When you hear the word “Caribbean,” what come’s to your mind?  Is it the awesome beaches?  Clear waters full of marine life perfect for diving?  Pirates? Spring break?  I know many will have different opinions on this one but would you ever think of the Caribbean islands as victims of cyber hacking?

According to Internet World Stats, 28.7% or 11.9 million users out of the total 41.4 million Caribbean population now use the Internet and almost 70% of the population is now using mobile phones which can be used for mobile banking, cash/cardless transactions, logging into social networking sites, and download apps.  Most of the mentioned activities access a user’s personal information and if their internet connections aren’t secured, consumers would be vulnerable to identity theft as well as become victims of malware, phishing and other malicious web activities.

Rising cyber threats

Earlier this month, Telecoms Company LIME Barbados said in a press release that they experienced a deliberate attack on their internet infrastructure from an external source but assured customers that the incident was not widespread and their servers were not compromised.

This type of attack is serious but the Caribbean Governments aren’t paying much attention to the issue.

Time to wake up

Informative and thought-provoking Caribbean web blog, ICT Pulse, published a two-part piece regarding the state of cybersecurity in the Caribbean.  The first part consisted of the interview with Barbados-based Niel Harper who has over 16 years experience in Telecommunications Engineering, Information Security Management, Business Continuity Management, Enterprise Risk Management, and ICT Regulation and Policy.  The second part featured the interview with Garfield Gordon, Territory Systems Engineer for Cisco Systems Inc., based in Jamaica.

When asked about the state of cybersecurity in Barbados and in the Caribbean in general, Harper stated that, “Precise figures are hard to provide due to the fact that many companies in Barbados and the wider Caribbean do not report breaches.  This can be due to numerous reasons, ranging from the reputation (regulatory consequences and service outages) and financial (share prices hits or revenue decreases) risks associated with the compromise of private information, to the fact that there are no pervasive legislative frameworks which mandate that firms report breaches to government or to their customers.”

“However, I would say that approximately 60% of organizations in the region have had at least one security incident over the last 1–2 years. This is mainly due to the growth in online data, as well as the increasing sophistication and organization of attackers. Other key factors are poor security practices, insufficient training and support, and the continuing use of unpatched or out-dated software. Comparatively, the statistics for personal users may be even higher given the significantly weaker or non-existent security controls present in many home computing environments.”

Harper also added that the most common misconceptions of organizations about cyber security is that technology alone can provide adequate, effective and sustainable protection for information assets.  He also gave some tips as to how organizations and individuals could avoid cyber intrusion.

“I would recommend that organisations, as well as casual users, take steps to classify the information which they store on their computer systems,”  Harper stated. “Information classification is the basis for developing any security regime. It is basically the categorization (e.g. Top Secret, Confidential, Internal, and Public) of the various forms of information which are kept. Each category of data should have an owner; the owner should then determine who is allowed to access the data and what level of protection should be implemented to protect the data set.”

Gordon was asked the same questions and he backed what Harper claimed.

“It is common knowledge within the IT community that there are various intrusion attempts daily,” Gordon stated.  “What is not stated or readily apparent is the success rate of some of these attempts.  Most of these attempts can be classified by the methods being used: port scanning, “script kiddie” type applications, and orchestrated intrusion attempts that are very clinical in targeting a specific vulnerability within a system.”

He also added that aside from network security, organizations should also consider the physical security and application security.

Gordon gave some tips on how to avoid becoming a victim of cyber intrusion.

1. Stop reading e-mails from unknown persons where the subject implies getting something free.
2. Stop reading e-mails with nonsensical subject lines or very poor grammar and spelling even when it appears to come from someone you know. Most of our friends and family members can spell.
3. Stop clicking on the links in the e-mails that want you to update your profile or change your password.  For example, there is a fake Bank of America website (_www.b-of-america.co.cc_) that to the untrained eye looks like the real website (www.bankofamerica.com) and its purpose is to steal your banking credentials.
4. While I am not advocating their use, if you choose to use a Bit Torrent site to download files, be prepared for the consequences of having viruses or other remote control software being installed on your system.
5. Stop letting your children use your corporate or business device to play games or download software from the Internet. You may inadvertently bring a virus or Trojan horse into your business environment.
6. Finally, stop clicking on websites offering “free computer check up” or the popup “Your computer has a virus.  Click here to remove it”. Did you instruct your computer to search for a virus?  How did it suddenly know that you had a virus?  Ironically, it will install the virus when you click on the link to remove the virus.

“User education is the front line of every stand against fraud–especially computer fraud,” says SiliconANGLE editor Kit Dotson. “By attacking the problem from both the enterprise level by providing better patches and software and educating end users at the same time, it will greatly impact this sort of crime for Caribbean people and buisnesses.”