Local NewsNews Expert says tough Cybersecurity Laws needed by Randy Bennett 21/12/2022 written by Randy Bennett Updated by Stefon Jordan 21/12/2022 3 min read A+A- Reset Share FacebookTwitterLinkedinWhatsappEmail 244 A top international cybersecurity expert says security systems in Barbados and the rest of the region are about five years behind where they need to be. And while he stopped short of giving them a failing grade, Ricardo Martinez, chief revenue officer of the Florida-based DigitalEra Group that has been working within the region for the past 20 years, said those systems were well below international standards. His comments come in the wake of a cyberattack at the Queen Elizabeth Hospital (QEH), just over a week ago, which crippled operations at the island’s sole public hospital. As a result of the cyber incident, some surgeries and appointments were postponed and the hospital’s pharmacy was temporarily closed, while other services were also impacted. In an exclusive interview with Barbados TODAY, Martinez said an occurrence like that in the United States would have resulted in regulators imposing substantial fines. “That hack that occurred to this hospital, had that happened in the US they would be violating HIPAA [Health Insurance Portability and Accountability Act] compliance. There’d be multiple lawsuits and there would be fines from the regulators – hefty fines, probably in the millions of dollars – because of the systems that were hacked and the personal identifiable information of patients that was lost,” said the senior executive at DigitalEra Group, a specialised solutions provider offering cybersecurity consulting, strategies and services. You Might Be Interested In Crystal Beckles-Holder, 2nd runner up in regional competition GUYANA: Body of child found after gold mine collapses Barbadians asked to help with return tickets for Haitians Martinez, who has over 18 years’ experience in the cybersecurity field and has worked with American global computer security software company McAfee Corp., said the standards of security systems in the region were simply not up to par. “I think that there is much more awareness from organisations, they just haven’t implemented them and they haven’t really adopted good security practices. If I was to give them a grade I wouldn’t fail them, but they wouldn’t be passing, they’d be in the D to C- level just because they do have the technology. “A lot of them are leveraging legacy technology, which is unfortunate, and I think that’s part of the problem, obviously, with separate islands throughout the region, and there are not very good security practitioners in the region. A lot of the times when you go into technology you go into IT, you’re now focusing on the cloud, but there aren’t that many cybersecurity experts in the different countries to help support the number of businesses that need this type of service,” he said. “So, I think the maturity is not where it should be. They [the region] are usually about two to three years behind, but right now I’d say they’re probably about five years behind advanced security programmes like in the US.” Martinez suggested that tougher legislation governing cybersecurity be introduced in Barbados and the region. He suggested that laws that make it mandatory for cyberattacks to be reported would encourage businesses to beef up their security systems. “I think it does help the awareness and also up-levels cybersecurity. So now that you have to disclose it, you’d be more inclined to protect your systems rather than have to announce to the world that you have been hacked,” the cybersecurity expert said. “So, I think just by having that mandate will have organisations rethinking their strategy on cybersecurity and making sure that they are implementing the right tools and processes to avoid them being exposed.” randybennett@barbadostoday.bb Randy Bennett You may also like Protecting our children: The danger of the Anti-vax movement – Part 2 22/12/2024 What Trump 2.0 Could Mean for the Caribbean Region 22/12/2024 69 BDF recruits complete training 22/12/2024