No successful cyber-espionage malware has been found on the Government of Guyana’s network according to the authority on such matters, the cybersecurity division of the National Data Manage-ment Authority (NDMA).
The NDMA made this disclosure in a release yesterday, in response to a recent claim made by a cybersecurity firm in an October 5 article, that in February, an unnamed Government of Guyana agency was the victim of a successful spear-phishing campaign that sought to compromise sensitive government data.
The authority reacted to this news by deploying its cybersecurity analysts and specialists to assess these claims. Investigations revealed that the cybersecurity firm “exaggerated the threat in their ‘exposé.’”
Speaking to the issue, NDMA General Manager, Christopher Deen stressed that matters of cybersecurity and potential threats to Guyana’s digital infrastructure are taken very seriously. “We have launched extensive investigations both in and out of the government’s network to determine the validity of this report. Based on information currently available, a spear-phishing attempt was made against a Government Ministry. The security systems employed intercepted this attempt and nullified its effects. I take this opportunity to note that locally, NDMA has detected and mitigated some 442 malware attacks at government agencies in the first quarter of 2023.”
According to the release, NDMA has contacted the cybersecurity firm which made the claims in an effort to gather additional information, verify the data shared, and ascertain the firm’s source. It added that to date, it is still awaiting the cybersecurity firm’s response.
Further, the cybersecurity company’s motivations and ethics were called into question. It was pointed out that cybersecurity professionals have access to sensitive information including personal data and proprietary information and that disclosing sensitive information without stakeholder consultation could be detrimental. This, the release stated, then begs the question, “How is the cybersecurity firm benefitting from publishing and making claims based on ‘medium confidence’ and linking this spear-phishing campaign to other local events without evidence-based proof?
In an effort to shed some light on the prevalence of phishing, the release noted that Forbes (Advisor), in a June 2023 online article, estimated that over five hundred million phishing attacks were reported in 2022 worldwide which shows just how common this type of threat is in today’s digital world. “The singling-out of this particular incident also raises questions, as it is not conventional practice to disclose consumer-specific information without the customer’s explicit permission. We will continue to reach out to the cybersecurity firm for in-depth consultations.”
As the investigation continues, NDMA assures that it will remain “resolute” in its mandate to promote safe cybersecurity practices within government ministries and agencies. It informed that in keeping with international best-practice, the authority operates both a 24/7 security operations centre which provides 24-hour technical support on cybersecurity issues to government agencies; and the Guyana National Com-puter Incident Response Team (CIRT) which serves as a valuable resource for threat response and incident handling. In addition, these efforts are also complemented by ongoing cybersecurity awareness training initiatives and programmes.
As part of its efforts to empower citizens with cybersecurity skills and knowledge, the NDMA is offering its resources through CIRT and Get Safe Online Guyana under the theme “Don’t bite the bait: how to ensure you’re not phished.”
In October, the Govern-ment of Guyana joins the rest of the world in commemorating Cybersecurity Awareness and as such, this year NDMA will facilitate several training sessions across the country. These training initiatives aim to provide invaluable information on safe cyber security practices as well as how to identify and respond to cyber security threats, the release added.