Some businesses in Bermuda and the Caribbean, may be waiting until it’s too late to adequately protect themselves from cyber crime, Digicel has revealed.

Research by Digicel has found that Caribbean businesses have a tendency to treat cybersecurity in the same way as insurance – only deeming it necessary when they’ve experienced a cyber attack.

“It is what we call spilt milk syndrome,” said Tom Carson, Digicel Group chief business officer. “In reality, all data is valuable, somewhere to someone, and protecting it in a proactive way is a whole lot easier and less costly – both in dollar and reputation terms – than mopping up the damage in the aftermath of a breach. That’s where we come in. It’s our job to worry about it and deal with it so customers don’t have to.”

Douglas Thomas, cybersecurity specialist from Digicel Business Protect said: “We don't think most businesses in the Caribbean ignore cybersecurity, it's more of a lack of understanding to what it is, why it's important and how they can be affected.”

He said businesses that fail to protect themselves adequately from cyber crime do so at their peril. This year, In the first quarter alone, there were 29 million cyberattacks in the Caribbean region.

“Along with infrastructure and supply chain, there’s been a massive increase in targeted attacks on nations that are heavily involved in the financial sector,” Mr Thomas said. “So, you can be sure that Bermuda was the target in several cases.”

He said Digicel security teams are engaging with organisations all over the Caribbean to target the problem.

“Most of them have common issues, such as education, visibility, and enforcement,” he said. “We've been extremely efficient in helping them bridge those gaps.”

He said Digicel’s security operation centre gives organisations the ability to protect themselves with 24/7 services that encompass skilled and highly trained analysts and engineers coupled with advanced technology.

“Our refined process allows us to identify threats, define levels of severity and mitigate risk in real-time,” Mr Thomas said. “Because we purely focus on cybersecurity, it allows us to act as an extension of the team and continuously provide meaningful and actionable intelligence within an environment. Our services can also be customised to fit within any organisation regardless of size, budget, or time frame.”

Mr Carson said the pandemic has exposed the vulnerabilities in many business’ virtual front lines. In focusing on rapidly and dramatically adapting their business models to be able to stay in business, many organisations have overlooked the pressures that these changes have placed on traditional systems infrastructure.

“With more and more people working online remotely, existing systems, originally designed for office environments, are under strain and unchecked growth is opening up infrastructure to potential disaster,” he said. “Yet with many businesses, unfortunately, taking a very simplistic view of their data assets and systems without much consideration of their value to outsiders, having the right levels of online protection often falls down the to-do list. Coupled with the ever-increasing sophistication of hackers and the breadth and depth of threats, businesses are faced with a daunting and complex mountain to climb.”

Ransomware attacks are a particular concern, growing at a rate of 350 per cent each year.

“Ransomware can stop business in its tracks rendering organisations helpless unless they pay ransom,” Mr Thomas said. “We've seen countless organisations be forced to pay and the hackers take notice.

“These attacks are becoming more sophisticated. Traditional solutions like antivirus and stand alone firewalls have become obsolete when tasked with securing an environment.”

He said if cybercrime were a country, it would be the world’s third-largest economy after the US and China.

“Cybercrime is rampant throughout the world,” Mr Thomas told The Royal Gazette. “Any organisation that conducts business digitally is at risk. Organisations in Europe and the US have steadily increased their cybersecurity posture over the last decade based on volume of attacks, what they do to business, and compliance mandates which are becoming more specific requirements rather than just guidelines as we've seen in the past.”