The cyberattack that shut down all 23 branches of Massy Stores on Thursday was not an isolated incident. Rather, it is a reminder of a growing threat for which this country and the wider region need to be better prepared.
In tandem with the internet boom across Latin America and the Caribbean over the last decade—growth was put at 1,808.4 per cent according to data from Internet World Stats—the region has become a new frontier for cyberattacks and cybercrimes at an estimated annual cost of approximately US$90 billion.
These cyber-threats have been increasing in volume and sophistication because of vulnerabilities in governments, as well as in private and state institutions. The situation has been further exacerbated by the global pandemic and military action in Ukraine.
This week’s events show that T&T is not shielded from these unwelcome attempts to steal, expose, alter, disable, and destroy. The most common are malware attacks which take the form of deceptive advertising, malicious websites, and phishing email campaigns that infiltrate and infect victims’ devices. Ransomware attacks are also increasing in frequency.
In just eight months last year, these, and other types of cyberattacks increased by a mind-blowing 24 per cent.
But according to a study by the Inter-American Development Bank (IDB), the region has not invested sufficient money or time to upgrade and protect sensitive infrastructure, including government, banking, and financial services.
Very few countries in Latin America and the Caribbean have developed critical infrastructure protection plans and the track record is only slightly better on the establishment of cybersecurity incident response teams (CSIRT).
T&T has a CSIRT which is under the purview of the Ministry of National Security. This places this country in a much better position than many of its Caribbean neighbours.
Yesterday, the TT-CSIRT sent out a public advisory in the aftermath of the Massy cyberattack about “a sharp increase in malicious cyber activity, targeting local and regional entities” in just the last two months. With these elevated cyber threat levels, the team needs to become more active in raising public awareness and issuing alerts about potential threats.
The Massy incident, which came days after an attack on Aeropost which affected many of its customers in T&T, underscores the need for more to be done to detect and prevent cyber threats.
On the legislative front, there is a law, Act No. 13 of 2011, that covers data and privacy protection but the long-promised Cybercrime Bill, which is expected to provide a comprehensive definition of various cybercrime offences and establish a framework for the enforcement of cybercrime, is yet to be passed.
Beyond that, there should be closer cooperation between government, the private sector and civil society on various measures to mitigate the impact of cyberattacks and address T&T’s most urgent needs as it relates to cybersecurity.
According to Cybersecurity Ventures, it is estimated that cybercrime will cost companies worldwide an estimated US$10.5 trillion annually by 2025. To avoid losses and inconveniences, more time, energy, and money must be invested in creating a secure digital environment.