WASHINGTON, D.C., APRIL 26, 2024 – The growing threat of ransomware attacks to the Latin American cybersecurity landscape is exacerbated by the lack of robust policies and regulations in place to prevent and respond to cybersecurity incidents, according to a new report released today by the Digi Americas Alliance, written in collaboration with Duke University. The report, titled "Cyber Readiness in Latin American Public Sectors: Lessons from the Frontline,'' sheds light on the pressing challenges faced by the region, particularly in safeguarding critical infrastructure from cyberattacks like ransomware. The report examines recent events in Colombia, Costa Rica, Chile, and Panama to gauge the effectiveness of their response tactics and respective national cyber policies. The analysis focuses on approaches governments in the region can take to help organizations in their countries mitigate cybersecurity risk.

The report highlights that currently “only seven of the 32 Latin American countries have plans in place to protect critical infrastructure from cyber-attacks, and only twenty have Computer Emergency Response Teams (CSIRTS).” Despite this lack of preparation, a notable finding from the report shows promise for growth with “94% of [survey] respondents at least somewhat agreeing that implementing a risk management framework can enhance their organization’s resilience against cyber threats such as ransomware.”

“Our research findings demonstrate that despite grappling with limited resources, countries in Latin America are showing significant attack resilience and beginning to implement promising cybersecurity capabilities,” noted Belisario Contreras, coordinator of the Digi Americas Alliance. David Hoffman, Professor at Duke University added that “the report illustrates that countries in the region face similar challenges related to incident response and workforce development, which we underscore as an opportunity for coordinated security advancement.”

The report offers a comprehensive analysis of current cybersecurity practices, identifies bottlenecks in incident response, and proposes effective measures to bolster cyber defenses in Latin America. Recommendations include:

  • Bolstering investment in workforce development to address the significant shortage of trained IT professionals.
  • Establishing voluntary risk management frameworks to guide organizations in enhancing their cybersecurity posture.
  • Investing in cybersecurity infrastructure and technologies, such as cloud-based solutions, to mitigate ransomware risks.
  • Establishing centralized cybersecurity management and reporting systems to facilitate effective incident response.

The rapid digitization in Latin America has outpaced the development of effective cybersecurity measures, leaving initiatives and policies in the early stages of development. The Digi America's Alliance hopes that by elaborating on the current challenges that remain in addressing ransomware threats, it will encourage renewed investment and collaboration on cybersecurity initiatives throughout Latin America.

About the Digi Americas Alliance:

The Digi Americas Alliance is a multi-stakeholder and interdisciplinary network of organizations dedicated to shaping digital policy and addressing technical issues throughout the Americas.

To read the full report in Spanish please click here.

Read Next

The U.S. Data Security EO with Lee Licata and Grant Dasher (Part 2)

For the first time in the Distilling Cyber Policy podcast, Alex and Jen are re-joined by guests from earlier this season: Lee Licata, from the Department of Justice, and Grant Dasher, from CISA.

The U.S. and UN Cybercrime Convention: Progress, Concerns, and Uncertain Commitments

The U.S. issued an updated position seeking to move forward the UN Convention Against Cybercrime, a treaty intended to improve the global community’s ability to combat evolving cybercrime threats.

The Counter Ransomware Initiative with Hamish Hansford (DCP S2 E8)

In the latest Distilling Cyber Policy, Alex Botting and Jen Ellis are joined by our second-ever Australian guest: Hamish Hansford, the Deputy Secretary of Cyber and Infrastructure Security Group at the Australian Department of Home Affairs.