For Gibraltar’s digital economy, security is a must.

Credit to Brian Reyes of today’s Gibraltar Chronicle.

Gibraltar’s pioneering approach to digital business makes it an attractive target for cyber criminals, the Chief Information Officer of the Gibraltar Financial Services Commission said, as he underlined the vital importance of security awareness across all levels of an organisation. Alan Pereira, who oversees the GFSC’s use of technology and the security of its systems, said Gibraltar is targeted “constantly” by hackers, much as occurs in the rest of the world. But the Rock’s success trailblazing in sectors such as financial services, online gaming and distributed ledger technology puts businesses here on the criminal radar for different reasons. “We’re always in the limelight for that or other reasons, and for a small jurisdiction, the number of attacks that hit Gibraltar is quite large,” he said. “As of late we’ve been seeing that, in different areas of Gibraltar, these attacks have been targeting different organisations.”

The GFSC, he added, is no different and is also targeted, which highlights the importance of tight security systems and keen awareness of risks and the steps needed to mitigate them. Businesses need to think of cyber security as they would any other issue on their corporate risk registers, Mr Pereira said. It is another aspect of how to protect their intellectual property, their customers’ data, their finances and their reputation, and that of the jurisdiction as a whole. The companies that do this best, he added, understand that technology is not an add-on to their business, but rather a core element of it. As Gibraltar’s financial services regulator, the GFSC sets the benchmarks that it expects companies to meet in terms of security and business continuity arrangements, including as a result of a cyber attack. It also applies those benchmarks to its own operations, implementing security policies for all its personnel to minimise risk when handling sensitive information, and securing all external connectivity to the internet by using standard firewalls and sophisticated artificial intelligence systems.

The range of threats is wide and always growing, from “brute force” attacks targeting external links in an organisation’s systems, to sophisticated attempts to by-pass different elements of a security setup. “There’s phishing, there’s ransomware, there’s malware,” Mr Pereira said, reeling off a list of potential threats. “You’ll get different ones attacking different organisations. Some are even just people doing it for fun or for their name to be plastered on a website. It’s very difficult to see whether they are specifically after your systems because in most cases you stop it before it develops. It’s not something where you can detect what they’re going after, that’s very difficult to ascertain.”

Mr Pereira is clear that, in an interconnected global economy, it is impossible to guarantee security completely. The Pentagon, he points out by way of example, has one of the most secure systems in the world but has still been hacked into three times. And there are more basic challenges too. “The biggest gap in any organisation, as many controls as you may have, is the human factor,” Mr Pereira said. “It’s probably the biggest source of leaks and breakages in security in any organisation.” And he aded: “You’ll never be able to perfectly secure everything, but, especially under the GDPR, so long as you can show that you’ve taken the right protocols to secure your transmission and transportation of data, you’re covered.”

Mr Pereira has worked in the sector for nearly 30 years and has held CIO roles at international banks, travelling the globe prior to his current role at the GFSC. A part-time lecturer on technology at the College of Further Education and the University of Gibraltar, he is also passionate about raising awareness of these issues and ensuring Gibraltar’s youngsters are well-equipped for a world in which technology plays a core role across all areas of life. But he said there also needs to be a change in the way many firms approach technology, “which is there as an enabler”. “It’s not technology driving the organisation, it’s quite the opposite, and when you do that, you need to look at it holistically,” he said. “I make sure I look at the organisation as a whole and see where the strategies are going. In the case of the GFSC, we look at the strategy objectives throughout the organisation and make sure that the IT strategic objectives actually act as an enabler for the organisation, rather than an influencer or an impediment to those objectives.”