The recent data breaches at TSTT, PriceSmart and Courts highlight the extent to which Trinidad and Tobago and the Caribbean are vulnerable to threats from external sources involving not guns or bombs, but technology.
In our interconnected and rapidly evolving world, the increase in online transactions has created an attractive environment for cyber criminals.
The latest breaches put the data of thousands of citizens at risk and exposed how little is understood about the transnational nature of cybercrime, which takes many forms and is constantly evolving.
Too many regional entities, including governments, still do not fully understand the extent to which increased connectivity comes with vast cyber risks of data exfiltration, ransom and disruption of services and functions.
The uncomfortable truth to be confronted is that these cyberattacks on local and regional telecommunications and retail giants have exposed countless names and emails of customers to dangerous actors. In the absence of immediate and strong responses to these criminal infiltrations, considerable damage can be inflicted on these entities and their customers.
Cyber criminals work around the clock seeking any vulnerability they can exploit—and they can do so from thousands of miles away. Once they find a minor weakness in an organisation’s defence, they launch a network invasion.
The need to strengthen cybersecurity has never been as urgent as it is now. Alerts for cybercrimes increased 600 per cent during the COVID-19 pandemic and since then, the Caribbean has been experiencing millions of cyber attack attempts, with ransomware the most common threat.
Since the first wave of ransomware attacks in 2013, there have been numerous cyber breaches, ranging from bank theft to the hacking of websites, across the region. In addition, artificial intelligence has given cyber criminals more effective ways to mount their attacks.
A 2020 Organization of American States (OAS) and Inter-American Development Bank (IDB) joint study, Cybersecurity: Risks, Progress, and the way forward in Latin America and the Caribbean, found that countries of the region have been developing and implementing national strategies and legal frameworks to better respond to evolving cyber threats, including increased protection of citizens’ personal data. However, more than three-fourths of the countries observed a lack of critical infrastructure protection plans to effectively respond to cyberattacks.
In this rapidly evolving threat landscape, it is not surprising that T&T is being attacked by sophisticated international cybercrime gangs.
The T&T Cybersecurity Incident Response Team (TT-CSIRT) of the Ministry of National Security has been warning for some time about a significant increase in attacks, especially ransomware.
Strategic responses to combat malicious cyber activities should include a ramping up of cross-border collaborations, a review of existing legislation and drafting of new laws covering issues such as mandatory breach notifications and transparency obligations.
Unfortunately, damage control by entities that have suffered breaches often glosses over the need to provide timely alerts to customers, although this attempt to mitigate reputational loss usually falls short and denies customers the strong and timely responses they deserve.
At all levels, in state agencies, businesses of all types and sizes and even NGOs and CBOs, there must be greater attention to cybersecurity, including regular assessments to ensure that networks have not been compromised.
It is, however, important to improve detection and protection systems and work consistently to keep ahead of the cyber criminals.