David Hoffman, Steed Family Professor, Duke University
Andy Kotz, Researcher, Duke University
Belisario Contreras, Coordinator, DigiAmericas Alliance
The LATAM CISO 2023 Cybersecurity Report provides insights from industry leaders regarding the level of cyber resilience among various organizations in the Latin American region. LATAM CISO is a multistakeholder and interdisciplinary network of cybersecurity professionals that aims to gather and coordinate input from members to shape the priorities ofcybersecurity in the Americas and strengthen their overall security posture. This report was created to identify gaps in security, as well as the needs andlimitations of organizations in Latin America that are preventing them from achieving a better stance against cyberattacks. The Latin American region suersmore than 1,600 cyberattacks a second, which is why it is imperative that organizations toughen their capabilities to protect themselves from this growing environment of cyberattacks and security risks. The report is intended to provide decision makers from both the public and private sectors with insights to help them understand their vulnerabilities and focus their efforts and resources on the areas within their country that need the most support. To this end, a survey was conducted among chief information security officers (CISOs) and other manager-level positions in 195 organizations from different sectors of all sizes. Among those surveyed, 21% work at a small organization(1–100 employees), 24% work at a medium organization (100–999 employees), and 56% work at a large organization (over 1,000 employees). The most heavily represented industries were financial services (24%), government (23%), and professional services (10%). Over 70% of respondents reported that the number of cyberattacks on their organization has increased from the previous year, demonstrating that despite increased cybersecurity efforts, the attacks are persisting. The report begins with an assessment of organizations’ budgets, types of attacks, number of attacks, risk assessment frequency, multi-factor authentication (MFA) deployment, security awareness trainings, and other factors that affect the cybersecurity capabilities of organizations. The report concludes with a set of recommendations that will contribute to improving cybersecurity and resilience in the Latin American region. The recommendations focus on each data collection category and suggest actions based on the indings. For example, the data collected demonstrate inadequate investment in regular security risk assessment. An increase in governmental campaigns to create cybersecurity frameworks requiring organizations to conduct risk assessments more frequently can enable the identification of vulnerabilities. This report will enable organizations to thoroughly examine their cybersecurity capabilities and understand the next steps needed to increase their resilience against attacks. Overall, the report found that while efforts are being made to fortify cyber capabilities, threats continue to persist. Consequently, organizations must continue to pay more attention to their vulnerabilities and how they can address them.
NIST CSF 2.0 Includes Positive Changes, Need for Greater Consistency, Practical Guidance
The Cybersecurity Coalition submitted broadly supportive comments in response to the National Institute for Standards and Technology Discussion Draft of the Cybersecurity Framework (CSF) 2.0 Core.
Center for Cybersecurity Policy & Law Staff are Thankful for …
The staff at the Center for Cybersecurity & Law would like to say what they are thankful for this year.
Ninth Circuit Avoids Vulnerability Disclosure Precedent, Following Amicus Brief
The Court of Appeals for the Ninth Circuit affirmed the dismissal of all claims in a case that risked setting a precedent requiring premature vulnerability disclosure, In re Intel Corp. CPU Marketing.