Introduction to Cybersecurity

Imagine the chaos of a world where your online financial systems are compromised daily, you have difficulty accessing email accounts when you want to, and your local meteorologists cannot detect the next storm before it happens. This is a glimpse into the reality of a world without cybersecurity. CISA, the United States’ Cybersecurity & Infrastructure Security Agency, defines cybersecurity as the art of protecting networks, devices, and data from unauthorised access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. [1] As The Bahamas becomes more reliant on digital applications like MyGateway, digital devices, electronic payment methods, online communication tools, and with the introduction of the Digital ID project, we must protect ourselves as a matter of both personal and national security.

Threat Landscape

In The Bahamas, we are no stranger to the threats of cyber attacks. In fact, some threat actors view us as prime for these attacks, considering our geographical makeup and close ties with the United States of America. Further to this, The Bahamas still needs to establish a coordinated response to cybersecurity incidents. Because of these factors, we are highly susceptible to cyber criminals threatening our finances, information, and critical infrastructure. In 2020, the International Telecommunications Union (ITU) ranked The Bahamas #147 out of 182 countries in its Global Cybersecurity Index. [2] The COVID-19 pandemic saw a 36% increase in reported cybercrime incidents, as reported by The Caribbean Financial Action Task Force. While we do not know if these attacks resulted in significant financial loss, hackers are becoming increasingly sophisticated in their tactics, and, as digital citizens, we must remain vigilant. For example, most recently, an emerging ransomware called Akira has caused a strain on the business community in relation to CISCO devices. Our islands are vulnerable to cyber attacks, and the impact of these attacks can be challenging to recover from and expensive to correct.

The CIA Triad

The fabric of a strong cybersecurity culture contains three integral threads, which include confidentiality, integrity, and availability.

CIA Triad: Confidentiality, Integrity, Availability

Confidentiality

The first area, confidentiality, concerns the reservation of sensitive information only for those authorised to know or access it. This data can include your personal data (e.g. emails), the data of others (e.g. a home address a customer may provide to a sales representative), and even trade secrets. Where we choose to share information, who we choose to share it with, why we choose to share the information, and the potential risks involved in sharing that information are all valid factors to consider before sharing any information.

Integrity

One adage that many guide their daily decisions by is the expression that “lack of integrity will always catch up to you.” While this may be true in our personal lives, this can also apply in cybersecurity. Integrity is the second element of our triad and finds its basis on the principles of ensuring that data shared is reliable and unadulterated in both the way it is received and disseminated. In your day-to-day work life, this may show up as using version control methods like tracked changes, using digital signature tools, and encrypting files to prevent unauthorised access and tampering.

Availability

The final thread of the fabric, availability, involves ensuring that authorised people have dependable access to information. Imagine not being able to access your online bank account. This can happen in the event of a Distributed Denial of Services Attack (DDoS) and having backups of your data and conducting regular system maintenance can be advantageous if you don’t wish to take a significant financial hit to recover that information promptly.

Cybersecurity Is Everybody’s Business

ITU’s Global Cybersecurity Index (2020) highlighted a common misconception that most Bahamians do not consider cybersecurity a crucial concern as they believe that cybersecurity is the responsibility of the information technology (IT) provider. [3] While, yes, your IT provider may utilise cyber defence tools, the risk of cyber attacks generally lies with the end user of a digital product. Although it is impossible to eradicate cyber threats fully, when we practice good cyber hygiene, we minimise the chance of a threat and mitigate the potential impacts that we, our workplaces, and the country as a whole, could face. 

Conclusion

In this ever-evolving digtal lanscape, it is in our best interests to stay informed of best practices and remain ahead of potential threats. A great way to begin learning about cyber hygiene is by subscribing to CIRT-BS newsletters and other notable resources that offer educational content. Social media serves as a fantastic platform for passive learning and receiving regular refreshers about a topic in easily digestible chunks. Follow pages that promote cybersecurity awareness practices like ours. At your workplace, advocate for the implementation of organisation-wide cybersecurity awareness programmes and software implementation to help keep everyone secure. Even simple solutions like strong passwords and multi-factor authentication can help mitigate potential threats. Being mindful of the way we behave online is crucial to a robust cyber defence barrier for the nation. Always think twice before uploading your personal information onto a website, clicking a link, or sharing details about your family and workplace. Even if you are not in the business of cybersecurity, cybersecurity is everybody’s business!

 

Sources

1 What is cybersecurity?: CISA. Cybersecurity and Infrastructure Security Agency CISA. (2024, January 18). https://www.cisa.gov/news-events/news/what-cybersecurity

2 Axon, L., & Nagyfejeo, D. E. (2022). (rep.). Cybersecurity Capacity Review: The Bahamas (p. 18). Oxford, United Kingdom: Global Cyber Security Capacity Centre.

3 Axon, L., & Nagyfejeo, D. E. (2022). (rep.). Cybersecurity Capacity Review: The Bahamas (p. 7). Oxford, United Kingdom: Global Cyber Security Capacity Centre.

Scroll to Top
Skip to content