Dear Editor,

I attended the Ministry of National Security’s two-day Cybersecurity Expo at the AC Hotel Kingston on February 11-12, 2025. Here are my questions: What was the purpose of the conference? What did it achieve? Were the people who attended satisfied with the two days of events? What did they learn that they were not aware of before?

I listened keenly to the different speakers, who were good because they spoke in language that anyone could understand, whether you were familiar with cybersecurity or not. There were speakers telling us how safe their platforms were. I knew that already. There were speakers telling us about the legality of protecting us in cyberspace; speakers telling us about how fast they can identify a break-in; speakers telling us about the risk to national security, etc. But in reality, what did I really learn that I did not know before?

So here is what I learnt that I did not know before. I learnt that it took 200 days for some companies to recognise that there was an intruder in their system, and it took 70 days to correct the problem. I learnt that with Darktrace artificial intelligence (AI) this time could be cut down to seconds.

I listened to a representative from Symptai who gave a very interesting presentation on how to test a system. I hope the agencies were listening because, hear me well, you can boast about how effective your systems are until the cows come home, but if you don’t hack it, you won’t know if it will work. The reality is if you put up security around your property and don’t test it, how are you going to be sure it will work when you are under attack.

Cybersecurity is an ongoing, daily challenge.

I listened and also spoke to a few presenters and was pleasantly surprised that I was not way off in some of my thinking. One of the biggest challenges we are facing is a lack of understanding of what the reality is. As someone pointed out, cybersecurity is not just the IT Department’s or IT personnel’s responsibility, it is the responsibility of everyone in an organisation.

Let’s look at a situation in which an employee is at work and decides to open his/her personal e-mail and clicks on something in it. In doing so the employee unknowingly compromises the network. Do we know how easy it is to hack a system or introduce something into a system by just going into an office and having access to a computer and a USB portal? Do we understand? The powers who set up the bureaucracies, do you all understand that people spend hours trying to find a way into systems? That is their job.

How are we going to compete or stop them when it takes six months to a year to procure an item that is needed to fix the leak in a system? By the time you get permission to purchase the item or software, it changes and is now outdated. Meanwhile, the hacker is creating a new malware or worm or whatever they need to hit you again.

The other thing I learnt was secrecy is a great help to the hackers. Let us look at an example: Bank A gets hacked, it remains silent, hoping no one will find out. Bank B gets hacked a few days later, this information is leaked. You would think that Bank A would contact Bank B and have a conversation, right? Wrong. Bank A instead says: Our system is safe, come and bank with us, we have put everything in place to protect our customers.

Because companies do not share certain information with each other, the hacker continues to smile because not only is he hacking away happily, he is also dividing and conquering.

Companies need to share with each other how they were hacked, how long it took them to find out, how they plugged the hole, and what they have put in place to protect themselves. People, you all need to understand that sharing helps each company to get stronger. Therefore, if Bank A has a breach, do you think it is not going to affect Bank B? If you think it can’t, then you are battling a war that you don’t understand.

Small companies need help to acquire proper software and train their staff to be able to constantly monitor their systems.

We need skilled personnel; yes, skilled hackers who are fierce but have integrity. We still have some of those, not everybody has gone over to the Dark Web, there are still some on the Lord’s side. But here is the part companies don’t want to hear, you have to pay them well. You have to pay real wages if you want them to focus on protecting your system every second, every hour of every day, just like the ones on the other side who are doing it for money and the challenge.

Finally, I learnt that there are laws that will allow the Office of the Director of Public Prosecutions to make bites and not just bark. That’s good. We still have a long journey but this is a good start.

Cybersecurity is everybody’s business but not everybody has to be involved. What do I mean? Most people don’t have to know how the system is breached or what is done to fix it. But everyone must be cautious and willing to ask questions of organisations who have collected their data, whether it be government agencies or private companies. Do not take it for granted that it is being protected, ask questions and demand answers. When in doubt, protest.

Be wise when surfing the World Wide Web, which includes social media, getting hacked is easy, even when you have protection. When in doubt — do not click.

Shirley Nelson

nelsenbless@gmail.com