Following the recent release of a Fortinet report which shows approximately 43 million attempted cyberattacks taking place in Jamaica last year, at least two local cybersecurity firms are reminding of their vigilance in the space even as the proliferation of new technologies challenge their efforts.

Lieutenant Colonel Godphey Sterling, head of the Jamaica CyberIncident Response Team (JaCIRT), commenting on the findings contained in the report, told the Jamaica Observer on Wednesday that while the data are not surprising, it confirm the significant growth of breaches locally, especially in an ever-changing and fast-paced digital era where new challenges such as artificial intelligence (AI) becomes more prevalent.

He said that while Jamaica may not be seen as a country that anybody would want to attack, what the data actually show is that there are persons on the outside who are interested in Jamaica and as such, the country continues to be a target of significant and various attacks.

“What the data shows is that 43 million times, somebody tried to break into a system in Jamaica. What the numbers mean generally is that while a lot of people in Jamaica may see it as just a little country, not attacking anybody and in any great possession of mineral wealth with nobody being interested in us — we’re now seeing that’s not the case — as there are in fact a whole lot of persons trying to break into systems here whether for monetisation or to further other agendas. What we have seen also is that they continue to see us as targets based on the pervasive and high level of vulnerabilities that remain unmitigated in our space,” he told the Caribbean Business Report.

Pointing to what he describes as a ‘low or no reporting culture’ existing locally, he believes this further impacts the data, in that the reported numbers could be more.

Fortinet, an international threat intelligence and research organisation, in its report said that while the reported 200 billion attempted attacks on Latin America and Caribbean was less than the 360 billion reported in 2022, this is not necessarily good news, as the figure this year accounts for almost 15 per cent of the total reported globally last year.

The entity said that with global trends now showing a greater volume of unique exploits and new malware and ransomware variants that are much more targeted, this has resulted in more sophisticated hits which present a greater likelihood for them to succeed if organisations do not have integrated, automated, and up-to-date cybersecurity defences.

“Ransomware continued to have significant activity in 2023. These and other attacks are becoming increasingly specific and targeted, thanks to the growing sophistication in attackers’ tactics techniques, and procedures, and their desire to increase ROI per attack. This phenomenon underscores the importance of remaining vigilant and strengthening defences against potential targeted attacks,” FortiGuard Labs, Fortinet’s elite threat intelligence arm noted in the report.

Sterling said that as JaCIRT continues to be an active watchdog for the national cyberspace, it will be further increasing its vigilance and monitoring to see how best as a body it can mitigate and counter a number of breaches, some of which, it said occurs in the hundreds and even thousands daily.

Outlining what the national threat landscape currently looks like, he said his organisation since the start of this year have been tracking approximately 151 compromised websites, 42,000 compromised credentials in the six domains it monitors and 1,200 unique IP addresses among other breaches.

“In terms of compromised data set, we are also tracking just about 38,000 such sets of data on the dark web and in terms of ransomware, since the start of this year, we have had three reported incidents; however, when we look online it really could be more. As for vulnerability, we are now tracking 17 classes across just over 549,000 unique IP addresses. The top three parishes in terms of the class of vulnerability we’re tracking are Kingston, St James and St Catherine with Kingston having over 49,000 unique IP addresses, St James having over 11,000 and St Catherine with 6,000,” Sterling noted

“As a body, JaCIRT has not been sitting down and waiting, we are still moving apace with a proactive approach to mitigate vulnerabilities as we put the necessary systems and plans in place to respond to issues, build stronger defences, and raise the awareness of citizens and to build resilience in Jamaica’s cyber ecosystem.

“As it relates to governance in the cyberspace, we also continue to build that out and work is now being done to create a National Cyber Authority and to draft legislations for the Cybersecurity Act to deal with the issues of unmitigated vulnerabilities and unreported breaches, etc,” he further said in highlighting some of the steps being taken by his office.

For Rory Ebanks, director of cybersecurity at Symptai Consulting, he endorsed the findings of the Fortinet report agreeing that the nature, frequency and types of cyberattacks have grown tremendously year on year, more so with the prevalence of increased digital technologies.

“Forty-three million attempts is a lot! What we are seeing is no longer a case where it will be one attacker sitting down and just manually trying to break into a system in Jamaica but more automated attacks. What we have been seeing even more recently, based on the work that we have been doing for clients, are increased and targeted attacks on persons like the CEOs and CFOs who are often the decision makers for companies. This, because if they are going to ask for money to be released [in ransonware attacks] these are the persons who are likely to give this approval — hackers know this and as such, are now targeting those persons particularly in large organisations,” Ebanks said.

The cybersecurity expert, in pointing to increased levels of vulnerabilities and weakness seen across Jamaica and the rest of the region, urged businesses to develop a greater knowledge of their network landscape and to conduct regular and periodic vulnerability scans and penetration tests — not only for the purpose of just doing them but in an effort to remediate the vulnerabilities. For individuals he encouraged them to navigate only credible and know websites, install anti-virus and anti-malware systems, use strong passwords and enable multi factor authentication for online accounts.

“The landscape is changing and there are also now more cloud-based attacks — we have seen a 95 per cent increase in these when we compare 2022 and 2023, so what this means is that in all areas, we have to sharpen our vigilance as we put more robust systems in place to mitigate likely attacks,” Ebanks added.