An­drea Perez-Sobers

Pro­tect­ing crit­i­cal na­tion­al and re­gion­al in­fra­struc­ture from the im­mi­nent threat of cy­ber­at­tacks is of para­mount im­por­tance.

Cal­i­bra So­lu­tions Ltd’s man­ag­ing di­rec­tor, George Whyte made this com­ment dur­ing an in­ter­view with Busi­ness Guardian.

Cal­i­bra, a 15-year-old com­pa­ny based in Ari­ma, of­fers ser­vices in the Eng­lish-speak­ing Caribbean and the Dutch-speak­ing coun­tries of Suri­name, Aru­ba, Cu­ra­cao, and Sint Maarten.

Whyte said busi­ness­es across the Caribbean can no longer con­sid­er them­selves as less vul­ner­a­ble to at­tacks rel­a­tive to larg­er and more tech­no­log­i­cal­ly ad­vanced coun­tries.

He said re­cent ex­am­ples of at­tacks on the Min­istry of the At­tor­ney Gen­er­al, the Massy Stores chain of su­per­mar­kets, May­ber­ry In­vest­ment Group (Ja­maica), and the Mar­tinique gov­ern­ment should act as ad­vance warn­ings to all or­gan­i­sa­tions to make the nec­es­sary in­vest­ments to pro­tect their sys­tems and the in­for­ma­tion stored on these sys­tems.

Delv­ing deep­er in­to cy­ber­crimes, the ex­ec­u­tive said one term that is of­ten as­so­ci­at­ed with this il­le­gal ac­tiv­i­ty is “dark web”.

“The dark web is a part of the in­ter­net that isn’t vis­i­ble to search en­gines and re­quires the use of an anonymis­ing brows­er called Tor to be ac­cessed.

“Since the ad­vent of the dark web, crim­i­nals have act­ed on hid­den mar­ket­places, fo­rums, and sites with im­puni­ty, con­duct­ing their ac­tiv­i­ties in ways that are dif­fi­cult for law en­force­ment to dis­cov­er, mon­i­tor, and in­ves­ti­gate,” Whyte ex­plained.

He said that it is for this rea­son, the com­pa­ny has part­nered with the Eng­lish dark-web in­tel­li­gence com­pa­ny, Search­light Cy­ber, to help or­gan­i­sa­tions to com­bat cy­ber­crime em­a­nat­ing from the dark web.

Asked how gov­ern­ments and pri­vate in­di­vid­u­als can pro­tect them­selves against the il­le­gal ac­tiv­i­ty, Whyte said it is in­cred­i­bly dif­fi­cult to pro­tect from the un­known.

How­ev­er, by gain­ing a bet­ter un­der­stand­ing of the cy­ber­crime tak­ing place on the dark web, he not­ed agen­cies, or­gan­i­sa­tions, and en­ter­pris­es can bet­ter pre­pare their de­fences and take mit­iga­tive ac­tions that help them to pre­vent at­tacks.

“Mon­i­tor­ing the dark web of­fers an op­por­tu­ni­ty to spot threats soon­er and be more proac­tive in their de­fence,” said Whyte.

Break­ing down how the law­break­ers con­duct their busi­ness, he said they steal per­son­al da­ta, fi­nan­cial da­ta, on­line ac­count lo­gin da­ta, med­ical da­ta, con­fi­den­tial cor­po­rate da­ta, and more.

In ad­di­tion to per­son­al in­for­ma­tion yield­ed from da­ta breach­es and var­i­ous oth­er types of cy­ber­at­tacks and on­line scams, he point­ed out that the cy­ber crim­i­nals al­so of­fer il­le­gal drugs, ac­cess to emerg­ing cy­ber threats and virus­es, and var­i­ous oth­er prod­ucts.

“As a hub for crim­i­nal ac­tiv­i­ty, the dark web of­fers more than just “prod­ucts” to any­one will­ing to buy and con­sume. It al­so of­fers ser­vices that en­able cy­ber­crim­i­nals to launch at­tacks with lit­tle tech­ni­cal knowl­edge or ex­pe­ri­ence,” White em­pha­sised.

In giv­ing an ex­am­ple as to how a com­pa­ny or a Gov­ern­ment agency can be dis­rupt­ed and what had to be done to re­store nor­mal­cy, he said Cal­i­bra’s part­ners Search­light Cy­ber helped a Eu­ro­pean gov­ern­ment agency to pre­vent a cy­ber­at­tack by iden­ti­fy­ing a cy­ber­crim­i­nal tar­get­ing them on the dark web.

In this case, Whyte dis­closed the threat in­tel­li­gence an­a­lysts iden­ti­fied as a cy­ber­crim­i­nal sell­ing ac­cess to a dark-web hack­ing fo­rum.

The gov­ern­ment agency was alert­ed. Then they were able to ex­ploit the flaw in their net­work based on the in­for­ma­tion the cy­ber­crim­i­nal had post­ed. The threat was mit­i­gat­ed it be­fore any crim­i­nals could use it to com­pro­mise their sys­tems or steal any da­ta.

