Over the past several weeks, attention on cybercrime and cybersecurity appears to have increased. Is this a signal that Caribbean countries and the region as a whole are readying themselves to tackle these issues?
Whether planned or by coincidence, over the past few weeks there has been a marked increase in the conversations on cybercrime and cybersecurity across the Caribbean. The uptick appeared to have coincided with the Caribbean Internet Governance Forum, organised by the Caribbean Telecommunications Union (CTU) and held in Curaçao during the week of 9 September, which was followed soon thereafter by the Carib Network Operators’ Group (CaribNOG) meeting in Belize.
To their credit, the CTU and CaribNOG have been sensitising policy makers to key cybercrime and cyber security issues for the last couple of years, and have forged strategic partnerships with a few international agencies for technical support. Although it appeared that their efforts had fallen on deaf ears, they might be getting some traction after all. In recent months, and as reflected in our weekly ICT/tech new roundups, countries in the region, both individually and collectively, seem to be having more discussions on cybercrime and cybersecurity, but more importantly and to varying degrees, might be beginning to take some action.
For example, countries have been having their own local meetings to discuss the topics, as well as to advance discussions on specific systems, such as Internet Exchange Points, which are a critical component of any digital security and sovereignty framework that is being considered. Further, plans are underway in Jamaica to establish a Cyber Emergency Response Team (CERT), which is being done with technical support from the International Telecommunications Union (ITU), among others, and should be operational by year end.
Additionally, other noteworthy initiatives that support country-level and regional efforts has been the establishment of the Caribbean Cyber Security Center (CCSC), which offers services including, penetration testing, and vulnerability and risk assessments. Over the past several months, the CCSC has been gaining visibility across the region, and recently, it launched THINKCLICKSURF, which provides guidance to children, parents and teachers on being safe online. Although a wealth of tips are available on the THINKCLICKSURF website, the CCSC team can also develop customised programmes, which so far, Curaçao has invited them to roll out.
No resting on laurels
Although the above paragraphs highlight some of the strides that have been made across the region to begin to address cybercrime and cybersecurity, it must be emphasised that we should not be resting on our laurels. About two weeks ago, reports surfaced that banks in the Cayman Islands had been the victim of fraud perpetrated via email:
The RCIPS’ finance cops say there have been a number of incidents where fraudsters have acquired bank details by hacking email accounts and sending fraudulent wire instructions…
The police said that hundreds of thousands of dollars have been fraudulently wired from the Cayman Islands to the US, Hong Kong, Singapore, Malaysia, Denmark and other jurisdictions. By the time attempts are made to recall the fraudulent wires, the funds have been collected and it is too late…
(Source: Cayman News Service)
Although banks and other financial institutions tend to be more aware of their susceptibility to fraud and other crimes, and as such aim to be continually vigilant, other organisations – both public and private – might not be as inclined. For many, the cost and expertise needed to address vulnerabilities found within their organisations might be perceived of as a headache they wish to avoid. Furthermore, for decision makers (i.e. those who sign the cheques and approve major initiatives) matters related to cybercrime and cybersecurity, along with how their organisations are vulnerable to attacks, are often not easily understood and appear to detract from whatever their core business might be.
Having said this, cybercrime is not going away, but promises to become more sophisticated in the coming years, as outlined by Trends Micro below. Hence it is hoped that the attention that it and cybersecurity have been getting in the Caribbean will continue, and that a cogent and more proactive approach will be implemented in individual countries, bolstered by regional collaboration and support.
Image credit: Stuart Miles / FreeDigitalPhotos.net
___________
I think it’s just you. While I know that there are technocrats within the Government agencies who are serious and dedicated to cybersecurity legislation, it stops with the ones required to get that legislation to become law.
Even with the private sector, which is made up of many small businesses, they don’t take the cybersecurity risks seriously, or more accurately, as a priority.
