When some people speak of cybersecurity, they think of phishing scams, malware attacks, ransomware and other programmes that hack into systems in the private sector and extort businesses for money.

But that is just the tip of the iceberg when it comes to the potential threats involved in cyberattacks. The public sector too, especially agencies that deal with critical infrastructure – electricity, water, telecommunications, oil and gas production and downstream manufacturing – are highly susceptible to cyberattacks.

Programme leader of the University of Trinidad and Tobago's (UTT) Centre for Information and Communication Prof Yufei Wu, in a conversation with Business Day, said as a country with a digital transformation ministry and a cybercrime bill, Trinidad and Tobago is in the lead where protecting essential systems from cyberattacks is concerned.

But more must be done, as attacks have increased not only worldwide but locally. Wu said TT needs to take a proactive approach to ensuring that the systems that most people take for granted are protected.

The cyberattack on Massy Stores at the end of April was only a small example of the damage that can be done to systems once hackers get into an organisation's database.

The cyberattack forced all 23 of the supermarket chain's branches to shut down on the eve of the Eid-ul-Fitr holiday, which also was at the end of the month, a peak time for supermarkets.

The shutdown lasted about two days, and while Massy has not determined the losses incurred from the attack and subsequent closure, one can only assume it was in the millions.

[caption id="attachment_954202" align="alignnone" width="1024"] A cyberattack crippled the 23 branches of Massy Stores. -[/caption]

But these attacks are not limited to the private sector alone. Last Friday, Public Utilities Minister Marvin Gonzales admitted while answering questions in Parliament that a malware attack caused a shutdown of the Telecommunications Services of Trinidad and Tobago Ltd's (TSTT) online payment systems in March.

"TSTT’s system detected a security attack directed at a number of the company’s internal only solutions and applications," he said. "As a precautionary measure all possibly impacted systems were isolated, including TSTT’s online payment application from TSTT’s website stored within the private cloud environment."

He added that TSTT took immediate steps to enhance environmental protection of its systems, including destroying the infected machines' software master records and rebuilding the cloud host servers.

Internationally, cyberattacks on critical infrastructure has also increased, especially coming out of the pandemic.

Last May the US Federal Bureau of Investigation (FBI) confirmed that a cyber criminal organisation which calls itself DarkSide admitted to hitting Texas-based Colonial Pipeline – which supplies the American East Coast with 45 per cent of its diesel, petrol and jet fuel – with a ransomware cyberattack.