The critical role of employee training in Barbados’ Cyber Defence Strategy

Disclaimer: The views and opinions expressed by the author(s) do not represent the official position of Barbados TODAY.

There is no doubt that Barbados has embraced the digital technology age. From basic email – which I consider to be a killer Internet application – to digital coupons, the reliance on modern technology is greater than ever. Statistics from the Telecoms Unit confirm this reality, with approximately
90 000 fixed land broadband subscriptions and 171 000 smartphone subscribers.

What remains in doubt, however, is the commitment needed to secure our digital borders and, specifically, our networks, given this increasing dependency. 

Some may argue, “Wait a minute, Steven, we’ve invested thousands of dollars in cyber defence technology, such as next-generation firewalls and network monitoring systems.” My simple response would be to question whether there is an equal investment in upgrading the knowledge of staff, making them part of the defence as well.

Even the best cyber security system can be undermined by a staff member who inadvertently clicks on a phishing email designed to gather intelligence about the individual or, even worse, the entire network.

According to Kaspersky, a prominent end-user desktop cyber security provider, the leading cause of data breaches is stolen or weak credentials. If malicious criminals possess your username and password, they have an open door into your network.

While we may not be nationally known for publishing our security breaches, let alone the reasons behind them, statistically and strategically, it’s easier to compromise an individual than to directly hack an organisation’s firewall and security systems.

Indeed, technological advancements and the increasing dependence on digital platforms have brought unprecedented benefits to Barbados. However, they also present a myriad of risks and threats. In a nation where corporate resources are limited yet we are adopting technology, making it part of an organisation’s critical infrastructure, the focus on securing digital assets must be equally paramount. Still, there exists a glaring gap in our approach to cyber defence: the human factor and error.

Statistics reveal that a significant portion of cyber breaches can be traced back to human mistakes, often made by well-intentioned employees who lack proper training. While firewalls and security technologies form a formidable barrier against external threats, they are only as robust as the people who interact with them daily.

In a world where cyber attackers continually evolve and employ sophisticated tactics such as Artificial Intelligence to obfuscate their intentions, relying solely on technology is a perilous strategy. Education, awareness, and continuous training of staff are essential components in building a robust cyber defence system. Here’s why:

•    Understanding the Threat Landscape: Cyber security is not static, and a trained staff member today may not be compliant tomorrow. New threats emerge daily and old threats evolve into more dangerous forms. Continuous training equips staff with the knowledge to recognise and respond to these threats.

• Empowering the First Line of Defence: With proper training, employees become empowered to act as the first line of defence, recognising suspicious activities and taking appropriate actions to prevent breaches.

• Cultivating a Culture of Security: Cyber security is a company-wide commitment. Training fosters a culture where security is everyone’s concern.

• Compliance and The Law: In Barbados, although a specific cyber security act is not in place, most companies are governed by the Data Protection Act 2019. This law requires an assessment of security, considering risks such as accidental or unlawful destruction, loss, alteration, or unauthorised access to personal data. Training helps staff understand these legal obligations, enhancing the organisation’s security posture.

•  Reducing the Cost of Breaches: Investing in staff training can significantly reduce the risk of a breach, saving the company money and its reputation.

In conclusion, the digital age has brought unprecedented opportunities to Barbados, but it also comes with new challenges. Investing in technology must be matched with investing in the people who use it. 

Cyber security training for staff is not a luxury; it’s a necessity. As Barbados continues to grow, let us not overlook the human element in our cyber defence strategy. After all, technology is only as strong and effective as the people behind it.

Steven Williams is the Executive Director of Sunisle Technology Solutions, an Information Technology Consulting firm, and the Principal Consultant of Data Privacy and Management Advisory Services, specialising in Data Privacy Solutions, compliance, personal data management, and breach protection. He has also served as the IT Advisor to the Government’s Law Review Commission, with specific responsibility for informing the commission on the technical aspects of the upcoming Cyber Crime Draft Bill.

Steven has a Master of Business Administration from the University of Durham and has recently earned key designations as a certified Chief Information Security Officer by the EC Council, a global leader in InfoSec Cyber Security certification programs, as well being a certified Data Protection Officer by the Professional Evaluation and Certification Board (PECB) which provides education and certification under ISO for individuals on a wide range of disciplines.