A thorough third-party report into an attempted cyber attack of the government’s systems has concluded Cayman’s defences thwarted the attempt, the Compass understands.
On 9 Feb. an attempted breach of the Cayman Island government’s systems was undertaken by a hacker, or hackers.
In response to rumours circulating online, the government quickly reported the attempted attack had been unsuccessful. Two initial reports, one by civil servants and one by Deloitte, reported it was foiled and no infiltration of systems or exfiltration of data took place.
Deloitte was also commissioned to undertake a third more-detailed independent review and assessment of the security event.
The Compass understands Deloitte’s team of experts submitted their report to the Ministry of Investment, Innovation and Social Development in late March, having concluded that no government systems were compromised and no data was taken by the hacker.
According to a spokesperson for the ministry, the report “is currently being reviewed by the relevant and responsible entities, following which a determination will be made on any additional statements.”
The spokesperson added: “We take the position that releasing any information about cyber-attack incidents or security measures would pose a real and significant threat to Government operations, including the prevention or detection of crime.
“We will not be answering any additional questions beyond what we have already issued publicly.”
Charles Brown, acting chief officer at the ministry, explained in the aftermath of the attempted hack: “We brought in Deloitte as a third party reviewer to do some deep dive analysis of systems.
“And this is also just to give us reassurance that there is no, what we call, ‘persistence’, anywhere on our systems.”
The ministry declined to answer questions the Compass posed after the hack attempt first came to light, citing national security.
These questions included how long the attack lasted, what form it took (for instance DDOS, malware, or phishing), at what agency or data set it was targeted; and when international partners at the US Federal Bureau of Investigation and British National Crime Agency were informed.
The government has said it may never know who was behind the attempted attack because defensive systems activated so quickly and effectively that “none of the typical investigative breadcrumbs were left behind”.
A ministry spokesperson said strict measures are in place to limit access to data, along with encryption protocols, regular security audits, data minimisation protocols, advanced security defence systems and next-generation intrusion detection and prevention systems.
She said the Cayman government has a solid reputation globally and in the overseas territories in particular, for the advanced and robust cyber security systems that are in place.
The foiled February attempt came amid a global rise in cybercrime and five months after a successful infiltration of Bermuda’s government systems.
The September 2023 cyberhack on the Bermuda government caused chaos, leaving ministers and civil servants unable to access their computers and putting many services offline. Some systems were still affected weeks later.
The Bermudian Premier David Burt has said details of their attack will be revealed once an inquiry is complete.
Related Videos
