Submitted by James Bynoe, Senior Cyber Security Consultant\CEO & Co-Founder, Caribbean Cyber Security Center
Cyber Crime has surpassed the international drug trade yet Caribbean businesses, organizations, and governments have done very little to combat this phenomenon.
To put this in perspective, last year the FBI announced that revenues from global cyber-crime which includes the Caribbean, for the first time ever, exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping more than $1 trillion annually in illicit profits.
Additionally, Interpol has reported that organized international gangs are behind most internet scams and that cyber crime’s estimated cost is more than that of cocaine, heroin and marijuana trafficking put together. Many of these organized international gangs have now targeted the Caribbean using our cultural and political norms in being “slow” to do almost everything totally again us.
On a daily basis it is estimated that 1,000’s of attempted attacks against Caribbean organizations, businesses and government occur, with many going totally undetected or reported. Hackers and cyber criminals consider the Caribbean as ripe for the picking, and know that if the very small chance occurs that they are caught due the region’s lack in effective cyber security laws many cases will be difficult to prosecute, if they find them.
The lack of a regional legal framework around cyber-crime and cyber security is playing right into the hands of cyber-criminal who are laughing all the way to the bank. While it has been clear for some time now that regionally we “desperately need cyber laws and legislation in place” government bureaucracy has been largely to blame for our inability to establish effective cyber-crime and security laws and legislation. So why is this? As we have observed in many Caribbean countries they are usually a small team of public sector workers with responsibility for writing legislation who simply do not have the technical expertise to even know where to begin in writing cyber laws and legislation for cabinet approval. This reality is then further compounded by the rate of change in information and communication technology which is neither stopping nor slowing for no one, as a result we keep falling further and further begin in protecting critical public and private sector ICT resources and assets all across the region.
Due to our poor regional cyber security posture and our inability to comprehend the real-time threat cyber criminals and hacktivist pose to our region, as stated before these groups are using our cultural norms in being slow to act totally against us to defraud the citizenry and disrupt various public and private sector organizations. To make matters worse when cyber breaches occur the public is often totally kept in the dark, due primarily to reputation loss concerns. Now it goes without saying that we are in hard economic times across the Caribbean and we have been very focused on regaining growth in many of our tradition sectors like tourism and off-shore banking.
However while we are totally focused on regaining growth in these traditional sectors, the daily losses and impact due to cyber-crime activity has received little or no adequate attention, these impacts include:
The loss of intellectual property and sensitive data
Service and employment disruptions
Damage to the brand image and company reputation
Penalties and compensatory payments to customers (for inconvenience or consequential loss), or contractual compensation (for delays, etc.)
Cost of countermeasures and insurance
Cost of mitigation strategies and recovery from cyber-attacks
The loss of trade and competitiveness
Distortion of trade
The scariest aspect of all we face in Caribbean cyber space is that they are computer networks in both the public and private sectors “TODAY” that are currently “compromised”, “breached”, or “hacked” via a method called the “Advanced Persistent Threat”. So what is this thing called the “advanced persistent threat” (APT)? APT is a network attack in which a cyber-criminal or hacker gains access to a computer network and stays there undetected for a long period of time even years. The intention of an APT attack is to steal data rather than to cause damage to public or private sector network. APT attacks target organizations in sectors with high-value information, such as governments, and the financial industry.
When we as cyber security professionals hear reports from all across the region of financial losses where no one knows where the money has gone, the first thing many of us cyber security professionals think is “APT”. They are potentially thousands of dollars being stolen daily in data and information resources all across the Caribbean by hackers and fraudsters, with very few public or private leaders doing anything about it, which begs the question… WHY IS THIS?
The primary reason “WHY THIS IS” is due to the fact that many Caribbean ICT, business and government leaders are not adhering to international cyber and information security best practices and standards which take a 360 view of their security posture. This 360 view should include the implementation of technical, management and operations security controls needs to lower their overall risk profile. Many are overly focused on technical security controls (firewalls etc.), and paying little or no attention to management (policies, procedures and awareness training etc.) and operational (continuous monitors etc.) security controls.
In closing, each day it becomes more and more critical that public and private sector organizations get there computer networks tested for weaknesses and vulnerabilities a cyber-criminal or hacker can exploit. Ironically usually the security fixes to prevent hackers from exploiting most vulnerabilities and weaknesses are “FREE” but you can’t fix what you can’t measure, nor don’t know. A serious mental shift is needed by ICT leaders, Business Owners and Government Leaders in the Caribbean on the topic of cyber security which has the potential to significantly disrupt business operations and create major financial losses in the worst economic climate we have seen in years. The few hundreds or thousands spent on an independent assessment can literally save a business, organization or government tens of thousands of dollars or even more.
So on behalf of the Caribbean Cyber Security Center we urge region businesses, organizations and government to “BE PROACTIVE, BE AWARE” get your computer network tested today, before it is too late, as there are only (4) types of businesses, organizations or governments in the Caribbean as it relates to the growing cyber threat:
Those that have not been hacked and have an opportunity to protect themselves
Those that have been hacked and have done nothing
Those have been hacked and will be hacked again
Those that have been hacked and don’t even know it (APT)
Old men are not technologically being that we were born in the age of the Gestetner typewriter and duplicating machine with its almost indelible ink cartridges.
What you are saying is logical but, bereft as i am of these technological skills, the technology loses me.
From a logical perspective what would you advise the less technical amongst us to use as a first line of defence against these techno buffs?
Should they “wakeup” or should they “wake up”? In a market saturated by suppliers, should we prefer the literate or the subliterate?
Caribbean Businesses, Organizations and Governments Must Wakeup and Confront the Cyber Crime Challenge?MMMMM
Seem like they are part of the crime , so they dont want to wake up and do anything,They will play their role in the fraud until the US of A , or the World Bank and other make moves, In the mean time, the party goes on.. get what you can while the getting is good,
Caribbean Businesses, Organizations and Governments are not leader , they will react to their Masters Wishes .
The NEW FRAUD ORDER/ NFO
By the way have found that serial rapist yet. you know the one they set free.
as how the hell could those women see in the dark a black face.
hhummm any clues.? call your local rapist hotline.1- 800-you-like
and be reassured you wanted it did- ent you ????????humm
This article was too well written for the intended target audience to grasp its magnitude. You would have had to write it in the context of praise and glory to the perceived upper-class and then probably they may have gotten it. You see, you neglected to tell them how wonderful they are, how Barbados rates so highly on the development index and how technological superior we are to the remainder of the Caribbean.
The Barbadian landscape is full of fools who think themselves wise. This is the core reason why we are still asleep at the wheel of security and one of the ancillary reasons why we are bypassed for investment and development with respect to external investment in the “High-tech” industry.
What we will do is wait until a major catastrophe occurs, call in a foreign, white owned company, and throw all our trust and monies at them.
But press on my brother, those days of allowing that behaviour to go un-checked are done, and its acceptability has expired. They’ll need your services soon enough!
Actuall it should have been framed BLP DLP and the interest would have been garnered.