Barbados’ vulnerability to cybercrime extends far beyond technical breaches, with attackers increasingly using human behaviour as their primary weapon.
This was the stark warning from Barbados-born cyber security expert Dr Jason Nurse during an online session hosted recently by the Information Systems Security Association (ISSA) Barbados Chapter.
Speaking at the webinar, Behind the Scenes of Cybersecurity: How Cybercriminals Use Human Psychology Against Us, Nurse explained that many of the most damaging breaches worldwide and in Barbados begin not with a line of malicious code, but with the exploitation of trust, fear, urgency, or simple human error.
He noted that around 60 per cent of breaches involved human interaction in some form, whether through phishing, manipulation, or tricking individuals into revealing information and stressed that this reality demands a shift in how the public and private sectors view cyber security.
Over the past decade, both government agencies and private institutions have experienced a range of attacks, from website defacements to sophisticated ransomware campaigns.
Public sector websites, including those of the Government Information Service, the Supreme Court and
the Barbados Revenue Authority, have been compromised in the past. In 2024, the island suffered what experts described as one of its largest data breaches when hackers targeted the Revenue Authority’s vehicle registration database. The cybercriminal group responsible allegedly extracted up to 230 gigabytes of sensitive information.
Nurse drew on real-world examples to show just how easily cybercriminals manipulated human psychology. He cited the United Kingdom retailer Marks & Spencer, which recently suffered an estimated £300 million breach triggered by a third-party compromise via social engineering. He also recalled a recent case in which personal information from Barbados was allegedly sold online, warning that once such data was exposed, it could be used for identity fraud indefinitely.
“Even if you don’t work in cyber security, you should care. These are details that can be used for identity fraud and once it’s out there, it’s gone,” he said
He argued that the idea of people being the “weakest link” in cyber security was misguided. Instead, he said, they were deliberately targeted because cybercriminals had become skilled at exploiting human emotions such as stress, confusion, or empathy.
“In many cases, cybercriminals are acting as psychologists,” he told the audience.
To illustrate the point, he played a demonstration from the DEF CON hacker conference, in which a security professional posing as a distressed new mother convinced a mobile phone provider to reveal and change account credentials within minutes.
“All it took was a crying baby sound in the background and a plausible story,” he said, warning that such tactics were just as effective in professional environments.
He urged Barbados to strengthen its cyber security posture by combining technical safeguards with human-focused defences. This includes training staff to recognise manipulation attempts, reviewing third-party access to sensitive systems and promoting a security-first culture across Government agencies, businesses and the general public.
“We can’t secure systems without securing people. Technology will always be part of the answer but human awareness is what stops a suspicious email from becoming a breach that costs millions.”
The post Warning over hackers’ tactics appeared first on nationnews.com.
