Cyber Security Basics for Caribbean SMEs
Cybersecurity is a discipline concerned with the protection of data, in particular the confidentiality, integrity, and availability. Its ultimate aim is to help keep people safe, and it is intended to support the goals of an organization.
Some Facts:
In a 2020 cybersecurity survey of Latin America and the Caribbean by the OAS and IDB, various metrics were measured; including the private sector’s security mindset. The scale was from 0 to 5, with 5 representing excellent. Of the English-speaking Caribbean countries surveyed, only T&T and Suriname had a rating of 3, with all others being rated 1 or 2. This means that as a region our private sector was a relatively low cybersecurity mindset.
Many major breaches (the reported ones) affect Caribbean citizens. Many of the unreported ones affect Caribbean citizens as well.
Based on the current technological environment and government goals for digital transformation, the Caribbean, like North America, likely has a severe shortage of cybersecurity professionals available to protect organizations and citizens on the internet.
Some Cybersecurity Myths:
Hackers only go after big companies. Actually, in recent years hackers have realized that small businesses have a lot of valuable data and interesting equipment, but limited security. Small businesses are therefore seen as easy targets.
Hackers only target large countries. The fact is that everyone on the internet is within the same easy reach, and countries with limited security legislation and with limited capacity to pursue or punish hackers make attractive targets.
Security is too expensive - The fact is that while security is expensive, providing adequate security is a lot less expensive than having to pay the average ransomware demand, or being out of business for an extended length of time, or having to recover from a serious disaster.
Ransomware isn’t common in the Caribbean. The fact is that ransomware attacks happen
frequently in the Caribbean; we just aren’t required to report the incidents. One of the biggest ransomware demands of 2020 (according to press reports) was a T&T company located in Barbados.
IT should take care of Cybersecurity – The fact is that Cybersecurity is a business concern, and should be overseen by the executive level – not IT. Cybersecurity also encompasses a lot more than technology, so it should not fall under IT.
Cybersecurity is unnecessary for small organizations as even large entities get hacked. The fact is that while a determined experienced hacker has a good chance of hacking you, with adequate cybersecurity in place, both the likelihood and impact of a cyber attack diminishes significantly. You therefore would get attack a lot less, and typically suffer a lot less when attacked. You are also not likely to pay heavy fines for having inadequate controls.
The IT guy can take care of all your security needs. The fact is that while some IT folk study and practice security, many IT folk don’t have the training, relevant experience, or aptitude for cybersecurity. Cybersecurity should be assigned (or outsourced) to cybersecurity professionals.
Credit: Gavin Dennis - Cyber Security and Data Privacy Consultant
Keywords: LinkedIn Caribbean, cybersecurity, ransomware, small businesses