanisms to steal information, encrypt files, or prevent the correct functioning of a certain operating system, there are also other conditions of a more human nature that must be taken into account.
Ensuring strong passwords to authenticate access to data, not responding to emails that request personal information, or downloading files from unknown sources, are primary measures that every user should be aware of, even before connecting. However, very few think about security when surfing the web, let alone consider the dangers of entering websites that promote the free download of video games and movies.
At the least, these are scams, but they can also act as a facade for the user to participate, unwittingly, in malicious activity.
According to the OSRI director, the solution to cybersecurity problems is based, fundamentally, on the awareness and risk perception of all those who use ICTs.
It is not possible to foresee growth in computerization and access to the Internet, without taking into account that the more connected we are, the greater the possibilities of cyber attacks.
It is often the case that users are not adequately informed about the norms and their responsibilities in the use of technological resources in their workplaces, or access is authorized without knowing or controlling what these will be used for, Gutiérrez added.
Controls and other security mechanisms derived from Resolution 127/2007 should also be implemented within each entity, subject to the specific character of each enterprise.
Likewise, risk analyzes must be carried out to identify the threats posed to the most important programs and software and ensure their protection, as well as the equipment to respond to eventualities such as fires, earthquakes, floods, and faults in the power system.
Antivirus and anti-spam solutions, and malicious url analysis, as well as the updating of security patches, are measures that act as the first barrier to any problem in the network, Gutiérrez explained.
Means of responding to cases of individuals and possible violations of the norms must be organized, especially as the country is offering increasing accessibility and computerization projects, such as Nauta Hogar, which extends Internet access to Cubans homes.
Alongside these processes, we must also create awareness of security in the population and this task must start from an early age, since it is the youngest who most access new technologies and are largely unaware of how the web works and the dangers it may pose, the OSRI director stressed.
“ICTs must be used responsibly and from a position that allows one to know how to control, or at least manage risks,” he concluded.