We’ve all received that e-mail: an African prince gifting you millions of dollars because he discovered you’re a long-lost relative. But there is a catch. For you to receive the gift, you would have to wire a small percentage to an account so that the “prince” can release the money to you. Does this sound familiar? This type of cybercrime has been going on for years. The subject of the scheme varies, sometimes it’s a long-lost relative, an African prince, or a down-on-her-luck grandmother looking for help, but the intent is to scam you out of your hard-earned money with the click of a button. This is just one type of cybercrime.

What is Cybercrime?

According to the Bedfordshire Police webpage, cybercrime is an “umbrella” term for different types of crimes which either take place online or where technology is a means and/or target for the attack. Often, victims of such crimes face and feel the same emotions felt by victims of crimes that occurred outside of the cyber world and it is for that reason many of these cybercrimes are treated and prosecuted to the same extent as offline crimes. Several types of cybercrimes have been recognized, including (i) cyber dependent crimes where a digital system is the target, such as attacks on computer systems to disrupt IT infrastructure and data theft by way of using malware; (ii) cyber-enabled crimes are those where existing crimes have been transformed in scale or form by Internet usage; and (iii) using the Internet to facilitate drug dealing and smuggling, trafficking of persons and other “traditional” crimes.

Legislation

Considering cybercrime is treated to the same extent of “real world” crimes, countries have sought to make adequate provisions for legislation to facilitate prosecution.

In 2010 Jamaica introduced its Cybercrimes Act to enact criminal sanctions for the misuse of computer systems or data, the abuse of electronic transactions, and to facilitate the investigation and prosecution of cybercrimes. The Act was subsequently repealed and replaced with the Cybercrimes Act 2015. Barbados enacted its legislation for the protection of computer systems and the information on those systems from unauthorized access, abuse by persons authorized to have access, and related matters by its Computer Misuse Act, 2005. In 2003, The Bahamas also enacted its own Computer Misuse Act, making provisions to secure computer material against unauthorized access or modification, and for connected purposes. It is clear from the legislation that computer misuse is a major component in determining whether a criminal act was committed. Moreover, the penalties associated with breaches is not merely a slap on the wrist; perpetrators receive large fines and/or possible imprisonment.

The Caribbean’s Response to Increase in Cyber Crime

The Virtual Security Conference held by CARICOM IMPAS from July 27th to July 31st, 2020, sought to provide CARICOM member states’ representatives with a forum to express mounting concerns about the region’s vulnerability and the issue of cybercrimes. Marina Walter, the UN Resident Coordinator for Trinidad and Tobago, Suriname, Aruba, Curacao, and Sint Marteen expressed concern regarding the lack of comprehensive cybersecurity policies amongst member states operating on unsecured servers.  She also noted that following the COVID-19 pandemic, more countries in the region will move towards digitizing their economies, therefore increasing their risk to potential cybercrimes.

In its 2020 Cybersecurity Report: Risks, Progress, and the Way Forward in Latin America and the Caribbean, the Inter-American Development Bank produced the results of its survey on cybersecurity policies and practice within the region. The report provided updated insights on the region’s progress, following up from their 2016 report. In the report, Moisés J. Schwartz, Manager, Intuitions for Development Sector of the IDB reasons that cyber security policies are…fundamental to protect citizens’ rights in the digital realm—including privacy and property ownership—as well as to strengthen their confidence in digital technology and comfort in its use. Online crime amounts to about half of global property crime. Looking at the bigger picture, the numbers are even greater. The economic damage caused by cyberattacks is estimated to be more than 1 percent of some nations’ annual gross domestic product (GDP), while some attacks on critical infrastructure could cause damages reaching 6 percent of annual GDP. This study shows that the Latin American and Caribbean (LAC) region is not sufficiently prepared to handle cyberattacks. Only 7 of the 32 countries studied have a critical infrastructure protection plan, while 20 have established cybersecurity incident response teams, often called CERTs or CSIRTs. This limits their ability to identify and respond to attacks.

Schwartz goes on to say that the first step is to identify dangers in the cyber space, however, acting against these dangers pose a huge problem for countries in Latin America and the Caribbean as the legal framework is either lacking or non-existent. Further, he notes that the gap in human skillsets poses another difficulty, as there are not many cyber security professionals in the region.

Considering the above and with the move towards further digitization as we emerge from the COVID-19 pandemic, is the legislative framework enough to prevent and/or punish offenders who use the computer for “evil”? A robust legislative framework and policy creation alone will not protect against cybercrimes. It takes heightened awareness in the form of campaigns aimed at the vulnerable members of society, i.e., the elderly and the less tech-savvy. There is no one-size-fits-all approach to fighting cybercrime, especially as technology progresses. However, by being proactive instead of reactive, cybercriminals will have a harder time trying to gain an advantage.