Upgrade cybersecurity systems, warns expert

Governments and companies across the region have been urged to re-examine their cybersecurity infrastructure as cyber threats evolve beyond data theft to direct attacks on business operations.

The advice has come from Matt Castonguay, chief revenue officer at Hitachi Cyber, who has warned that hackers are no longer interested in stealing only data.

Speaking on Thursday at the Hitachi Cybersecurity Leadership Summit 2026 at the Hilton Barbados Resort, Castonguay warned that modern cyberattacks are increasingly designed to disrupt or shut down critical systems, creating wider financial and reputational fallout.

“In the past, cybersecurity breaches have been mainly targeting data. We’ve heard about ransomware — you get your data locked out, you pay a fee, you get a key, get your data back. Now we’re seeing more deliberate attacks at operations, trying to shut down operations,” Castonguay said.

He said ransomware tactics have also evolved, with attackers now focusing on crippling entire systems rather than simply encrypting files.

“We’ll shut down your operations, we’ll shut down your systems, and now you have to pay to use the key to get access to your systems again,” he explained. “So there’s been a kind of an evolution in these levels of threats and the ways that bad actors are actively targeting your business.”

Castonguay highlighted identity-based attacks as the primary entry point for most major breaches, despite advances in cybersecurity technology.

“If you want to look at the trends to watch, identity-based attacks remain the primary entry point.” 

“It’s crazy that after all this sophistication, so many breaches are someone who clicked on the wrong link, someone’s credentials that got hacked, people using the same password across different websites,” Castonguay said.

He said compromised credentials often end up on the dark web and are then used in attacks against corporate systems.

“So identity access management still remains one of the primary points of all these big breaches that you hear about,” Castonguay added.

Artificial intelligence, he said, is further increasing the scale and effectiveness of cybercrime, particularly phishing attacks.

He said attackers now initiate seemingly harmless interactions that gradually evolve into phishing attempts.

“AI is increasing the scale and precision of phishing attacks. Before, you’d see the email and you’re like, okay, this doesn’t make any sense, the English is all wrong. Nowadays, it’s so sophisticated that bad actors are creating chatbots and AI agents that are simulating a conversation,” Castonguay pointed out.

“It starts a benign conversation with you, and then eventually leads to a phishing attack. So the level of sophistication has stepped up quite dramatically with the advent of AI.”

Castonguay also warned that supply chain vulnerabilities remain a major and often overlooked risk for companies.

He noted that breaches at third-party vendors can still result in reputational damage for the main company.

“Supply chain exposure, this is a major one,” he said. “We’ve seen many breaches where companies have great cybersecurity policies, they’re protected, they’re monitoring, they’re doing all these things, and then they use a third-party vendor for certain aspects of their business.”

“That third-party vendor might have some limited access to customer data, but they might not be secure, and they end up getting breached. Then it’s not the third-party vendor that gets the blame, it’s the company itself.”

In recounting real-world consequences of poor cyber defences and policies, Castonguay pointed to the high-profile Colonial Pipeline breach in the United States.

“There was a Colonial Pipeline in Texas that was breached two years ago. It was an old VPN account that still had administrative privileges, but nobody was using that account. It was from a former employee and it was still there and it was dormant, but it had full rights.”

“Through brute force, someone was able to find access to this account, get access to the whole network, and then just start taking things apart,” Castonguay said.

“A simple cybersecurity assessment or review of the policies would have listed inactive accounts with administrative privileges. It should have been something simple to detect.”

He said the failure to address that basic issue resulted in “tens of millions of dollars in ransomware and business outage damage, as well as reputational damages.”