Amid confirmation of a cyber attack on the agency of Government that regulates securities, pensions and insurance, at least one local cybersecurity expert is concerned that this has happened while the Financial Services Commission (FSC) is involved in a major fraud probe of a local investment firm.

The FSC confirmed last week that there was a cyber breach but refused to give details until it had completed a probe into the incident. However, reports are now emerging that the financial regulator lost “almost all of its data that was hacked and encrypted”.

There was no immediate response from the FSC when Our Today reached out for a comment today. A representative of the agency said she would try to get the appropriate person to respond to our queries, but none was forthcoming up to the time of publication.

“One cannot help but be concerned about the timing of this incident, especially with the ongoing SSL investigations and the impact this latest attack will have on those very important and sensitive investigations,” said Trevor Forrest, tech evangelist and cybersecurity expert.

“The regulator is in custody of very sensitive information that is critical to its function, which includes protecting the integrity of the services provided to its customers and cyber threats like we are seeing now could severely hamper the trust that citizens have in the financial services industry, which, in turn, have a snowball effect on the economy,” Forrest added.

The local cyber expert issued a stern warning about the state of cybersecurity preparedness in both the public and private sectors. Speaking with Our Today, Forrest said: “FSC is in a quagmire having not taken sufficient steps to mitigate or minimise this sort of eventuality. This goes to show the lack of understanding, preparedness, and awareness across public and private sectors when it comes to implementing and investing in cyber threat protective measures.”

He explained that cybersecurity is more than installing firewalls and antivirus software but ensuring that everyone in the organisation receives sufficient cybersecurity awareness training. It should not be treated as “an IT problem” but rather as a business problem requiring the attention and awareness of every level from the board to the employee.

Cybercrime accounts for approximately US$7 trillion globally, which surpasses the combined earnings of all other transactional crimes by more than sevenfold.

“Due care and adoption of best practices to secure business environments are not being exercised simply because of a realisation of the threats and the business impact it has cost-wise is not fully appreciated or understood. Nineteen million attacks against the country in the first half of the year is nothing to scoff at and it will continue to get worse if we don’t take this thing seriously,” Forrest expressed.