Cyber attack warning to businesses

Barbadian enterprises have been advised that hackers are not interested in whether businesses are small our large, brand named or new obscure, they are all vulnerable to cyber attacks.

This caution has come from Dwight Robinson, President of the Information Systems Security Association (ISSA) Barbados Chapter, who addressed the issue of technology risks.

The assistant manager of risk advisory with audit firm Deloitte, revealed that over the last 18 months, there have been several cyber attacks on global companies and some enterprises in Barbados.

“Right now, it feels like the Wild Wild West when it comes to cyber attacks. Every day you turn on the news, it’s a new attack on some company or some critical infrastructure. We’ve seen hospitals, law firms . . . . even the MTA Transit system has been attacked recently as well. It’s been incredible.”

Robinson added: “They’re not just lone wolves out there on the Internet looking to attack individuals. These are criminal enterprises, and that’s the structure right now. And that’s one of the reasons they can have such a strong reach in terms of attacking companies and individuals across the globe.” It was for this reason that the IT expert is pushing for locally based businesses to be complacent about their susceptibility to cyber attacks or criminal hackers.

Explaining that the COVID-19 pandemic had created the conditions for more cyber attacks, Robinson said people were online more often now, working from home, and their desire to learn more can lead them to click on links or attachments in malicious emails purporting to offer information.

“We’ve seen a lot of phishing attacks, especially COVIDthemed attacks, where they send emails to employees, luring them in, in terms of providing them with information that can look enticing on the topic of COVID – could be vaccines or COVID stats overall – and getting them to click on links or open attachments. And then they attack these organisations, spreading malicious software on these networks and exfiltrating data as part of the process, too.”

According to the Deloitte senior executive: “For businesses, it is difficult to secure these individuals the way they would normally. So, people are at home, they are less focused on work. They’re more likely to click on an email and not pay attention that it is something malicious. They may also have a laptop that doesn’t have up-to-date software, too, and that then exposes the organisation.”

Describing the current environment as extremely enticing for cybercriminals, he urged business operators to make themselves more aware of the level of risk to which they are exposed.

“Here in Barbados, we don’t have the regulation that says attacks must be reported, so it’s difficult to quantify how prevalent attacks are here in Barbados. I think since 2018, we’ve seen a couple of attacks on supermarkets and individual firms, but the actual quantity is not numbered because we don’t know how prevalent they are.

“We don’t know how many companies have been attacked; we don’t know what types of attacks are prevalent, and I think that’s one thing that’s lacking. That framework that requires that attacks on companies be reported, to give a sense of businesses knowing how vulnerable they are and how prevalent attacks are here in Barbados.” (IMC1)