JAMAICA UNDER SIEGE
Nation becomes top target for cyber attacks
Jamaica has become the most targeted country in the Latin America and Caribbean region for cyber attacks, a senior executive of Japanese IT services company Fujitsu said.
Mervyn Eyre, chief executive officer of Fujitsu Caribbean, told the Jamaica Observer in an interview that Jamaica was a prime target for hackers, ahead of larger markets such as Paraguay, Mexico and Colombia.
Latest News, News
February 28, 2025
KINGSTON, Jamaica — Peace and Love in Society (PALS) Jamaica, will observe Peace Day 2025 on Tuesday, March 4, under the theme ‘Speak Peace. Live Peac...
Fujitsu, a global IT services company, provides IT systems and digital solutions to clients across the region.
“The Caribbean, as a part of Latin America… has a higher propensity [for cyber attacks] and a lower level of readiness [to deal with them],” Eyre said. He explained that the environment creates an opportunity for more attacks to occur.
Entertainment, Latest News
February 28, 2025
KINGSTON, Jamaica - Dancehall artiste Vybz Kartel has announced his first performance in the United States for over 20 years, just weeks after receivi...
Over the past month, 55 per cent of malicious files were delivered via email, with most attacks aiming to exploit vulnerabilities in information systems. Organisations in the region face 2,582 cyber attacks per week, compared to the global average of 1,843.
Jamaica is particularly vulnerable, with several public and private companies hit by ransomware attacks in the last three to five years.
Horse Racing, Sports
February 28, 2025
Barnaby’s impressive 3 ½-length romp in the $2-million Chairman’s Trophy feature on Saturday, February 22, 2025 left no doubt that this four-year-old ...
Biomedical Caledonia Medical Lab Limited was the latest victim to publicly admit to a significant cyber attack, after more than 400,000 of its files were stolen from which over 70,000 have been so far published on the dark web. A Twitter/X post by FalconFeeds.io on January 13 revealed that the INC RANSOM ransomware group had added Biomedical’s information to its dark web portal. The incident highlights the growing threat of cyber attacks in Jamaica, which has been identified as one of the most targeted countries in the Latin America and Caribbean region.
Biomedical, one of Jamaica’s largest private medical laboratories, has acknowledged a cyber breach that occurred in November 2024, resulting from unauthorised access by an external vendor. The company has since implemented enhanced security measures to mitigate the risk of future breaches. The incident is part of a growing trend of cyber attacks in Jamaica, with several other companies recently compromised, including a listed company on the Jamaica Stock Exchange, which was targeted by the SAFEPAY ransomware group.
A car dealership was also forced to temporarily shut down operations during the holiday season after its systems were compromised.
Ransomware attacks and data breaches are increasingly becoming a major concern for companies in Jamaica, leaving them vulnerable to extended downtime and compromising sensitive customer information.
The fallout from such incidents can have far-reaching consequences, with the public facing heightened risks of fraud. Cyber criminals can use stolen personal data to devise strategies for identity theft or gain unauthorised access to various services.
There have been reports in Jamaica of individuals receiving suspicious calls purporting to be from North Korea, as well as malicious text messages masquerading as communications from well-known brands.
Cyber breaches can have far-reaching consequences for Jamaican companies, compromising sensitive information and undermining business strategies.
The theft of confidential data, such as marketing plans or partner information, can significantly impact a company’s competitive edge. Moreover, breaches can lead to substantial revenue losses when systems are crippled, forcing firms to resort to manual operations to maintain business continuity.
Eyre said, “The reality is that it’s not if you’re going to be attacked, it’s when”, while emphasising the importance of proactive cybersecurity measures.
“So, everybody needs to position themselves and we can help shift that culture from a hall of shame to a hall of fame in that the story then becomes not around you trying to hide the facts, but how you successfully navigated a security attack. By you actually making that more transparent, you’re building more trust,” Eyre explained further.
However, according to Eyre, there are signs that companies in the region are beginning to take cybersecurity more seriously. Recent surveys show that 46 per cent of companies in the Latin American region are increasing their information technology spending by 1-10 per cent, with 76 per cent of overall IT spend dedicated to cybersecurity.
“For our business to survive in this environment, it requires that we have organisations that are digitally secure. We want our customers and governments to thrive and prosper. This is all about sustainability. So, it’s a different perspective. At the board level, there’s a lot to be done in introducing this [culture]. There’s still too much delegation,” Eyre added.
Jamaica’s Data Protection Act (DPA) has been in effect since December 2023, establishing a new standard for handling data. The Office of the Information Commissioner (OIC) oversees the DPA and recently noted that not all reported breaches are being disclosed to OIC as required.
OIC emphasised that reporting breaches is in the best interest of data controllers, as failure to do so can result in fines or imprisonment. Data controllers are also required to inform affected individuals or entities within 72 hours if their personal data is compromised.
The DPA sets out eight data protection standards, including Fairness and Lawfulness, Purpose Limitation, Data Minimisation, Accuracy, Storage Limitation, Rights of the Data Subject, Implementation of Technical and Organisational Measures, and Cross-Border Transfers.
Data controllers must register with OIC, and the registration process involves creating an account on the OIC’s website, completing a registration form, and paying a registration fee. OIC provides guidance on the registration process and the requirements for compliance with the DPA.
“As the risk of data breaches increases, all data controllers must apply due diligence to ensure their full compliance with the DPA. At the same time, individuals must hold them accountable by staying informed about data protection matters, exercising their rights under the DPA, and reporting any breaches or other concerns to the commissioner,” OIC said in the release.
