07/31/18 Five Measures Latin America Must Take To Get Up To Snuff On Cybersecurity

Originally posted by Conrad Egusa | Forbes on July 31st, 2018

Shutterstock

In early 2016, the Inter-American Development Bank (IDB) released an ominous assessment of Latin America’s preparedness for cyberattacks, characterizing the region as especially and increasingly vulnerable to potentially devastating incidents. A year and a half later, the theft of 28 million users’ data from Latin America’s largest social network site, Taringa, has proven the report prescient.

What is perhaps even more unsettling is the fact that other comparable attacks may have been carried out on the region in recent years, but we wouldn’t necessarily know it. As the IDB report points out, businesses in the region are frequently not obligated to report incidents, and governments are slow to share details of attacks with their neighbors.

Having been based in Latin America for years, I have been witness to the region’s ongoing digital transformation, the rapid changes keeping these nations competitive in the global market and improving the lives of their citizens. I have also, even recently, seen a number of clients fall victim to cybercrime.

For all the prosperity promised by increased connectivity, smart cities and factories, it’s clear that these advances will prove a tremendous liability if Latin America doesn’t prioritize cybersecurity, and catching up will be no easy task. Much of the region’s populations are largely unaware of the risks of cybercrime. Currently, the IDB estimates the cost of cybercrime in Latin America at $90 billion per year.

It’s time for Latin American governments and industries to take concrete steps toward safeguarding the region’s critical infrastructure against the threat of cybercrime. Here are five measures that must be prioritized:

A National Cybersecurity Strategy

With an estimated 2.8 billion more internet of things (IoT) devices being brought online in 2018, the attack surfaces of critical infrastructure are expanding at an ever greater rate. For governments worldwide, it has never been more critical to have a comprehensive cybersecurity strategy for preventing and resolving digital threats. But, according to the IDB, four out of five Latin American countries lack such a strategy, while around half are without a coordinated response protocol.

Latin American states must assess their infrastructure's particular vulnerabilities and then develop holistic, proactive strategies accordingly. They should designate a competent authority to implement policies that take a proactive and continually updated approach to preventing cybercrime. The region’s governments must also put into place incident response mechanisms that can mitigate damage when and if an attack occurs.

Collaboration

Latin American nations are at a particular disadvantage when it comes to cybersecurity. Most security software companies have not viewed Latin America as a critical market, and therefore there are fewer cybersecurity services available. At the same time, high tariffs can make importing security solutions unaffordable for the region’s developing economies.

But whereas these countries may individually lack the resources to adequately combat cybercrime, a commitment to joining forces in the fight can drastically improve their capacity to protect themselves. April 2017’s OAS resolution to increase cooperation, transparency, predictability and stability in cyberspace was a big step in the right direction. Now the region must double down on collaborative efforts.

A Responsible Disclosure Policy

If an attack occurs, it’s absolutely essential that businesses in the private sector fully disclose all details to authorities immediately. However -- with Mexico, Peru, Colombia and Uruguay standing out as exceptions -- the vast majority of Latin American countries have no disclosure policy in place to obligate reporting of cyber breaches.

If businesses aren’t legally bound to report instances, authorities will lack the information to neutralize the threat, reduce the damage, investigate the perpetrators and take preemptive measures to prevent similar occurrences in the future. Each country needs a responsible disclosure policy, as well as an information-sharing mechanism that ensures the exchange of actionable intelligence between government and industry.

Tech And Talent

Initiatives to tackle the threat of cybercrime won’t succeed without cutting-edge tech, nor without well-trained talent. Unfortunately, there is a significant lack of both in much of Latin America.

To help grow a security-trained workforce, the Cisco Networking Academy has partnered with 1,550 academies and 3,800 instructors to provide cybersecurity training across Latin America. As of March, some 1.6 million had already completed the coursework. Meanwhile, Microsoft last year opened a Cybersecurity Engagement Center in Mexico, aiming to provide a headquarters for the region’s development of new solutions for IT security.

These and other similar partnerships are offering Latin America a leg up in its efforts, but private and public sector organizations across the region must themselves commit to allocating resources to cybersecurity training.

Cyber Insurance

A comprehensive, collaborative strategy for proactively preventing cybercrime will vastly improve the safety and security of Latin America’s modernizing economies and societies. No preventative plan, however, is invulnerable. With hackers' intent on staying one step ahead, it’s no wonder the cyber insurance industry is set to reach $20 billion in premium revenue by 2025 -- it can cover assistance in neutralizing the breach and business interruption expenses. In short, it’s essential to ensuring that damage is mitigated.

Of course, as with other cybersecurity services, Latin America doesn’t enjoy access to a wide range of fairly priced cyber insurance options. While cyber insurers worldwide have from the industry’s inception been constrained by their lack of adequate risk models, the absence of analytics on breaches and losses from Latin America has left them especially reluctant to provide these nations services.

This, too, though, is not without remedy. Companies like Symantec-backed CyberCube are offering risk-modeling platforms to cyber insurers capable of processing terabytes of data -- and ultimately allowing the industry to insure businesses in regions where they were hitherto reluctant. Microsoft for Startups is another organization actively investing in these new models throughout the world.

As Latin America races to reap the benefits of a hyperconnected world, ever more sophisticated cybercrime will undoubtedly search out the vulnerabilities underlying those hopes. But a shared interregional commitment, along with collaboration between government and industry, can help stave off disaster. The nations of Latin America can no longer afford to drag their feet.

Comments are closed.