Wednesday, May 18, 2016
Why Jamaican Government Websites still hackable in 2016 despite Cyber Incident Response Report
Looks like attacking Jamaican Government websites is a thing these days.
Back in March 2016, Minister of Science, Energy and Technology Dr Andrew Wheatley, ordered a security audit of Government websites as reported in the article “Wheatley orders security audit of government websites”, published Tuesday, March 29, 2016, The Jamaica Observer.
This was most likely a knee-jerk reaction to the hacking of the Ministry of Transport and Works website in February 2016 as detailed in my blog article entitled “How Islamic Cybergroup Team Emirates hacked the Ministry of Transport and Works”.
Most likely, this report may have been the final version of the preliminary Cyber Incident Response Report that then State Minister of Science, Energy and Technology Julian Robinson had received from the CIRT (Cyber Incident Response Team) as reported in the article “Robinson receives report on gov't website hacking”, published Tuesday, January 27, 2015, The Jamaica Observer.
So has this made Jamaican Government websites any safer?
Results of the Cyber Incident Response Report - Culture of not caring about Cybersecurity has to change
This Cyber Incident Response Report seems to not have made much difference, as the vulnerability of most Jamaicans websites isn't the websites itself; it’s the Government workers using the computers.
This was evident Monday June 22nd, 2015 when it was reported that the JIS (Jamaica Information Website) was hacked by alleged ISIS terrorists as noted in my blog article entitled “Anatomy of ISIS hack of the JIS Website - How the @JISNews Website was hacked and Why Hactivists couldn't access sensitive GOJ Databases”.
The habits of Jamaica Government workers to click on links in emails that look like PDF attachments with files that do not have a *.pdf extension is the main problem. Educating Jamaica Government workers to be more cautious is key.
They need to be more Cybersecurity-conscious and call their IT Security people if they spot emails with attachment or links that they do not know would also be very helpful as argued in my blog article entitled “GOJ securing Government Websites against Hackers - Linux-based GovNET to remove Windows vulnerabilities and change Human Behaviour”.
This, however, is not being done, as many Jamaica Government workers are going through the motion of work and often do not bother with being concerned about Cybersecurity. So the culture of the Jamaica Government workers within these various agencies, Executive bodies and Government Ministries has to change.