Barbadian cybersecurity expert Edward Millington is happy that financial sector regulators and financial institutions are focused on boosting their security in the face of increased cyberattacks.
The founder and managing director of CariSec Global Inc., however, wants even more focus on information security, warning that failure to enhance this area could ultimately lead to lawsuits if there are data breaches.
Millington was reacting to the 2023 Financial Stability Report, in which the Central Bank of Barbados and Financial Services Commission (FSC) outlined that cyber threats were one of their top three financial stability risks.
Reflecting on the roundtable discussion when the FSR was launched, he said: “The Central Bank and FSC have tried to provide some level of security governance when it comes to cyber security and so forth. But one of the main things that could have also been discussed is not only cyber security but information security – data breaches.
“How is it going to affect the region? How is it going to affect fraud and so forth? If fraud is committed to a client because their information was breached and appears on the dark web, that client can file a lawsuit against the institution,” he warned.
Millington’s view is that “while we may be in an environment where the average person might not have the funds to pursue a lawsuit, the fact is we have a lot of expats and millionaires and billionaires within the region that can also easily do something like this that can affect the viability of those financial institutions”.
“So, therefore, it would be great to see a discussion on the digital liabilities, companies being liable when they have not done their due diligence in preventing data breaches and the exploitation of data,” he said.
Millington acknowledged that such breaches could sometimes be unknown to organisations “because cyber security programmes or cyber resilient programmes are not tough enough and robust enough to be able to identify data leakage”.
He said there was growing concern about the increased level of cyber attacks the financial sector was facing, noting that “usually these are centred around phishing attacks, spam, socially engineered emails the purpose of which is not only getting clients to click on something but to also bypass some security controls to infect a person’s machine with malware that can lead to ransomware attack, and the theft of information”. (SC)
