Caines: Island’s cybersecurity is imperative
Commitments to step up cybersecurity for Bermuda were announced today only hours after it was revealed that a major hacking incident had breached the personal data of 1.5 million people in Singapore.
The timing was coincidental, but it underlined the scale of the dangers that Bermuda could face.
Cybersecurity is imperative because of our work towards becoming a leading fintech jurisdiction, said Wayne Caines, Minister of National Security, as he spoke in the House of Assembly about cybersecurity and cybersafety in Bermuda.
“It is critical because of our significant financial and reinsurance sectors. It is vital because the Government and the island’s organisations are trusted with valuable business and personal information,” he said.
Mr Caines warned that as Bermuda develops digital ledger technologies and integrates them in society and the economy, the island becomes a greater target for cybercriminals.
“One attack could have catastrophic consequences for any local company’s reputation and finances, and may take years to recover from. As the Government of Bermuda holds critical and sensitive information of every Bermudian, resident and international stakeholder, we are a target for any and all cybercriminals.”
Mr Caines’s warning was pertinent as hours earlier it had been revealed that hackers had accessed a government health database in Singapore and stolen personal data belonging to 1.5 million residents. The data taken included names and addresses and in some case details of dispensed medicines, but not medical records.
While not mentioning the Singapore hack, Mr Caines referenced a report by the Theft Resource Centre that said 174 million records were compromised last year in 1,293 data breaches, a 45 per cent rise on 2016. He mentioned incidents this year that had affected US-insurer Aetna, and 144 US universities.
“The Government and private Bermuda companies must ensure there are protections and plans in place against these and other types of cyberattacks,” said Mr Caines.
Describing what is being done in Bermuda to address cybersecurity, he said the Government has partnered with the US National Institute of Standards and Technology to provide training on cybersecurity and risk management. In addition, users of government networks are being educated on cybersecurity and safety on a bimonthly basis and have completed 92 per cent of assigned courses.
A Bermuda Cybersecurity Strategy draft has been prepared with collaboration of the Cybersecurity Working Group and the Commonwealth Telecommunications Organisation. The draft will soon be presented to Cabinet.
Mr Caines said a cyber essentials scheme is also being evaluated. It is aimed at helping organisations implement basic levels of protection against cyberattacks. A Computer Security Incident Response Team assessment is also being pursued.
To mitigate the risk of attacks, the Cabinet approved a policy in October to implement an information systems risk management programme to ensure “that resources, roles, responsibilities and accountability for the protection of sensitive information and critical systems within the government are appropriately assigned”.
Mr Caines said: “A solid cybersecurity strategy is meant to underpin the country’s progress. We are using a multipronged approach to make sure that we have a safe and secure cyber environment to work, pursue education, play and socialise.
“Cybersecurity and cyber safety has bearing on our reputation and on our wellbeing. In this connected world, we want our residents and businesses to be prepared to handle the cyberthreats they may encounter while still reaping the benefits that the various technologies have to offer.”