Home' Trinidad and Tobago Guardian : November 14th 2013 Contents NOVEMBER 2013 • WEEK TWO www.guardian.co.tt BUSINESS GUARDIAN
NEWS | BG7
The size of a company,
whether it s small or a
multinational, is no limita-
tion when it comes to hack-
ing a company s network,
said Dirk de Wit, consultant
with Deloitte Netherlands.
He said hacking is bigger business than
"Now you see really big criminal organ-
isations focusing on hacking. The money
made from hacking is more than with what
you make with drugs. Criminal organisations
make more money with hacking Web sites
and hacking banks than they would do if
they were to invest in drugs."
A big crime usually means big penalties,
but this is not so in the Netherlands, said
De Wit. Describing what the law there
entails, he said: "If you attack an infra-
structure or Web site that doesn t belong
to you, you can be fined euros 16,000 or
you go to jail for one night."
He said some companies monitor the
parameter of their Web sites to determine
if there are threats.
De Wit was in T&T to conduct a work-
shop on hacking that Deloitte T&T hosted
on Monday at the Courtyard by Marriott
Port-of-Spain Hotel, Invader s Bay.
De Wit, who has done work for banks
in Europe, said a hack attack can cost a
bank millions. He said attacks can take the
form of "phishing", which happens when
an attacker masquerades as a trustworthy
individual. In the instance of a bank, the
attacker e-mails a customer making the e-
mail appear official and demands personal
information from the customer. This can
be detrimental to the customer since "the
attacker can transfer euros 2000, then the
bank has to pay back the customer."
He said phishing has prompted banks to
invest in awareness campaigns.
"Criminal organisations target specific
companies and also target people who can
approve certain transactions (at the executive
level). They are targeted, they are sent e-
mails with phishing, with malware to take
over their machines."
De Wit said e-mails containing malware
tend not to be easily distinguishable from
Cyber attacks are not limited to Europe,
but it is a global issue in which company
officials have been targeted.
The statistics are alarming, according to
a Symantec Monthly Intelligence report. In
January, the report found:
• Around 64 per cent of all e-mails are
• One in 370 e-mails is identified as
• One in 400 e-mails contained malware,
which is software used to disrupt a computer
operation, gather sensitive information or
gain access to private computer systems;
• Spammers continue to take advantage
of holidays and events.
A growing trend is a Botnet attack, De
According to www.microsoft.com, a bot-
net occurs when "criminals distribute mali-
cious software (also known as malware)
that can turn your computer into a bot (also
known as a zombie). When this occurs,
your computer can perform automated tasks
over the Internet without you knowing it.
Criminals typically use bots to infect large
numbers of computers. These computers
form a network or a botnet."
Though a botnet is illegal, it can be pur-
chased online and cannot be prevented
since "it is based on the awareness of a
While companies usually set aside a sub-
set of its information technology budget to
invest in hardware or software security, De
Wit said the size of the budget is dependent
on the nature of the business.
IT expert: Company size
no hindrance to hacking
Dirk de Wit, consultant, Deloitte Netherlands.
PHOTO: MARCUS GONZALES
From Page 6
"That is what the code is: a common standard
by which everybody agrees to hold themselves
to. We worked for eight months to bring together
a group that would do that.
"In January of this year, the working group
came together under the chairmanship of retired
Justice of Appeal Roger Hamel-Smith and 14
other persons and worked for 11 months to create
Kravatsky said T&T has decided to adopt the
IFRS (International Financial Reporting Standards),
but not all state companies use the same account-
"At present, there are currently three listed
state enterprises to whom this will apply. Because
there are companies with public accountability,
in general terms, if not strictly speaking in financial
terms, it does apply to them. In addition to that,
in the coming years, there will be a code specific
to state enterprises because there are a few things
that are sufficiently different to warrant additional
"For example, the way that boards are appointed
here speaks clearly to a listed company. You have
state boards which have public accountability,
but there s no vote; they re all appointed by the
Related party transactions
Recommendation 3.3 on elated party transac-
tions states: "Members of the board and senior
management should disclose to the board whether
they, directly or indirectly, or on behalf of third
parties, have a material interest in any transaction
or matter directly affecting the company."
Asked if the issue of related-party transactions
applied to Clico, Kravatsky replied, "No, all com-
panies. For example, all public companies in
Trinidad currently disclose the amount of money
that was transacted with related parties, but no
single company says where those decisions were
made, what policies do they have in place."
Asked if there were enough instances of people
recusing themselves from sensitive transactions,
Kravatsky said, "We have no evidence."
"In two years time, when you go through the
annual reports, there will be a much narrower
band in terms of what the responsibilities of the
board are and these will be spelt out. I think most
boards will conduct an annual review of their
corporate governance. There will be an official
evaluation that will be published in the annual
report, not the results, but that they have done
it and that they have taken action as a result of
it."Kravatsky said legislating corporate governance
doesn t necessarily achieve the best outcome.
"The best outcome is if everybody is evaluated
every year. For example, how much training had
been done, how satisfied are people with their
different committees and their work, and how
often have directors attended these committee
The Institute is not isolated in its efforts to
improve corporate governance in T&T.
Between September and October, the Energy
Chamber has been hosting a series of corporate
governance workshops as part of its Improving
Corporate Governance Project. These workshops
were aimed at CEOs, directors, board members
and senior management.
Dirk de Wit
• Eight years' experience in informa-
tion technology security manage-
ment, vulnerability assessments and
information technology auditing
• He is a certified information secu-
rity manager and a certified informa-
tion system security professional
• Member of the Dutch Association
of Information Technology Auditors
Links Archive November 13th 2013 November 15th 2013 Navigation Previous Page Next Page