While there has been a noticeable increase in the number of cyber attacks against firms in the Caribbean in recent years, companies are still under-reporting those attacks due to fear of reputational damage.
There is also concern that companies are not investing enough in cyber security systems and that countries are not collaborating more and harmonising laws to help fight cyber threats.
These points were raised during the oneday regional hybrid Anti-Money Laundering and Cybercrime Conference held at the Sagicor Cave Hill School of Business and Management on Friday.
Cybercrime Policy Specialist at the Caribbean Community (CARICOM) Implementation Agency for Crime and Security (IMPACS) Dale Joseph said that in 2022, there was a significant number of reported cyber crimes including malicious software, phishing attacks, digital blackmail, ransomware, online romance scams and email compromise.
“Digital blackmail speaks specifically to some of the activities we observed during the COVID-19 pandemic because of the lockdown protocols and more and more people were using online platforms to share personal information,” he explained.
“When this information was shared, sometimes criminals would ask for money for it not to be disclosed or posted on the Internet.
We have and continue to have quite a bit of ransomware incidents in the region . . . . From just a commonsense standpoint, there is no guarantee that when you pay these criminals you will regain access to your data. We are seeing quite a bit of this in our member states.”
Fast forward to 2023, Joseph said cyber crimes have continued, with some being more popular than others. He said there were “a few” online cryptocurrency scams in member states with people investing and criminals making off with their funds.
“One of the ones we have in the region that is most popular is an online scam called pig butchering. This speaks to someone befriending you online and encouraging you to invest in an online investment scheme. When you invest you get some really sizeable returns and then after a while when you invest more of your money, they disappear,” he explained.
He said the scams were not limited to individuals, pointing out that “a lot of financial institutions and small and mediumsized businesses are being fleeced of a lot of money”.
Joseph said criminals were also offering scam services for sale on the dark web.
Pointing out that IMPACS had a cyber security and cybercrime action plan that was signed off by member states in 2016, he said the region was in need of harmonised legislation to share required information so that perpetrators could be brought to justice.
The action plan calls for several main areas of implementation – public awareness, sustainable capacity building, enhancing technical standards and infrastructure, enhancing the legal environment to include legislative harmonisation and enhancing regional and international cooperation.
Specialist Financial Investigator with the Royal Cayman Islands Police Services (RCIPS) David Templeman said there was a belief that firms were underreporting cyber attacks and cybercrime, though these types of crimes continue to increase.
“We suspect that it is due to the firms’ attempts to protect their reputation and give their customers confidence that they are doing the right thing toward protection with respect to cyber security,” he said.
Templeman also expressed the view that firms were underinvesting in cyber security measures, which did not allow them to keep up with more sophisticated and targeted attacks.
Though noting that the European Union had made it mandatory for some sectors to report cyber attacks, he said, “I don’t think we can legislate our way out of this problem.I think more awareness is [needed]. At the moment we are not yet [there].” (MM)