Cayman’s wealth and the sophistication of AI-generated attacks make it a prime target for cybercrime, an IT executive has warned.
Rob Eyers, a vice-president at Unified Technologies, a George Town-based IT firm specialising in networks and cybersecurity, added that the human factor was the weakest link in terms of system safety.
“Organised crime are the people who are running this as a kind of business,” Eyers said. “They will profile the high-value individual and Cayman is like that.
“Cayman is on their list because it’s got the highest Gross Domestic Product per capita in the Caribbean.
“I think we’re naturally on the radar because of how wealthy we are in our neighbourhood.”
Eyers added that increasingly sophisticated AI has provided fresh weapons to the opposition in the battle against cyberattacks.
He highlighted that humans were the weakest link in the chain protecting systems from being compromised by crooks.
“AI is making it more difficult because machine speed and automation versus human speed and manual is a complete imbalance,” Eyers said.
Police phishing warning
He was speaking after police issued a fresh warning on Tuesday 14 July about a video call phishing scam, designed to fool victims into believing they had been contacted by police and immigration officials and that they had to display their passport and disclose banking details.
But police told the public that police and government services would never ask for passport or bank information through unsolicited phone or video calls and anyone who was approached that way should refuse to comply.
The fraudulent scheme, reported by a member of the public who was suspicious and ended the call, came only days after police highlighted a text message scam where a message, said to be from the Postal Service, asked for duty to be paid on a parcel before delivery could be completed.
The message also had a link to a fraudulent website, where people were asked to enter payment information that could then be used to raid bank accounts.
Police said some people had fallen for the scam and had suffered theft from their bank accounts as a result.
“Phishing itself, generally speaking, it’s a targeted exercise, but it can be targeted on profiling businesspeople,” Eyers said.
“If I was an attacker and I decided you were a person of interest to me, you can go through a whole process for months … building up a profile of you. It’s a targeted effort; you are looking at building up an insight into that person’s life.”
Human vulnerability
Eyers added that governments and businesses have spent considerable time and money building up defences against security risks.
“If you can convince me to give you the chance and let you in, that’s all kind of pointless. The belief in the industry now is that the human is the ultimate attack surface,” Eyers said.”You can be manipulated to do things which undo all the protections put in place.”
Eyers added that one AI tool had been withdrawn on a temporary basis in June after the US government ordered it to be restricted to US nationals only amid national security concerns. The temporary order was later lifted after the creators agreed stronger safety protocols and risk monitoring.
“The AI was so intelligent it could out-perform the best defence tools we have today,” Eyers said. “The bad guys are now leaning into AI.”
Eyers said criminals used technology to target thousands of people and only needed a few people to take the bait to make huge profits.
“It’s just a numbers game … it’s essentially a commercial enterprise with no conscience.”
Defences against attacks
Eyers said practical defences included verifying the sender’s actual email address by tapping or clicking on the sender’s name, which will reveal the real address behind it, can reveal misspellings or unrelated domain names.
He added that the destination URL should also be checked by hovering the mouse over it without clicking to preview it in the bottom left-hand corner of the browser. A long press on a link on a mobile device can also preview the URL without opening it.
If links do not match the official website, it should not be opened.
If an alert is received claiming a bank account has been locked or an invoice is overdue, people should not panic and should never use any links, phone numbers or QR codes in the message.
The message or app should be closed and a new browser tab used to manually input the official website URL or an official app used to check an account status.
“Genuine organisations – especially banks, government agencies, and utility providers – will almost never demand that you immediately verify highly sensitive personal information, passwords, or payment details via an unprompted email, text message, or phone call,” Eyers said. “If you feel rushed or pressured, that emotion is your biggest red flag.”
Related Videos









