#BTEditorial – Cyber attackers have us in their sights

A report from the accounting firm Deloitte observed that for several years, businesses and organisations in Barbados and the rest of the Caribbean were being targeted by cyber attackers and that the risk was steadily increasing.

This is important to note as the country is witnessing a barrage of cyber-attacks on critical institutions. They range from our main healthcare facility to commercial banks and credit unions, to retail operators and individuals.

The matter is becoming so widespread that it is causing a degree of suspicion and anxiety about the security of our electronic data, whether it is emails that we are sharing or our banking transactions with financial institutions.

According to the Deloitte study, the first wave of ransomware attacks in the Caribbean started in 2013 and since then, they have not abated. The attempts of data breaches have also risen.

Of course, we remember the period when bad actors from Eastern European countries such as Bulgaria were being arrested by law enforcement for using various methods to bilk thousands of dollars from account holders using the automatic banking machines (ABMs).

Collectively, our banking sector moved swiftly to upgrade ABM  cards and added stronger security features to their ABM machines to make it more difficult to violate. Those actions helped to stem the tide of abuse in that form.

However, what we are facing today, is attacks on our financial system and data-heavy institutions by culprits who have the ability to conduct their nefarious activities from anywhere in the world using the world wide web.

One of the most insidious recent attacks was that on the Queen Elizabeth Hospital (QEH). It crippled the provision of critical health care to the most vulnerable and caused panic as people wondered whether their most sensitive health information was compromised in the process.

The QEH cyber attack has taken some time to fully resolve. In fact, we are still not absolutely certain that all the disruptions have been fully addressed and we have no idea who was behind the attack and what exactly they wanted to achieve.

In its January 1, 2023 progress report on the attack, the Queen Elizabeth Hospital said its local information technology team was working with outside experts to resolve the matter. The QEH revealed it was also “cleaning the hospital’s computer systems” and “return to regular internet-based activity would occur in a phased approach across the hospital”.

In the Deloitte report titled Taking Data Hostage: The rise of Ransomware, the firm pointed out that ransomware differed from other types of cyberattacks in that the objective was to make the victim pay money directly to the person who hijacked the information.

It was noted also that some malware attackers tended to take more effort to sell stolen credit card information, for example. “Ransomware also differs in that the goal isn’t to steal data but to deny access to it until money has changed hands. That makes it about availability, whereas, other cyber-attacks seek to breach confidentiality and compromise integrity and privacy,” Deloitte pointed out in the study.

While this may seem the stuff that only impacted big, sophisticated, high-flying organisations, this is far from the truth. Just hours ago, chief executive officer of the City of Bridgetown Co-operative Credit Union (COB) Steve Belle, was compelled to reassure the credit union’s thousands of members that their funds were safe following a cyber-attack on that financial institution.

As a result of some questioning from talk show host moderator and attorney Sada Jemmott on Voice of Barbados, Mr Belle conceded that it appeared the motive behind the attack was to force the credit union to pay money to the attackers.

It is obvious that Barbados, though tiny and less endowed than many other nations, is apparently high on the radar of cyber attackers and cyber criminals, who believe we are a soft target.

In its 2022 financial report, regional conglomerate Massy Group, said it too had been the subject of a cyber-attack as cyber criminals tried to breach its data storage systems.

Such is the new order of living and since we are unable to return to the old days of complete paper-based activity, organisations and individuals will have to find ways to mitigate the risks to which we are now all exposed.