190,000+ Facebook fans; millions of page views every month, locally and worldwide — St. Lucia News Online… still ‘The People’s Choice’ :)

COMMENTARY: Cyber criminals – a growing concern in the region

By James Bynoe, CEO Caribbean Cyber Security Center www.caribbeancsc.com

 Share This On:


The Caribbean Cyber Security Center (CCSC) continues to urge the Caribbean region to take the growing threat from cyber criminals and hackers seriously.

CCSC estimates that on a frequent basis, Caribbean businesses, organisations, governments and homes are targeted and scanned for information system weaknesses and vulnerabilities that can be exploited, yet very little has been done comprehensively to combat this growing national security, public safety and economic development threat.

In the last 12 months, we have seen reports from all across the region of network breaches, website defacements, ATM scams, denial of service attacks, and credit card fraud incidents. According to recent reports from leading global security organisations, in 2013 the region saw significant increases in data breaches, banking trojans, mobile malware and other online threats.

While we are pleased to see justice served in the recent sentencing of the ATM scamsters in Barbados, ATM scams represents only one front of the multi-front cybercrime war we face as a region. Cyber criminals must not only be prevented from ATM scams (by the entire banking sector finally moving to more secure ATM technologies), they need to be prevented from breaking into business, government, and home computers all across the region.

In recent months, CCSC has responded to successful and unsuccessful attempts by cyber criminals and hackers to steal thousands in revenue from businesses and individuals. We believe that as a region we could be losing millions via unsecure and unprotected work and home computers which are compromised “right now” without the system owners or home user even knowing it.

Our belief is based on the extremely low level of regional cyber security awareness, non-adherence to cyber security best practices and standards, and the time it takes an average person, business, organisation or government to realise they have been “hacked or compromised”, which can be as long as two to three years. Additionally new cybercrime and hacker techniques like the Advances Persistent Threat or APT have become more sophisticated with cybercriminal and hackers remaining undetected for longer periods of time while slowly stealing a wide range of information to sell on the cybercrime black market or to execute fraudulent financial transactions.

Unfortunately the region has been largely unresponsive to this threat due mainly to (1) a cultural norm to be slow at act while discussing topics to their outer limits. This slow-to-act cultural norm is playing right into the hands of cyber criminals and hackers who are using our low level of cyber awareness and preparedness to defraud us daily, (2) economic challenges being faced by many organisations, and (3) failure of public and private sector leaders to budget and invest in cyber defenses.

Ironically each day our telecommunications industry as supported by many governments seek to expand internet access to all corners of the region which in essence is providing cyber-criminals and hackers with more and more potential cyber victims. Additionally, to complicate matters we have a few regional and international organisations with resources to assist in combating the cyber threat that can’t seem to get off the conference “talk circuit” and get down to the brass tacks in raising regional cyber security awareness in a tangible way.

So today we find ourselves in a place where the public and private sectors are failing to take proactive measures to budget for and implement effective cyber protections to protect their data assets which are often the personal and financial information of their clients and customers; many home computer operating systems are outdated and have no effective antivirus, spyware or malware protection software installed; and many families do not know the do’s and don’ts of the internet and how to protect themselves from the millions of online cyber predators that exist today.

So what are the some key things that must be gone to start making our region cyber safe in a sustainable manner?

• All prime ministers (PM) have to make combating cyber crime comprehensively a national priority as has been done by other governments worldwide, and create a cyber crime leadership post that reports directly to the PM’s office. Simply adding cyber security to a minister’s portfolio as is typically done will not be enough to combat this threat due to the current low level of cyber awareness that exist today, and the attention that it needs.

• The throttle on implementing a wide range of cyber security\crime laws, legislations, and Acts needs to be increased. Current efforts to establish a comprehensive set of cyber laws and legislation are too slow and are not effectively keep up with the evolving cyber threat whatsoever. The bureaucratic processes we have established to implement new laws and legislation in the region has to be brought into sustainable alignment with the evolution of technology much better than is being done today. Additionally, cyber crime reporting laws and legislation will pay a key role in giving us the much needed data on the real world impact of cyber crime on the region, which is a key part of the challenge we have in taking this threat seriously.

• The private sectors, namely ICT and telecommunications organisations, need to play a more socially responsible role in helping the region educate the masses on the cyber threat as Columbus Communications\Flow has started to do regionally, as combating cyber crime is a multi-stakeholder issue and not just a problem for government to solve. Additionally, both the public and private sectors need to proactively start budgeting for cyber defenses in the operating of their information systems and view investments in cyber defenses as a cost-saving customer protection measure, and not just the IT guys wanting new toys to play with. Just as we spend and budget for guards and security systems, budgeting for cyber defenses is more critical than ever.

It is clear that the Caribbean is becoming more and more dependent on technology and the internet in many aspects of our daily lives, just as the cyber threat gets more dangerous and damaging. We simply cannot afford to stay the current unaware, unsecure course as the cost of recovery from a cyber-incident has been proven to be significantly higher that being proactive and getting your network or home computer tested for system weaknesses and vulnerabilities that need to be remediated.

So as we promote the effective use of technology regionally, we must, must, must do so with a keen understanding of the cyber threat and invest in cyber protections from the management, operational and technical security controls perspectives.

The reality is that cyber criminals and hackers are always communicating and looking to exploit system weaknesses and vulnerabilities in order to steal money, intellectual property, and identities and they “have targeted the Caribbean”.

The last thing the Caribbean region needs in these challenging economic times is to be known as an unsafe region to do cyber/internet dependent business, or use credit cards in the case of the tourism industry.

As one of the fastest growing internet-penetration regions in the world, we in the Caribbean can no longer afford to ignore the cyber threat we face today or in the future, as that next cyber victim may be YOU.

(0)(0)
This article was posted in its entirety as received by stlucianewsonline.com. This media house does not correct any spelling or grammatical error within press releases and commentaries. The views expressed therein are not necessarily those of stlucianewsonline.com, its sponsors or advertisers.

4 comments

  1. BE SMART AND BECOME RICH IN LESS THAN 3DAYS….It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I’m rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) and i only spent 200$ to get the card.Only serious individuals should contact him because he is very straight forward if you dont have the money dont even borther to contact him and his serives is 100% trusted i am a living testimony. Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..

    (0)(0)
  2. a lot or work needs to be done in regard to internet security and hackers. we are very vulnerable in the Caribbean. the service providers need to do more to protect its customers from these cyber attacks

    (0)(0)
    • Yes, while I a free that ISPs need to do more in securing their networks, the customer has, as far as I am concerned, a greater role to play in securing their investments. For example, simple things such as updating software and implementing anti malware, anti virus, and firewalls can go a long way in securing private networks (not saying these will prevent all intrusions).

      The reality though is not encouraging. Most people do not implement any of the above. I agree with the article which indicates that our culture needs to change with regards to network security.

      (0)(0)
  3. Good article. The sad thing is that people don't understand the seriousness of cyber crimes until they hear the damage in monetary terms, or until they are faced with a situation where they lose money. I hope organisations take heed and invest in cyber security measures.

    (0)(0)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.