The re­cent da­ta breach­es at TSTT, PriceS­mart and Courts high­light the ex­tent to which Trinidad and To­ba­go and the Caribbean are vul­ner­a­ble to threats from ex­ter­nal sources in­volv­ing not guns or bombs, but tech­nol­o­gy.

In our in­ter­con­nect­ed and rapid­ly evolv­ing world, the in­crease in on­line trans­ac­tions has cre­at­ed an at­trac­tive en­vi­ron­ment for cy­ber crim­i­nals.

The lat­est breach­es put the da­ta of thou­sands of cit­i­zens at risk and ex­posed how lit­tle is un­der­stood about the transna­tion­al na­ture of cy­ber­crime, which takes many forms and is con­stant­ly evolv­ing.

Too many re­gion­al en­ti­ties, in­clud­ing gov­ern­ments, still do not ful­ly un­der­stand the ex­tent to which in­creased con­nec­tiv­i­ty comes with vast cy­ber risks of da­ta ex­fil­tra­tion, ran­som and dis­rup­tion of ser­vices and func­tions.

The un­com­fort­able truth to be con­front­ed is that these cy­ber­at­tacks on lo­cal and re­gion­al telecom­mu­ni­ca­tions and re­tail gi­ants have ex­posed count­less names and emails of cus­tomers to dan­ger­ous ac­tors. In the ab­sence of im­me­di­ate and strong re­spons­es to these crim­i­nal in­fil­tra­tions, con­sid­er­able dam­age can be in­flict­ed on these en­ti­ties and their cus­tomers.

Cy­ber crim­i­nals work around the clock seek­ing any vul­ner­a­bil­i­ty they can ex­ploit—and they can do so from thou­sands of miles away. Once they find a mi­nor weak­ness in an or­gan­i­sa­tion’s de­fence, they launch a net­work in­va­sion.

The need to strength­en cy­ber­se­cu­ri­ty has nev­er been as ur­gent as it is now. Alerts for cy­ber­crimes in­creased 600 per cent dur­ing the COVID-19 pan­dem­ic and since then, the Caribbean has been ex­pe­ri­enc­ing mil­lions of cy­ber at­tack at­tempts, with ran­somware the most com­mon threat.

Since the first wave of ran­somware at­tacks in 2013, there have been nu­mer­ous cy­ber breach­es, rang­ing from bank theft to the hack­ing of web­sites, across the re­gion. In ad­di­tion, ar­ti­fi­cial in­tel­li­gence has giv­en cy­ber crim­i­nals more ef­fec­tive ways to mount their at­tacks.

A 2020 Or­ga­ni­za­tion of Amer­i­can States (OAS) and In­ter-Amer­i­can De­vel­op­ment Bank (IDB) joint study, Cy­ber­se­cu­ri­ty: Risks, Progress, and the way for­ward in Latin Amer­i­ca and the Caribbean, found that coun­tries of the re­gion have been de­vel­op­ing and im­ple­ment­ing na­tion­al strate­gies and le­gal frame­works to bet­ter re­spond to evolv­ing cy­ber threats, in­clud­ing in­creased pro­tec­tion of cit­i­zens’ per­son­al da­ta. How­ev­er, more than three-fourths of the coun­tries ob­served a lack of crit­i­cal in­fra­struc­ture pro­tec­tion plans to ef­fec­tive­ly re­spond to cy­ber­at­tacks.

In this rapid­ly evolv­ing threat land­scape, it is not sur­pris­ing that T&T is be­ing at­tacked by so­phis­ti­cat­ed in­ter­na­tion­al cy­ber­crime gangs.

The T&T Cy­ber­se­cu­ri­ty In­ci­dent Re­sponse Team (TT-CSIRT) of the Min­istry of Na­tion­al Se­cu­ri­ty has been warn­ing for some time about a sig­nif­i­cant in­crease in at­tacks, es­pe­cial­ly ran­somware.

Strate­gic re­spons­es to com­bat ma­li­cious cy­ber ac­tiv­i­ties should in­clude a ramp­ing up of cross-bor­der col­lab­o­ra­tions, a re­view of ex­ist­ing leg­is­la­tion and draft­ing of new laws cov­er­ing is­sues such as manda­to­ry breach no­ti­fi­ca­tions and trans­paren­cy oblig­a­tions.

Un­for­tu­nate­ly, dam­age con­trol by en­ti­ties that have suf­fered breach­es of­ten gloss­es over the need to pro­vide time­ly alerts to cus­tomers, al­though this at­tempt to mit­i­gate rep­u­ta­tion­al loss usu­al­ly falls short and de­nies cus­tomers the strong and time­ly re­spons­es they de­serve.

At all lev­els, in state agen­cies, busi­ness­es of all types and sizes and even NGOs and CBOs, there must be greater at­ten­tion to cy­ber­se­cu­ri­ty, in­clud­ing reg­u­lar as­sess­ments to en­sure that net­works have not been com­pro­mised.

It is, how­ev­er, im­por­tant to im­prove de­tec­tion and pro­tec­tion sys­tems and work con­sis­tent­ly to keep ahead of the cy­ber crim­i­nals.