The Tribune

By NEIL HARTNELL

Tribune Business Editor

nhartnell@tribunemedia.net

The Bahamas must "recognise we're not doing enough" to combat cyber criminals, the Chamber of Commerce's chairman yesterday revealing the threat had given him several "wake-up calls".

Michael Maura, who is also Arawak Port Development Company's (APD) chief executive, told Tribune Business that the port operator now spends a five-figure sum annually on cyber security after previously falling victim to a 'ransom ware' attack.

And the June 2017 cyber attack that hit FedEx and Maersk, the world's largest air courier and shipping company, had further emphasised the danger at an industry and global level.

Mr Maura said these incidents, and the Bahamas' relatively low 129th ranking in the Global Cybersecurity Index (CGI), showed there was "more to be done" at both the private sector and government level to counter an ever-increasing problem.

Tribune Business yesterday revealed how the Bahamas in the bottom third of the GCI, published by the International Telecommunications Union (ITU), scoring highly on just two out of 25 indicators on which countries were rated.

"There's a saying: 'Nothing's so bad that it's not good for something'," Mr Maura told Tribune Business. "That said, I hope we learn from this and recognise we're not doing enough, and for more to be done given that we're ranking so low."

Recalling how his company was targeted by cyber criminals, the Chamber chairman said: "A few years back at APD, we got hit by ransom ware.

"Fortunately, it was one of our PCs that was not directly connected to our network. But for us it was a wake-up call; our first incident of ransom ware. You turn the PC on, can't use it and a message comes up: 'Pay up or lose the system'."

He added: "We were able to walk away from that PC, but it got us talking about it, and we continue to work - and I anticipate never having to stop working - with an ICT consultant on cyber security.

"For example, there's our e-mail system. You send an e-mail to me, and it goes to Australia before it gets to me. Mail Guard runs through the e-mails to make sure there's no malware, spyware or other problem before it arrives."

Disclosing the increasing investment that data-reliant, Bahamas-based companies are having to make to defend themselves, Mr Maura said: "Last year we [APD] spent $50,000 on software to protect our systems.

"This year we will spend $80,000 on cyber system defenses to include a Pentest." The APD chief executive said this stood for 'penetration test', and involved bringing in an IT consultant to conduct a 'mock' attack on the port operator's systems to "identify vulnerabilities" that will better allow it to protect itself.

"I will say from a Chamber perspective that I think the business community today mostly recognises you have to take cyber threats very seriously," Mr Maura said. "It's not something you can plan for; you have to anticipate that at some time you will be hit."

He added that companies needed to broaden their anti-cyber crime focus beyond pure hardware and software issues, and also develop business-wide policies governing how every member of staff used IT.

On a government level, Mr Maura said the Ministry of National Security would need to work with its counterparts in trade and financial services "to defend our borders against cyber criminals".

He added that, in turn, these ministries and agencies needed to work with the likes of Interpol and international bodies "to anticipate the threat of cyber attacks".

"These cyber attacks can move across borders faster than light," Mr Maura told Tribune Business, "and the only way to stay in front of them is if we stay in communication with the outside world."

He added that the private sector's potential vulnerability to cyber attacks was illustrated by last month's attack on FedEx and Maersk, which hit the latter's worldwide carrier operations and units at 17 port terminals.

"Both were attacked on the same day," Mr Maura said. "Because both are logistics companies, it was a wake up call for me. The fact these two logistics powerhouses were hit has us very concerned.

"Maersk and FedEx spend over hundreds of millions on ICT, which highlights the sophistication of the threat. When those companies are hit, it should be a wake up call to businesses and the Government that the largest companies in the world are under threat. So our government needs to take it very seriously."

The GCI placed the Bahamas below 'economic powerhouses' such as Gabon, Nauru, Sierra Leone, Liberia and Niger when it came to the commitment, strength and effectiveness of cybersecurity systems, agencies and supporting legislation.

The Bahamas' 129th ranking is also lower than the 121st spot it currently occupies in the World Bank's 'ease of doing' business rankings. On a regional basis, this nation was placed below Jamaica, the leader, who came in at 85th spot, and the likes of Barbados, St Vincent and the Dominican Republic. It did, though, finish ahead of Trinidad & Tobago.