Port of Spain – The Ministry of National Security’s cybersecurity arm has warned that the country is facing a sharp increase in malicious cyber activity over the past two months and police are urging those affected to come forward with reports of these incidents.
The warning was made one day after Massy Stores confirmed that it was the target of a cyberattack and, based on this, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has urged all entities to adopt a heightened state of awareness.
Although the unit did not identify the number of cases that prompted the statement, it said that those being targeted include local and regional entities.
It noted that the top threats to the twin island republic were Ransomware, Social Engineering (Phishing) and Malicious Insiders.
It also warned that the most prominent vectors used against local entities were the exploitation of system vulnerabilities (particularly outdated firewall appliances and email systems), Phishing emails with infected attachments or links and compromised user credentials.
Speaking with Guardian Media on Friday, president of the Supermarkets Association of Trinidad and Tobago Rajiv Diptee said Massy Stores’ infiltration was not an isolated incident.
“We’ve seen a spike in activity in these kinds of incidents over the last two years and these incidents go unreported,” said Diptee.
However, the Cyber and Social Media Unit (CSMU) of the Trinidad and Tobago Police Service (TTPS) lamented that people aren’t reporting these incidents and therefore there is little they can do.
Inspector Daniel Hernandez said businesses are reluctant to make a report because it may discourage commerce.
“We know there is an issue that comes up called reputational risk and businesses are concerned with bringing their information to the Police but if you don’t come then you run the risk of not only you becoming a victim but other people in your sphere, the report gives us a greater picture as to what is happening in the cyber landscape and that will give us the ability to inform the public as to what is really happening.”
He added that the TTPS cannot intervene or investigate unless the victim comes forward.
“That cannot happen, as a police establishment that report has to be made, we have to have a victim, so I cannot go onto someone’s premises or access their private information, one of the most important things we treasure is the private information of citizens and I don’t have the authority to just walk into Massy and say I want to investigate.”
Hernandez said people are underutilising the unit as they have received no reports of cyberattacks so far this year.
And while he said his unit is ready and does have the capacity to get people justice, there are still no cybercrime laws in Trinidad and Tobago.
“I want that to be clear, there is no cybercrime law, yes a Bill came forward, we know that Bill has lapsed but there is work being done to get certain adjustments to the Computer Misuse Act and that should open up some doors and give us some teeth.”
Meanwhile, the Trinidad and Tobago Chamber of Industry and Commerce (TTCIC) said it is sure that many other attacks were not brought to the general public.
Chief Executive Officer Ian De Souza said, “The unfortunate issue is that cybercrime, like other crime, is going to be a part of our daily lives, what becomes important therefore is what we do to protect ourselves. There is a log of information and a lot of technology also to help counteract the problem.” (CMC)