Protecting critical national and regional infrastructure from the imminent threat of cyberattacks is of paramount importance.
Calibra Solutions Ltd’s managing director, George Whyte made this comment during an interview with Business Guardian.
Calibra, a 15-year-old company based in Arima, offers services in the English-speaking Caribbean and the Dutch-speaking countries of Suriname, Aruba, Curacao, and Sint Maarten.
Whyte said businesses across the Caribbean can no longer consider themselves as less vulnerable to attacks relative to larger and more technologically advanced countries.
He said recent examples of attacks on the Ministry of the Attorney General, the Massy Stores chain of supermarkets, Mayberry Investment Group (Jamaica), and the Martinique government should act as advance warnings to all organisations to make the necessary investments to protect their systems and the information stored on these systems.
Delving deeper into cybercrimes, the executive said one term that is often associated with this illegal activity is “dark web”.
“The dark web is a part of the internet that isn’t visible to search engines and requires the use of an anonymising browser called Tor to be accessed.
“Since the advent of the dark web, criminals have acted on hidden marketplaces, forums, and sites with impunity, conducting their activities in ways that are difficult for law enforcement to discover, monitor, and investigate,” Whyte explained.
He said that it is for this reason, the company has partnered with the English dark-web intelligence company, Searchlight Cyber, to help organisations to combat cybercrime emanating from the dark web.
Asked how governments and private individuals can protect themselves against the illegal activity, Whyte said it is incredibly difficult to protect from the unknown.
However, by gaining a better understanding of the cybercrime taking place on the dark web, he noted agencies, organisations, and enterprises can better prepare their defences and take mitigative actions that help them to prevent attacks.
“Monitoring the dark web offers an opportunity to spot threats sooner and be more proactive in their defence,” said Whyte.
Breaking down how the lawbreakers conduct their business, he said they steal personal data, financial data, online account login data, medical data, confidential corporate data, and more.
In addition to personal information yielded from data breaches and various other types of cyberattacks and online scams, he pointed out that the cyber criminals also offer illegal drugs, access to emerging cyber threats and viruses, and various other products.
“As a hub for criminal activity, the dark web offers more than just “products” to anyone willing to buy and consume. It also offers services that enable cybercriminals to launch attacks with little technical knowledge or experience,” White emphasised.
In giving an example as to how a company or a Government agency can be disrupted and what had to be done to restore normalcy, he said Calibra’s partners Searchlight Cyber helped a European government agency to prevent a cyberattack by identifying a cybercriminal targeting them on the dark web.
In this case, Whyte disclosed the threat intelligence analysts identified as a cybercriminal selling access to a dark-web hacking forum.
The government agency was alerted. Then they were able to exploit the flaw in their network based on the information the cybercriminal had posted. The threat was mitigated it before any criminals could use it to compromise their systems or steal any data.
“This is a great example of how monitoring the dark web can give organisations early warning of a cyberattack, allowing them to effectively stop it before it begins.”
He said that the company’s partner Searchlight Cyber, published research where they interviewed over 500 Chief Information Security Officers (CISOs) in the US and UK, and it was revealed that 93 per cent of them were concerned about dark-web threats, but the use of threat intelligence varies by geography and industry.
“There was a clear correlation between the CISOs that are gathering threat intelligence and data from the dark web - and a better security posture. Those that have invested the most in these areas are more confident that they understand their adversaries and are more likely to have identified an attack before it hit their network,” the research said.
Uptick in cyber-attacks
Asked whether there has been an uptick in cyberattacks from the dark web with the increased use of AI internationally and regionally, White divulged that the company has observed individuals on the dark web discussing and advertising a malicious version of ChatGPT, known as FraudGPT—to create AI-generated cyberattacks.
“All tech developments have the potential to be abused for malicious purposes, so it is definitely a trend to monitor but, as of yet, there is little evidence to suggest that these tools have had a major impact on the cybercriminal ecosystem,” he stated.
When a ransomware attack hits government agencies and companies, the cost to recover its data always runs in the millions.
He said according to a 2022 report from Sophos, the average cost for a financial institution to recover from a ransomware attack was US$2.10 million and this number includes the cost of downtime, devices, and any ransom paid as well as other expenses.
“With ransomware and similar attacks on the increase, organisations should view security spending as an investment rather than a cost.
“It is estimated that currently, small and medium-sized enterprises spend about 10 per cent of their annual IT budget on cybersecurity services and solutions,” said Whyte.
“While there are, of course, other key budget considerations to take into account, this allocation does not match the rapid increase in cyber-attacks.
“However, each industry does have specific needs to which they must adjust their cybersecurity strategy to bolster cyber resilience,” the IT expert stressed.
In fighting against cyberattacks, said the Caribbean falls short in the prevention and mitigation of criminal or malicious activity risks in cyberspace and several countries in the region are vulnerable to potentially devastating cyberattacks.
The following are recommended action items to influence regional companies:
• At the national leadership level, treat cybersecurity as a critical national security matter and continue with efforts to create a harmonised legal basis for dealing with cybercrime with a sense of urgency;
• Develop a common understanding on critical infrastructure and its vulnerabilities;
• Develop a more formal regional approach to confidence building and the strengthening of cooperative networks of responsible officials and technical experts available for immediate consultation or assistance in the event of an emergency;
• Continue the elaboration of regional strategies for cybersecurity such as CARICOM IMPACS; and
• Implement relevant data privacy/protection legislation.
While there has been some progress in a few countries, he added that governments ignore cybersecurity at their peril.