GEORGETOWN, Guyana, CMC – The National Data Management Authority (NDMA) says despite claims of a successful spear-phishing campaign that sought to compromise sensitive government data, investigations have shown that this has not been the case.
NDMA said its Cybersecurity Division has found no evidence to support the allegation made on October 5 this year. It said that it had deployed its cybersecurity analysts and specialists to assess these claims, and investigations reveal that the cybersecurity firm exaggerated the threat in its “exposé.”
NDMA general manager Christopher Deen reiterated that cybersecurity matters and potential threats to Guyana’s digital infrastructure are taken very seriously.
“We have launched extensive investigations both in and out of the government’s network to determine the validity of this report. Based on currently available information, a spear-phishing attempt was made against a Government Ministry.
“The security systems employed intercepted this attempt and nullified its effects. I take this opportunity to note that locally, NDMA has detected and mitigated some 442 malware attacks at government agencies in the first quarter of 2023,” Deen said.
But NDMA said that even as investigations continue, it has contacted the cybersecurity firm who made the claims to gather additional information, verify the data shared, and ascertain the firm’s source, adding “to date, NDMA is still awaiting the cybersecurity firm’s response.”
It said further there are also questions regarding the un-named cybersecurity company’s motivations and ethics.
“Cybersecurity professionals can access sensitive information, including personal and proprietary information. Disclosing sensitive information without stakeholder consultation can be detrimental. So how is the cybersecurity firm benefitting from publishing and making claims based on “medium confidence” and linking this spear-phishing campaign to other local events without evidence-based proof?
“The singling-out of this particular incident also raises questions, as disclosing consumer-specific information without the customer’s explicit permission is not conventional practice. We will continue contacting the cybersecurity firm for in-depth consultations,” NDMA added.
NDMA said it remains resolute in its mandate to promote safe cybersecurity practices within government ministries and agencies.
“In keeping with international best practices, NDMA operates a 24/7 security operations center which provides 24-hour technical support on cybersecurity issues to government agencies; and the Guyana National Computer Incident Response Team (CIRT) serves as a valuable resource for threat response and incident handling. Ongoing cybersecurity awareness training initiatives and programs complement NDMA’s efforts.”
NDMA said that Guyana is joining the international community in commemorating Cybersecurity Awareness and will facilitate several training sessions nationwide. “These training initiatives are set to provide invaluable information on safe cyber security practices as well as how to identify and respond to cyber security threats,” it added.
and then  says despite claims of a successful spear-phishing campaign that sought to compromise){kind=link}