Cybersecurity horrors of 2023

While year-end reviews often focus on crimes generally and murder specifically, the greatest number of victims in 2023 were the thousands of citizens whose personally-identifiable information was released during this year's annus horribilis of cybercrime.

Cybercrime might largely be dismissed in the public mind as a victimless crime, leaving companies and state agencies to deal with data lockouts and incurring costs related with restoring their operations, but the consequences and cost of the widespread release of citizen information, not just in TT but also in the wider Caribbean is yet to be adequately calculated.

Already, there are reports of data captured in breaches during 2023 being advertised for sale to data brokers and counterfeiters on shadowy websites on the open internet.

The number of breaches is steadily rising, as is the amount of personally-identifiable data that's being stolen in these attacks.

The most recent hack, discovered on Boxing Day, led to the immediate shutdown of operations at the National Insurance Board (NIB).

The state agency immediately announced the incident and its response, a welcome change from the denials, institutional obfuscation and misdirection that have been the hallmark of previous data breaches.

The NIB had clear lessons in the futility of misdirection in these matters as a growing number of white-hat cybersecurity researchers are tracking ransomware postings on the dark web.

This year's perfect storm of cybercrime in TT should not have been a surprise. Cybersecurity experts have been warning companies and the Government about the consequences of carelessness in formulating a digital defence posture and the growing sophistication of ransomware as a business over the last three years since cybercrime surged during covid lockdowns.

Following a breach at the offices of the Attorney General and Legal Affairs, Digital Transformation Minister Hassel Bacchus described that ministry's response as a model for other ministries to follow.

But Mr Bacchus also seemed unsure of his ability to harden the vulnerabilities of the Government as a whole, telling members of Parliament's Social Services and Public Administration Committee, three weeks ago, that there was still a need to convince public-service stakeholders of the need for robust cybersecurity.

For a ministry that's engaged in a very public effort to implement digital transformation in governance, that's a lame response to what is effectively a national challenge.

TT is clearly being seen as a soft target for cyber criminals.

The Government's "all-of-government" approach delivered payments before the end of the year to public servants who had accepted its four per cent increment.

Getting all government IT departments to collaborate with mutual purpose is what's needed to deliver more effective responses to the cybersecurity threat.

Professionals in that field often note that a hacker only has to succeed once. The Government (and the private sector) must successfully defend against digital intruders every time.