Lol, Sachin. I kinda have to agree with you. There are those who are diligent and really want us to progress with respect to cybercrime and cybersecurity, and those who, for whatever reason, are not as supportive of the efforts needed…
Hi Michele, as usual, you presented a very thoughtful perspective on a critical ITC issue facing the Caribbean. I was attempting not to say critical because it seems that we are always in a critical condition, even when we intend not to be. But I’m using critical not to mean disparaging, but something that requires thoughtful analysis, like your blog intended. What caught my eye first in the blog was the sign post, and my immediate response was, yes! This captures the key terms associated with cyber security. For rice and peas, my company’s website was hacked badly recently and we are now redesigning it to be more robust, while making it more immediate to our stakeholders. With our knowledge of the vagaries of the Web we should have been in a proactive mode for low level hackers, and this caused me to think whether there wasn’t something deeper, something hidden deep in the recesses of our mind about what it means to be vulnerable, and why this concern for vulnerability took precedence over what it means to be resilient. As a communication practitioner my association with “password” in the word group was that your question was right on point, “Is it me?” because I saw “crossword.” But password is quite appropriate here because we have not identified or presented policy makers with access to understand the urgency of these issues, so there is no shared meaning about what constitutes appropriate action to deal with cybersecurity and cybercrime. I suspect that these issues serve to drive people into traditional analog cocoons where they can moralize on why not to digitize our data and organizations so we can have greater access to information for strategic decision making in a timely manner. Unintentionally, you might have helped them. Visually, I think this blog in attempting to point out the gravity of the situation might used tapped into the social defenses of policy makers about youth and technology (video clip), which serve as a cover story for their “passworld, sorry about the pun.” So to be optimistic, we have to take small gains and push forward with relevant culturally sensitive strategies that would reduce the level of dissonance in the message. We have to select the right audiences for these mesages. I would like to take the opportunity to thank you and those small groups of persons — the champions — in the Caribbean Telecommunications Union (CTU), Carib Network Operators’ Group, and the Caribbean Cyber Security Center and international partners like the International telecommunications Union for this wonderful leadership you have undertaken. It’s not you alone, it’s us too. Oh, I just thought about a password can that activate elected officials, “VOTES.”
Thanks Omowale. I do agree that the password for most policy makers might indeed be “votes”, and it might be the key to unlock the support necessary to really get the issues addressed.
On a separate note, I was wondering whether you have any idea why your website was hacked?
So many of us still believe that our websites and online presence are under the radar. However the likely truth is that we are being monitored more than we think…
I disagree that Caribbean as a whole is taking the topic seriously.
Cyber threats/attacks/risk are bubbling to the top of the news but that is just raising awareness of the issue. With my customers across the Caribbean basin, organizations that are heavily regulated and must comply with compliance frameworks are generally in a better position to deal with cyber risk. However, compliance does not equal security.
The expectation that a single vendor or product is going to solve all of our problems is an issue with the businesses. That is akin to saying that because we have police, we do not have any crime. The public and private sectors need to recognize that no one is going to solve the problem on their own. No one has seen all the threats. No one has all the experience in the world. You are never the smartest person in the room.
You are only as effective as your least capable unit. If your unit only has experiencing dealing with one location or type of threat, how can you possibly hope to cope with the dynamic nature of the Internet and contantly evolving threats. The Caribbean needs a security comminity spanning countries, industries and most importantly having ties with other geographies e.g. the Americas, EMEA, APAC. The idea that an island nation can be completely self sufficient in a global economy quite simply a farce.
Michele, I think there are several reasons and one being that we might have assisted in its demise by not being proactive in updating the site, which was 7-years-old. When you consider that about 30,000 sites are hacked a day, mostly small businesses like mine (Forbes.com), there isn’t much flying under the radar that can be accomplished if you don’t conduct due diligence. You would think that a communication company would know that, so much for the paradox. My first thought, still is, was that progressive companies are identified to be stymied because there are coming on the radar of their competitors. Well that reasoning is great for the ego, even though it has solid validity. You see, we have included the Website development into our resilience framework that includes a futuristic mapping. We now have a highly skilled IT developer certified in security codes, making us much more robust than our previous operation, but we also feel privilege to have her on-going technical support because the cybercriminals are getting smarter in distributing their viruses via e-mail and software. We are all in a communication network so the responsibility is on each of us to be smarter too. Thank you for your question.