The world can be a daunt­ing place for a small is­land state. To sur­vive it must re­main rel­e­vant and vi­able.

There­fore, as the world de­vel­ops and in­no­vates, Trinidad and To­ba­go must keep pace with those de­vel­op­ments as a ne­ces­si­ty, not a choice. That is the price that must be paid if one is to have a prover­bial seat at the ta­ble. Em­brac­ing dig­i­tal­i­sa­tion is not an op­tion. It is a ne­ces­si­ty if the coun­try is to sur­vive and com­pete in the glob­al mar­ket­place. In­deed, it could be ar­gued that the pace of adopt­ing mod­ern tech­no­log­i­cal de­vel­op­ments is too slow.

As­tra Se­cu­ri­ty, a pri­vate­ly held US and In­dia based cy­ber se­cu­ri­ty firm es­ti­mates that there are 2,200 cy­ber­at­tacks per day or one every 39 sec­onds on av­er­age. Fur­ther, it es­ti­mates that a US da­ta breach costs an av­er­age of US$9.44 mil­lion and pre­dicts that cy­ber­crime will cost US$8 tril­lion in 2023.

No or­gan­i­sa­tion is se­cure, any­where. Fur­ther, the firms tar­get­ed will be those whom at­tack­ers as­sume would be able to pay. Hence the re­cent suc­cess­ful cy­ber­at­tacks on the lo­cal cor­po­ra­tions and gov­ern­ment of­fices. Ma­jor cor­po­ra­tions every­where have been at­tacked. ANSA MCal’s CEO has ac­knowl­edged that they have had a ran­somware at­tack

Last week, the In­dus­tri­al and Com­mer­cial Bank of Chi­na with as­sets of US$6 tril­lion ex­pe­ri­enced a cy­ber­at­tack. In the in­ves­ti­ga­to­ry process, it was dis­cov­ered that the bank had be­come a sig­nif­i­cant play­er in the US$26 tril­lion trea­sury mar­ket. Such are the ram­i­fi­ca­tions of the in­ter­con­nect­ed­ness of glob­al mar­kets.

The US Trea­sury mar­ket is a well reg­u­lat­ed mar­ket with sub­stan­tial con­trols. There will be changes, but these will take months. It is not clear whether a ran­som was paid. In­ves­ti­ga­tions are con­tin­u­ing.

The point is hack­ing, cy­ber­at­tacks phish­ing and da­ta breach­es are not new phe­nom­e­na and will take place in any mar­ket. Ma­jor in­ter­na­tion­al cor­po­ra­tions and gov­ern­ments have been breached. There­fore, or­gan­i­sa­tions must de­ploy the best prac­tices and keep them up­dat­ed.

There are clear lessons to be learnt from the TSTT af­fair. One would have ex­pect­ed that TSTT would have a more so­phis­ti­cat­ed ap­proach to the man­age­ment of its pub­lic re­la­tions. Since TSTT is al­so a state en­ter­prise and the state has tak­en a strong po­si­tion on dig­i­tal­i­sa­tion, the in­ci­dent has im­pli­ca­tions for how the state will man­age its in­evitable breach­es. Hid­ing a breach un­der­mines pub­lic trust and con­fi­dence.

The bank­ing sec­tor seems to have learnt some lessons in its man­age­ment of ATM scams. There was a time when cus­tomers reg­u­lar­ly com­plained that their ac­counts were il­le­gal­ly breached by crim­i­nals cloning their mag­net­ic strip en­cryp­tion sys­tem. The point is that it was too easy. That is the dan­ger of us­ing old tech­nol­o­gy be­yond its shelf life. Crim­i­nals know how to look for vul­ner­a­bil­i­ties. Banks un­der­stood that their prod­ucts need­ed to be up­grad­ed and did so.

Cy­ber­at­tacks have been tak­ing place with in­creas­ing reg­u­lar­i­ty against com­pa­nies based in Trinidad and To­ba­go. What may have been a po­ten­tial threat or risk is now a known vul­ner­a­bil­i­ty. It is not clear how much these breach­es have cost.

What­ev­er the cost, if we are part of the glob­al world then our sys­tems must al­so op­er­ate at world-class stan­dards. What has been the re­sponse of the firms? How are cus­tomers to be re­as­sured? What are the op­por­tu­ni­ties? Where is the T&T Po­lice Ser­vice (TTPS) cy­ber­crime unit in this?