Nadine Barrett-Maitland | The underreported cybercrime pandemic

The COVID-19 pandemic forced many businesses to move online. However, parallel to the explosion of online/remote work and conducting business online is an increase in cyber breaches. Increased remote work and remote data sharing via cloud apps have increased security blind spots and the vulnerability threshold.

However, data reveal that cybercrimes are the most underreported crimes worldwide. This is now at the level of a pandemic. The way we do business and the world we now live in have changed drastically. So should our systems and how we operate.

The cost of cybercrimes is skyrocketing. Cybercrime costs include stolen money, fraud, theft of personal and financial data, embezzlement of money and stolen intellectual property. Other associated costs are damage and destruction of data (changing the original form of the data), forensic investigation, restoring and deleting hacked data and systems, business down time, and harm to reputation.

Cybersecurity ventures report that the cost of cybercrime is growing by 15 per cent annually and may reach US$10.5 trillion by 2025. According to the report, this represents the ‘greatest transfer of economic wealth in history’. The cost of cybercrime has outstripped the cost of trading narcotic drugs. Cybersecurity Ventures also reports that committing cybercrimes is more profitable than trading in all “major illegal drugs combined”. It exceeds the cost of any major disaster in one year. It was predicted that by 2021, the financial damage by cybercrime was estimated to cost $11.4 million a minute.

Cyber attacks are growing exponentially worldwide. Many businesses in Jamaica now have an online presence and encourage customers to do more transactions online. Since the COVID-19 pandemic, most banks and financial institutions have reduced several of their in-person processes and have encouraged their customers to complete their transactions online. Many banks have closed branches, and some have converted to paperless business hubs. To do any business that requires you to go into a bank in Jamaica can be close to a nightmare. Mostly, a visit requires a day off from work as you can spend up to eight hours trying to complete one transaction. This has been my experience. Others have had similar experiences. Some banks have no direct telephone lines to the branches and route all calls through their contact centres.

THE EMINENT DANGER

Parallel to the increase in online business transactions is the increase in cyberattacks. The exposure of account and other sensitive private information opens the door for the underworld to strive unabated. We are left to the mercy of online thugs who prowl in cyberspace unnoticed. Philanthropist and billionaire Warren Buffett describes cybercrime as the “number one” problem of humans and a greater threat to humanity than nuclear weapons. I agree with Buffett because the likelihood of Jamaica and many other developing countries being affected by cyberwarfare exceeds the risk of nuclear attack. Many unsuspecting people in Jamaica have been affected by this cybercrime pandemic. However, banks and financial institutions remain tight-lipped for fear of losing their ‘competitive edge’, losing customers and many other reasons.

Data is the ‘gold’ of today’s digital society. Its value to businesses can be likened to what steam power, electricity, and hydrocarbons were for the 18th, 19th, and 20th centuries. One IBM executive describes data as “the phenomenon of our time:. Therefore, the value and growth of 21st-century businesses depend on how well they can secure the precious commodity. Since data is the building block of the digital society, cybercrime resilience is most important. Cyber threat can be the greatest problem to every profession, industry, or organisation in the world. The strength of cybersecurity and cyber resilience is a pertinent issue for the 21st-century business. For a long time, financial institutions have been losing millions of dollars through cybercrimes. However, cyber-attacks have increased significantly over the past three years.

THE DILEMMA

In Jamaica, most employers today require employees to provide a bank account number. More than 95 per cent of the time, employees have no choice in whether or not their salaries go to the bank. The option of getting a cheque is almost non-existent as we are becoming a ‘digital society’. The problem is when the employees’ salaries are transferred to the bank and are stolen by cyber criminals. I must tell you that in Jamaica, recovering stolen money can be an extremely long and frustrating process.

I was the recent victim of a cyberattack. All of my money was wiped out of my accounts and cash advances taken from my credit cards. This happened the day that my salary went into the account. When I contacted customer care, they sent me to the closest branch to make a formal report. I was at the branch from 8:15 a.m. to 3:50 p.m. At the end of the day, I was told that recovering my month’s salary along with the other funds taken from my account would take between 30-120 days.

My question is, how many working-class Jamaicans can afford to live without their salary for 30 -120 days or even for 1 week? How are we supposed to pay our bills and take care of our families? This is not an isolated incident. My investigation reveals that many people have been affected by various instances of cybercrime, from their credit cards being used in various locations worldwide, money withdrawn from ATMs and online accounts.

We are forced in relationships with financial institutions that only care about making mega profits. This unacceptable behaviour should be addressed immediately. Customers are placed in a helpless position because they do not hold digital keys to the virtual space where the banks store and manipulate their data. Why should we pay such a high price for doing business with these uncaring institutions?

The 2021 Mastercard report reveals that 95 per cent of cyberbreaches occur because of human error. Scholarly research also shows that humans are the weakest link in information security. If this is not addressed promptly, it will just be a matter of time before the entire banked population is affected.

FAR-REACHING IMPLICATIONS

Research by Mastercard reveals that more than half of cyber-attacks are committed against small and medium-sized businesses (SMEs). Breaches within that sector increased by 424 per cent in 2020. Sixty per cent of these businesses die within six months of an attack. This is more devastating than the COVID-19 pandemic because the casualties were far less than 60 per cent. Medium, small, and micro enterprises (MSMEs) lack the required resources (financial and skill set) to manage the emerging cyber threats. In Jamaica, 97 per cent of taxpaying businesses fall within the medium, small, and micro enterprise category. This is not a trivial matter. We must pay attention to this problem. Over 93 per cent of cyber-attacks are induced by the possible financial gain. One attack can cripple an economy, and the financial gains made by an individual, organisation, or even a country can be wiped out by one click of a button.

It is projected that by the end of 2022, there will be 1 trillion networked embedded sensors. This number is expected to grow to 45 trillion over 20 years. Networked devices are expected to be three times more than the number of people living on the planet by 2023. Jamaica’s data-protection act needs to be taken off the shelves. Implementation of the data-protection act can give a glimmer of hope to the helpless customers of these financial institutions and to MSMEs businesses alike. We need champions to stand up for the rights of the people living in this digital prison.

We cannot enter the cyber war zone waving white flags. We must act now or before long, we will be all dead financially. Using artificial intelligence (AI) is one way to combat this growing problem. Computer Information System Company (CISO) experts suggest that using AI systems with investigative and reporting capabilities could significantly counter threats before the damage occurs.

We need a national cyber firewall to assist with mitigating widespread increase in cyber-attacks. Developing countries have limited resources, however, that is not an excuse. We can adopt the approach taken by the Turkish government. When Turkey was faced with increased cyber breaches, they invested in developing an effective, low-cost national cyber firewall using AI. Organisations and companies can then put in place their defence strategies for stronger cyber defence.

We need public-private partnerships to assist with researching and developing similar solutions. IBM reports that companies who leverage AI tools reduced the cost of breaches by an average US$3.05 million when compared to those without these tools. We can use many other technological tools, along with artificial intelligence, to help manage this monster. The enemies are employing AI to attack our systems. Let us match this with equal defence.

This is a rallying call. We cannot remain silent and continue to suffer at the hands of online thugs who intend to harm others and cheat them out of their hard-earned resources. Let us ‘rise to the occasion’. We are resilient and strong. Cyber warfare is real, and if we do not act with urgency, we could pay a hefty price. If we continue on the present path, we will wake up one morning penniless and helpless.

- Dr Nadine Barrett-Maitland is senior lecturer at School of Computing and Information Technology, University of Technology, Jamaica. Send feedback to columns@gleanerjm.com