Digicel estimates 100m hack attempts in the Caribbean
Trinidad & Tobago and Jamaica are the top countries targeted in the region for ransomware, with one Digicel manager estimating that over 100 million cyberattacks occurred in the Caribbean during the first quarter of 2021.
“This is modern warfare,” said Director of Cybersecurity at Digicel Jamaica, Doug Thomas, in an interview on Thursday.
These “tea sipping” criminals are demanding payment in cryptocurrencies, more than ever , since the onset of the coronavirus pandemic, Thomas said. Cryptocurrency transactions leave a digital trail, but the crypto holder’s identity is cloaked and is therefore favoured for dark-money payments.
In classic ransomware attacks, hackers infiltrate networks to steal data or lock down networks then charge a ransom to return the data or restore networks.
“Most of the attacks are not coming from the region,” said Thomas, but from key countries in Europe and the Americas.
Financial entities top the list of targeted victims, but increasingly, hackers have gone after health providers, utility providers, government agencies, and educational institutions.
In the first quarter of 2021, there were 29 million attacks in the Caribbean, he said quoting data from a key firewall provider. “That’s just on that provider’s end. If you include the other firewall providers, then I would say the figure is probably over 100 million,” the cybersecurity expert said, explaining that an attack is defined as an attempt to infiltrate networks even if not necessarily succeeding.
Digicel provides 24-hour monitoring and sends alerts to clients and alarms of hacking attempts. Trinidad has faced more attempts than Jamaica, said Thoms, who works with Digicel Business Protect,a fairly new arm of the telecoms created to manage threats for businesses in Jamaica and the region.
There was no immediate way to verify the data, especially since most of these activities are clandestine. But the cybersecurity director explained that whatever the figure, hack attempts are expected to rise 350 per cent in the short to medium term because cybercrime has become a lucrative business.
Locally over the past year, at least two financial entities and one technology company announced that their networks had been hacked. Personal data was stolen, which can be sold on the dark web.
“Data is sometimes worth more than money,” said Thomas. This is why companies need to have a dedicated team internally or externally to guard the network rather than the current situation where IT departments focus on network management for staff, he said.
“Data security isn’t network monitoring,” said Thomas. “Companies are spending millions and still getting hacked. Throwing money at it is not solving the problem.”
Strategic Sales Manager at Digicel Business Suzette Burley adds that working from home or at cafés creates vulnerabilities even without the theft of a device. Staff might play video games or watch movies on their work computer or device and unknowingly install malware or a virus, which compromises the network, she said.
“We are finding that some of the organisations are still thinking physical and not digital,” said Suzette. “Having conversations with major companies, they do not realise their exposure. There is really no protection in their environment. They might have a firewall, but that’s it.”
Companies post physical guards, install burglar bars, and have rapid response teams on standby, but nobody guards and protects the office network, she said.
“We are seeing the need for managed services,” she said about the cybersecurity division of Digicel. “We can manage your security for you and show you your vulnerabilities.”