A global provider of cyber-risk and privacy management solutions, IT Governance, surveyed 87 publicly disclosed security incidents last month alone (694 for the year to July), that accounted for 146,290,598 compromised records (612,368,642 for the year).

It was no longer such a surprise when a major company like AT&T (this March) was hacked exposing the records of nine million customers.

The largest data breach of 2023 so far was Twitter, leading to 220 million breached records.

For decades, Ricardo Mello was a cybersecurity watchdog for finance firms around the island.

He was most recently cyber-risk and operations manager for Clarien Bank, and then director of cybersecurity at Jewel Bank.

“They (Jewel) still had not launched yet but I played a big part in implementing the cybersecurity programme and policies and everything,” Mr Mello said.

Earlier this year, he used his extensive experience to launch managed services provider Sentinel CyberSecurity, aimed at helping small to medium-sized enterprises meet cybersecurity compliance regulations and reduce their cyber-risk. He also offers security awareness training and risk assessment.

“Our core service offering is aimed at financial service companies who are required to comply with the Bermuda Monetary Authority cyber-risk management code of conduct,” he said.

He has noticed that many SMEs have left giant holes in their defences by outsourcing their cybersecurity needs.

“They think they have everything covered but it is the management part of cybersecurity that is usually lacking,” Mr Mello said.

He said SMEs often fell down on cybersecurity awareness training and failed to adequately assess their own cybersecurity risk.

He named application attacks, miscellaneous errors and system intrusions as some of the most common cybersecurity breaches local financial service companies experience.

“These type of attacks account for 77 per cent of the breaches,” he said.

Data compromised often includes personal data, financial data and stolen credentials. “Having effective cyber-risk management helps to mitigate these risks,” he said.

He said it was often finances that forced SMEs to outsource.

With his knowledge of cybersecurity and the financial services industry, he can prioritise spending on higher risk items.

“I do understand the business, which is important when assessing risk,” he said.

Mr Mello has seen several small companies in Bermuda hit by cyber attacks or vulnerabilities.

“At the beginning of the pandemic, Microsoft offered Teams as a free version for six months. A lot of people jumped on-board, but did not configure it properly.

“As a result, there was an increase in phishing attempts to steal credentials. The threat actors were then able to log into the platform, have access to the data, the e-mail and everything. There was a swarm of local companies that were affected by this.”

He said popular online conferencing apps were not necessarily configured for full security by default, as some people assume. Once users download it, they have to follow the recommended guidelines.

Mr Mello thought the pandemic brought more awareness of cybersecurity issues.

“We all had to switch to remote working and some of us were not ready,” he said. “That caused a whole slew of problems that many companies were not prepared for.”

To help him get a better handle on running a business, he joined the Ignite business accelerator programme and is in the present cohort.

Mr Mello said: “It has been useful. They provide resources such as office space and guidance. I have a very strong operational background but I needed some assistance with the business and finance side of things.”