Fiji faces cyber attack risk without basic security measures

Fiji remains highly vulnerable to cyber-attacks due to weak authentication and outdated systems, a leading expert warned at the Fiji Tech Summit 2025.

Aaron Jacobs, principal solutions engineer at Sophos, said most global cyber incidents stem from a lack of multi-factor authentication

(MFA), compromised passwords, and insecure remote access tools.

"It's 2025, yet many systems still lack MFA - a catastrophe waiting to happen. If someone can log in remotely without it, fix it now," he said.

Mr Jacobs shared examples where attackers quietly infiltrated networks, monitored systems, disabled defences, and encrypted data, often unnoticed.

"Alerts were there, but either no one saw them or understood them," he said. He warned that complacency and a shortage of trained cyber personnel leave organisations exposed. Companies ignoring early signs face data leaks, ransom demands, and reputational damage.

"It's not just IT disruption - families get harassed, directors threatened, and customers demand answers," he added.

Mr Jacobs urged businesses and government agencies to implement MFA, disable unused remote access tools, run regular penetration tests, and monitor cyber alerts 24/7. "Cybersecurity is too complex to manage alone. Test your defences - don't wait to become the next headline," he said, stressing that Fiji's digital ambitions rely on strong cyber-preparedness.