We have witnessed increased cyberattacks on the Latin American region in recent days. Mexico’s President Obrador confirmed that its government has suffered what is perhaps a sensitive attack on its intelligence and armed forces. Chilean Armed Forces suffered a similar attack and its judiciary system was also compromised. The Colombian National Institute for Drug and Food Surveillance (INVIMA) was also attacked. Moreover, there was an attempt to breach systems at the Ministry of Health of Costa Rica, a country that was the victim of a large ransomware attack this year.
Why are attackers targeting Latin America?
Several theories are circulating as to why Latin America is a target for cyberattacks. One of the groups behind these attacks, Guacamaya, claims that it is attempting to “sabotage” western companies that exploit the region's natural resources. In the case of another criminal group active in Latin America, Conti, there is a nexus with the Kremlin. These attacks follow a similar timeline to a recent announcement by Ukraine’s Defense Ministry indicating that Russia is planning mass cyberattacks on critical infrastructure facilities of Ukraine and its allies, and Latin America could be used as a test or scenario area.
Developed nations, including their private sectors, are more aware of the magnitude of the risk that external threat actors can play in the stability of their countries and economy. Over the past years, countries and regions such as the United States, European Union, and the United Kingdom have instituted policies and regulations designed to limit the risks of cyberattacks on their businesses and critical infrastructure. They have also issued guidance on the technical capabilities businesses and government agencies should have in place to protect themselves.
The situation is different in Latin America, and we need a change of strategy. These are three actions that Latin American government and private sector leaders should take to address the risk of cyberattacks.
1. Assign financial resources to cybersecurity
As of today, 15 countries in Latin America have developed National Cybersecurity Strategies, but very few of them have assigned resources to implement the actions described in those plans. Governments need to work with their legislative bodies on appropriating financial resources and considering following success stories such as Uruguay, where the country worked with the Inter-American Development Bank (IDB) to approve the first cybersecurity credit in Latin American history.
On the other hand, private sector leaders must understand that cybersecurity is not a cost but an investment for their organizations. Leaders need to request periodical indicators about the level of preparedness, incidents, and security breaches, as well as other metrics and assign financial and human resources according to the organization’s needs.
2. Cooperate immediately on cyber threats
Cybercriminals work in a coordinated fashion and like a private sector company. To beat them, law enforcement agencies and incident response teams must coordinate with the private sector and other governments worldwide. There is an urgent need to break paradigms and look at successful models like ENISA and EUROPOL.
Moreover, although there are over 20 national computer incident response teams (CSIRTs) in the region, they need urgent attention. These entities need to modernize and go through a maturity assessment. The recent attacks prove that the current information sharing mechanisms that governmental CSIRTs have in place are not enough, and they need to participate in and engage with public-private sector forums such as FIRST, FS-ISAC, H-ISAC, LATAM CISO, the Ransomware Task Force (RTF), among others, in both technical and policy capacities.
3. Change the mindset toward cybersecurity
The private sector must speed up and push for new cybersecurity standards, including the NIST Cybersecurity Framework. Very few countries in the region have national cybersecurity awareness programs. The STOP. THINK. CONNECT. awareness toolkit campaign is already adopted in several countries, including the United States, and it could be a good resource for nations that require somewhere to start.
Common citizens need to understand that as we care for our physical security, our digital security is now part of our integral security. We must educate citizens about the impact of bad habits such as sharing credentials, lack of multi-factor authentication, and other practices that could harm their lives.
Attacks targeting Latin American countries have and will continue to increase, and it is essential to take these immediate measures to mitigate the effects of these incidents. There is no single recipe about how a country, or a region can solve their cybersecurity problems, but for sure, there is a clear start, and it is now.
Episode 6: Congressional Cyber Policy with former Rep. Jim Langevin
Former U.S. Congressman Jim Langevin joins the pod to discuss a few of his many contributions to the field, including as the co-founder of the bipartisan Congressional Cybersecurity Caucus.
What Does a Government Shutdown Mean for Cybersecurity?
As a U.S. government shutdown looms, the impact on cybersecurity may be significant as workforce is furloughed leaving potential gaps.
NSTAC report details abuse of domestic infrastructure findings and recommendations
As the number of foreign actors using U.S. commercial network infrastructure to launch cyber-attacks has increased, a new report from the details findings and recommendations to deal with this abuse.