“This is a great ex­am­ple of how mon­i­tor­ing the dark web can give or­gan­i­sa­tions ear­ly warn­ing of a cy­ber­at­tack, al­low­ing them to ef­fec­tive­ly stop it be­fore it be­gins.”

He said that the com­pa­ny’s part­ner Search­light Cy­ber, pub­lished re­search where they in­ter­viewed over 500 Chief In­for­ma­tion Se­cu­ri­ty Of­fi­cers (CISOs) in the US and UK, and it was re­vealed that 93 per cent of them were con­cerned about dark-web threats, but the use of threat in­tel­li­gence varies by ge­og­ra­phy and in­dus­try.

“There was a clear cor­re­la­tion be­tween the CISOs that are gath­er­ing threat in­tel­li­gence and da­ta from the dark web - and a bet­ter se­cu­ri­ty pos­ture. Those that have in­vest­ed the most in these ar­eas are more con­fi­dent that they un­der­stand their ad­ver­saries and are more like­ly to have iden­ti­fied an at­tack be­fore it hit their net­work,” the re­search said.

Uptick in cy­ber-at­tacks

Asked whether there has been an uptick in cy­ber­at­tacks from the dark web with the in­creased use of AI in­ter­na­tion­al­ly and re­gion­al­ly, White di­vulged that the com­pa­ny has ob­served in­di­vid­u­als on the dark web dis­cussing and ad­ver­tis­ing a ma­li­cious ver­sion of Chat­G­PT, known as FraudG­PT—to cre­ate AI-gen­er­at­ed cy­ber­at­tacks.

“All tech de­vel­op­ments have the po­ten­tial to be abused for ma­li­cious pur­pos­es, so it is def­i­nite­ly a trend to mon­i­tor but, as of yet, there is lit­tle ev­i­dence to sug­gest that these tools have had a ma­jor im­pact on the cy­ber­crim­i­nal ecosys­tem,” he stat­ed.

When a ran­somware at­tack hits gov­ern­ment agen­cies and com­pa­nies, the cost to re­cov­er its da­ta al­ways runs in the mil­lions.

He said ac­cord­ing to a 2022 re­port from Sophos, the av­er­age cost for a fi­nan­cial in­sti­tu­tion to re­cov­er from a ran­somware at­tack was US$2.10 mil­lion and this num­ber in­cludes the cost of down­time, de­vices, and any ran­som paid as well as oth­er ex­pens­es.

“With ran­somware and sim­i­lar at­tacks on the in­crease, or­gan­i­sa­tions should view se­cu­ri­ty spend­ing as an in­vest­ment rather than a cost.

“It is es­ti­mat­ed that cur­rent­ly, small and medi­um-sized en­ter­pris­es spend about 10 per cent of their an­nu­al IT bud­get on cy­ber­se­cu­ri­ty ser­vices and so­lu­tions,” said Whyte.

“While there are, of course, oth­er key bud­get con­sid­er­a­tions to take in­to ac­count, this al­lo­ca­tion does not match the rapid in­crease in cy­ber-at­tacks.

“How­ev­er, each in­dus­try does have spe­cif­ic needs to which they must ad­just their cy­ber­se­cu­ri­ty strat­e­gy to bol­ster cy­ber re­silience,” the IT ex­pert stressed.

In fight­ing against cy­ber­at­tacks, said the Caribbean falls short in the pre­ven­tion and mit­i­ga­tion of crim­i­nal or ma­li­cious ac­tiv­i­ty risks in cy­ber­space and sev­er­al coun­tries in the re­gion are vul­ner­a­ble to po­ten­tial­ly dev­as­tat­ing cy­ber­at­tacks.

The fol­low­ing are rec­om­mend­ed ac­tion items to in­flu­ence re­gion­al com­pa­nies:

• At the na­tion­al lead­er­ship lev­el, treat cy­ber­se­cu­ri­ty as a crit­i­cal na­tion­al se­cu­ri­ty mat­ter and con­tin­ue with ef­forts to cre­ate a har­monised le­gal ba­sis for deal­ing with cy­ber­crime with a sense of ur­gency;

• De­vel­op a com­mon un­der­stand­ing on crit­i­cal in­fra­struc­ture and its vul­ner­a­bil­i­ties;

• De­vel­op a more for­mal re­gion­al ap­proach to con­fi­dence build­ing and the strength­en­ing of co­op­er­a­tive net­works of re­spon­si­ble of­fi­cials and tech­ni­cal ex­perts avail­able for im­me­di­ate con­sul­ta­tion or as­sis­tance in the event of an emer­gency;

• Con­tin­ue the elab­o­ra­tion of re­gion­al strate­gies for cy­ber­se­cu­ri­ty such as CARI­COM IM­PACS; and

• Im­ple­ment rel­e­vant da­ta pri­va­cy/pro­tec­tion leg­is­la­tion.

While there has been some progress in a few coun­tries, he added that gov­ern­ments ig­nore cy­ber­se­cu­ri­ty at their per­il.