Crucial capabilities in cybersecurity

Trinidad and Tobago

Angela Lee Loy, chairman of CyberEYE, talks about the company’s approach to providing fast and effective cybersecurity services and key considerations for businesses in protecting themselves from cyber-attacks. CyberEYE is a Trinidad-based provider of cybersecurity services to the region.

What is the foundation behind the establishment of CyberEYE as a cybersecurity service?
CyberEYE was founded as a collaboration between myself and Ian John, a former regional CEO of Massy Technologies InfoCom, which later became PBS Technologies. We saw organisations of all sizes being disrupted by cyber-attacks throughout the region and most not having the capability to respond or the funds to afford to maintain good cybersecurity management. We started CyberEYE to make the best cybersecurity solutions in the world available and affordable for regional organisations.
We were able to bring our teams together in a complementary way as he had a very experienced team already on the ground and I had IT personnel who have been studying to become qualified cybersecurity experts. Following a major ransomware attack on a local insurance company, we were able to deliver our service successfully, which helped the client recover their mission critical systems and operations relatively quickly. From there, we were able to get more companies on board as clients.
We now operate regionally, as many of the services we provide, such as [security and compliance standard] SOC 2 monitoring, can be delivered remotely from any part of the globe. CyberEYE supports clients in any Caribbean jurisdiction and so we have been very active since we launched because cyber-attacks happen every day.
There is a notable shortage of cybersecurity experts in the region and globally. But more importantly, there are a number of crucial cybersecurity capabilities that do not exist in the Caribbean and we are able to leverage global partnerships to deliver those specialised services when needed. This has inspired us to develop a six-month training programme with an expert in our network to help our workers build a foundation to achieve a level of proficiency from which they can sufficiently perform in the field, or to further build their expertise by specialising.

What are the benefits for clients in the cybersecurity model you provide?
The greatest benefit we offer is that we have a local incident response team but we are backed by global technologies and expertise. We offer a 24-hour remote monitoring service that allows a user from any part of the world the benefit of having their systems monitored by us for attacks and threats remotely. For companies utilising our SOC 2 monitoring, we can proactively detect an imminent cyber-attack on their system and advise of the necessary pre-emptive action needed to avoid what could easily be a catastrophic incident.
Alternatively, if a client without SOC 2 monitoring calls with a concern about a cyber-attack, we respond remotely immediately but can be on their premises within an hour to lock down their systems. Having personnel on the ground is a major advantage because there are cyber-attack attempts happening every day.

What significant partnerships is CyberEYE leveraging to build its services and capabilities?
To deal with the global threats we may encounter, we have SOC 2 posts in London, Singapore and New Zealand, which allows us to offer round-the-clock security at the highest level. Crossword, our partner in the UK, offers a range of cybersecurity solutions and we are able to leverage their global network. Collaboration with our UK partners is important for our learning and for us to be able to provide cutting-edge solutions. Through our partnerships, we collaborate with other leading Fortune 500 tech companies.

What key considerations should companies take into account to protect themselves from cyber-attacks?
Maintaining operational integrity is crucial, and this refers to the adherence to established processes within an organisation’s activities. To safeguard their systems, businesses must focus on governance and control measures to reduce risks such as data breaches and denial-of-service attacks. It’s essential for companies to implement a policy of least privilege, granting employees the minimum level of access necessary for their roles. Additionally, companies must have robust procedures to withdraw system access when an employee departs.
Educating staff on the risks and tactics associated with cyber-attacks is vital for maintaining vigilance. Since incidents can arise from phishing or inadequate password policies, comprehensive training for employees to recognise and respond to threats is imperative. Often, it’s the subtle details that can significantly impact security.
Organisations should prioritise resilience planning and refine their incident response strategies. Quick recovery is paramount, especially since a successful attack can mark a company as a repeat target. Fostering a culture of ongoing learning and adaptability is essential, akin to investing in cybersecurity measures, which serve as a form of digital insurance.
Awareness of cyber threats is common, yet there’s a tendency to believe in personal or corporate immunity from such incidents, which ironically increases susceptibility. The energy sector, tasked with managing a vast workforce, faces cyber risks comparable to those in any other industry. Continuous education and proactive defence strategies are key to mitigating these risks.

Do you observe a difference in the mindset toward cybersecurity between international and locally based companies?
Yes, there is a difference in the mindset – for Caribbean-based companies, even though the regional business landscape is aware of cybersecurity threats, they tend to think that they are not likely to be targets because they are not on the same level as more developed regions such as Europe or the US. However, that is precisely what makes them easier targets.
We are taking steps to raise awareness at different levels. We are raising awareness through demonstrating risks and educating the workforce at conferences and other speaking engagements.

Read our latest insights on:

• Trinidad and Tobago