Cybersecurity for Posts: A global problem that requires a global approach
The global pandemic accelerated digital transformation by as much as 10 years, according to Rodney Taylor, Secretary General of the Caribbean Telecommunications Union (CTU), who spoke to the Universal Postal Union (UPU) about ICT and digitalization in the Caribbean earlier this month.
This is great news in terms of digital transformation, but in an increasingly digital world, companies, governments, and authorities are now even more at risk of cybercrime – a growing threat to organizations worldwide.
According to figures from the Identity Theft Resource Center (ITRC), data breaches caused by cyberattacks got off to a record start in 2022, following a record setting 2021. Q1 2022 data revealed that 90% of data breaches are cyberattack-related. Data breaches have increased for the third consecutive year.
Many Posts have suffered from cyberattacks in recent months. Hellenic Post in Greece, for example, was subjected to a serious cyberattack in late March, which brought down computer systems using malware. Meanwhile, in New Zealand, post offices were shut down by a cyberattack late last year. Other Posts including the Bulgarian Post, Correios Brazil, and Ukrposhta have all been impacted by cybercrime.
These recent events and rising cybercrime figures in general highlight the vital importance of Posts’ making cybersecurity a priority within their organizations. The CTU’s Rodney Taylor, who appeared in Episode 12 of the UPU’s Voice Mail podcast, believes that collaboration is key between countries, states, and organizations, to achieve cybersecurity.
“It is critical that we bring everyone together to cooperate on how cybercrime is addressed on a global scale,” he said. “We have leveraged this model in the Caribbean and developed an Internet governance policy framework to provide guidance to member states on various aspects of cybersecurity and policy guidelines.”
In the podcast episode, Rodney also highlighted the importance of raising the awareness of cyberthreats with the public and with governments to ensure that the right “legislative frameworks” are in place to deter cybercrime.
The UPU has developed several tools to help Posts tackle the challenge of cybercrime. Its .POST top-level domain, for example, provides a secure and trusted Internet space to serve the needs of the global postal community in the digital economy.
Furthermore, in May, .POST’s governance group launched a new tool to boost .POST members’ cyber resilience. The cybertrack.post solution is a fully automated, web-based dashboard tool, which provides real-time monitoring of .POST domains’ technical compliance with approved cybersecurity policies covering DNSSEC, secure e-mail authentication and secure online transactions. The tool supports access on an individual country basis, allowing nominated focal point(s) in this country receive email alerts in case of nonconformity events.
Cybertrack.post also provides access to the .POST Learning Platform where the UPU will be hosting cybersecurity training and capacity building activities. A self-paced bootcamp in secure email authentication, which was developed by one of the UPU’s partners – the Global Cyber Alliance – has already been placed on the learning platform. The UPU has plans to work with partners to place additional materials on the platform over the next 6-12 months.
Tracy Hackshaw, .POST Projects Manager, who worked with the .POST Group to launch the new tool, said, “The tool is highly intuitive and requires minimal setup. Experience has shown that, even for high-level, executive, non-technical users, the onboarding process is done in minutes. All .POST domains are automatically added to the list of domains monitored in real-time by cybertrack.post.”
The UPU is currently working to onboard all the .POST Group members to use the tool. It will also be launching a series of webinars over the next 2-3 months highlighting and showcasing .POST Group members who have successfully launched solutions and services using .POST.
“We are also currently working on expanding the functionality of cybertrack.post in all aspects, including integrating elements of the .POST/UPU Cyber Incident Response Team (CIRT), DNS abuse/security threat reporting and monitoring and several other aspects designed to improve the cyber-resilience of .POST Group members, in particular, UPU members, and indeed, the global postal sector as a whole,” Hackshaw concluded.