Even as immediate cyber fallouts from Hurricane Melissa appear to be easing, director of the Cyber Incident Response Team (CIRT) Lieutenant Colonel (Ret’d) Godphey Sterling, has signalled that the country’s monitoring of vulnerabilities remains firmly on the radar.

This, he told the Jamaica Observer in a recent interview, is particularly critical as individuals and organisations move to restore systems and resume online activity leading up to year-end.

In the aftermath of the catastrophic Category 5 weather event in late October, public attention has largely centred on physical damage and recovery efforts. However, Sterling noted that developments on the data privacy and cybersecurity fronts have continued quietly, driven less by sophisticated cyberattacks and more by persistent scams and poor security practices.

The CIRT head said that, while there have been no major escalation in data privacy incidents in recent weeks, there are currently at least 25 cyber vulnerabilities being monitored.

“These could either intensify or fade depending on global developments,” he said to the Business Observer. “These threats are not limited to any single sector and are influenced by international law enforcement actions. Recent crackdowns by agencies such as Interpol, Europol, and the FBI have disrupted major cybercrime groups, prompting smaller factions to regroup and form alliances — often reusing or enhancing existing malicious code, sometimes with artificial intelligence.”

Among the list of vulnerabilities are cross-site request forgery, out-of-bounds write, null-pointer dereference, improper input validation, incorrect authorisation, and missing authentication for critical functions, among several other weaknesses.

A cyber vulnerability is usually a weakness or flaw in any system (software, hardware, network, or process) that attackers can exploit to cause harm, like gaining unauthorised access, stealing data, or disrupting services. These weaknesses can stem from coding errors, poor configurations (like default passwords), outdated software needing updates, or even human error, creating entry points for malicious actors to compromise data systems.

Global geopolitics which also continues to shape the threat landscape, especially in the wake of newfound tensions in the Caribbean, Sterling said, could likewise see persistent threat groups operating elsewhere and becoming more active if their sponsors’ interests are threatened.

“The CIRT’s success in managing these incidents lies in our constant effort to maintain vigilance, even as we continue to encourage reporting, even in the absence of mandatory cybersecurity legislation,” he said.

While Jamaica has cybercrime laws in place, Sterling reiterated the need for a comprehensive Cyber Security Act that will mandate preventative safeguards, rather than relying solely on enforcement after incidents occur.

He further stressed that as systems continue to come back online post-Melissa and the country transitions into a new year, the slowdown in visible cyber threats should not be mistaken for improved safety. Sustained attention to basic security practices, he said, must remain front and centre.

Despite the relative calm following Hurricane Melissa, the cybersecurity expert said ransomware continues to be a key area of concern. This form of malicious software prevents users from accessing their files, systems, or networks and demands payment for their restoration.

In response to early cyber incidents in the immediate aftermath of the hurricane, authorities have been closely monitoring a surge in suspicious websites designed to mimic official platforms, including domains resembling the Government’s “supportjamaica” portal used to track relief donations.

“More than 60 such sites were launched within a 24-hour period,” Sterling revealed, noting that coordinated efforts with regional and international Internet registries are ongoing to identify and take down malicious domains.

Regarding the broader cyber environment as “anything but safe”, Sterling cautioned that while there has been urgency to restore systems after Melissa, this must not come at the expense of security. Shortcuts, he therefore warned, could significantly increase exposure to attacks.

“A slowdown in the use of satellite connectivity devices and the gradual restoration of telecommunications networks have however helped to return vulnerability levels to what they were before the storm, though no significant uptick has so far been detected,” he said.

STERLING…the CIRT’s success in managing these incidents lies in our constant effort to maintain vigilance, even as we continue to encourage reporting, even in the absence of mandatory cybersecurity legislation. (Photo: Joseph Wellington)