There is literally nowhere to operate in today’s environment that does not result in some level of exposure to cyberattacks.
Were people to stop for a moment and count the number of places – institutions, healthcare facilities, attorneys’ offices, doctors’ offices, airlines, stores, banks, government departments, utility companies, government statistical departments, police stations, insurance companies, and their employer – they will discover that a great deal of personal information is scattered across several areas.
Back when that information was stored on paper, access was limited to those who worked directly in those areas and chances of it being removed were also limited. The likely forms of dissemination were photocopying and fax machines.
Today, with email, smartphone cameras, QR codes, Bluetooth, and Internet access, your personal information could be accessed by people in other countries, exposing you to fraud, blackmail, bullying, and theft. Your identity can also be cloned and used for all kinds of nefarious activities.
Our personal data, whether it is your name and address, your medical condition, legal matters, your financial details, information about your family and children, or sources of your income, are all subject to public exposure.
A few years ago, several Barbadians fell victim to automatic banking machine fraudsters from eastern Europe who trained their attention on what they viewed as a soft target.
Luckily, local financial institutions have significantly upgraded their hardware and software, thus mitigating such attacks.
The problem for us is the attacks that are coming our way from bad actors in all corners of the world. Barbados’ global profile has risen and so has our attraction to online attackers.
According to industry experts, there has been a significant uptick in the frequency and sophistication of attacks on the financial and banking sector.
Financial institutions were the second most impacted sector, based on the number of reported data breaches in 2022. Institutions in the United States, Argentina, Brazil, and China were reportedly most affected.
As of December 2022, finance and insurance companies globally experienced 566 breaches, leading to over 254 million leaked records.
Here in Barbados, companies of various kinds have been the subject of cyberattacks and ransomware incidents.
The Massy Group acknowledged in its annual report that it had been the subject of a cyberattack, while a local bulk shopping business had its membership data breached. A leading credit union spent substantial amounts of money to reinforce its cyber security following a breach by attackers who reportedly demanded millions of dollars from the financial institution. It is also understood that a regional company with operations in Barbados reportedly paid ransomware attackers substantial sums to regain access to its stolen business data.
In addition, many commercial bank customers had to be issued new credit and debit cards after their accounts had been compromised.
In the latest annual Financial Stability Report issued jointly by the Central Bank of Barbados and the Financial Services Commission (FSC), cyber threats were identified as among the key concerns of the regulators of our financial system.
As Barbadians embrace electronic transactions and online banking, the Central Bank and FSC cautioned that “a successful cyberattack on a systemically important financial institution can destabilise the entire financial system and, by extension, the economy”.
“A cyber breach of any component of the payments and settlement system can also be very detrimental to financial stability and overall economic activity,” they added.
The danger that cyberattacks pose is significant and though new laws have been introduced, such as the Data Protection Act, there needs to be greater public engagement on the individual rights and the legal obligations of those who store and manage the personal data of citizens.
As Barbados’ Data Protection Commissioner Lisa Greaves cautioned during a public discussion, businesses and professionals such as lawyers and doctors face far-reaching implications for non-compliance with the data protection laws which guide the collection, storage, manipulation, sharing, and erasure of personal information on Barbadians.
