Latin America and the Caribbean (LAC) is the new frontier for cyber attacks, a crime that costs the world up to $575 billion a year, according to a joint study by the Center for Strategic Studies and McAfee. In LAC alone, the cost is estimated at about $90 billion per year.
A rise in the number of people with access to Internet-connected devices, in addition to developing economies that are increasingly technologically savvy, means opportunity for cyber criminals. In Brazil, for example, the country saw a 197 percent year-over-year increase in cyber attacks in 2015. Level 3 Communications – a global network services provider – recently found that 12 percent of Distributed Denial of Service (DDoS) attacks target Latin America, and that number is escalating.
Level 3 data center/security product manager, Pablo Dubois, explains that DDoS attacks happen when multiple systems flood the resources of one targeted system. Dubois, who is based in Argentina, continues, “The culprit for this type of attack is often botnets […] Botnets are tasked with doing a variety of harmful things, including exfiltration of data, distribution of malicious software (malware), stealing of personal information, intellectual property theft and DDoS attacks.”
Right now, many LAC countries are in the nascent stages of developing Cyber Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) to react to attacks, however, they have yet to develop forward-looking defense mechanisms.
Moreover, 16 LAC countries lack a coordinated capacity to even respond to cyber attacks, according to the 2016 Cybersecurity Report by the Inter-American Development Bank, the Organization of American States, and the Global Cyber Security Capacity Centre at the University of Oxford. Countries found to have an intermediate level of preparedness include Argentina, Brazil, Chile, Colombia, and Mexico.
In addition to response and prevention problems, Frederic Lemieux notes that public awareness – a key to bolstering cybersecurity – is missing. “A vast number of Latin American countries have not yet put in place awareness strategies or campaigns to inform the public about the perils of the Internet,” says the Program Director for Cybersecurity Strategy and Information Management at The George Washington University.
It’s not just the public who is often unaware of the risks posed by being connected. “Too often private industries (small and medium businesses) and government agencies tend to believe that nobody is really interested in harming them and, therefore, they invest minimally on preventive programs and/or proactive measures,” explains Lemieux.
That being said, six LAC countries – Brazil, Colombia, Jamaica, Panama, Trinidad and Tobago, and Uruguay – have already adopted national strategies on cybersecurity, and a number of others are working on it. “Awareness of the importance of developing cybersecurity strategies is increasing among countries [in LAC],” notes a group of scholars from Brazilian think tank/higher education institution Fundação Getúlio Vargas. “The army and the national security agencies have not been widely established as coordinators of cybersecurity policy development. This provides a positive window of opportunity to develop cybersecurity policies in multi-stakeholder platforms.”
Public-private partnerships (PPPs) are requisite to adequately build cyber security regimes. But these initiatives remain limited in many LAC countries. Leading cybersecurity experts Melissa Hathaway, Jennifer McArdle, and Francesca Spidalieri provide a reason: “Mistrust among stakeholders has diminished collaboration, and the absence of recognized clearinghouses or brokers of authoritative information still hampers the ability of most LAC countries to establish formal information-sharing mechanisms.”
In fact, a 2015 OAS and Trend Micro report found that only 21 percent of critical infrastructure operators talk with governments about the cyber resilience of their systems. Editor of the report and a cyber security program manager at OAS, Belisario Contreras, told The Cipher Brief, “Often, businesses worry that disclosing cyber incidents to the government will result in penalties or a loss of confidence by consumers.” In order to get ahead of the cyber threat, governments and private entities need to work together to create an environment of trust and information-sharing.
Cooperation between countries both within LAC and around the world also plays a vital role in managing the cyber threat. Unfortunately, “[LAC’s] geographical reality translates into several complex challenges” and “information exchange channels are rather limited,” says Lemieux.
But that doesn’t mean business should steer clear of the region. “Cybercriminals and bad online actors know no boundaries,” states Dubois, and “the business climate in Latin America has never been better.”
LAC has an opportunity right now to develop a strong and integrated cybersecurity network before attackers infiltrate the region to the same extent as say the U.S. The question is whether governments have the political will, private industry is open to working with the public sector, and citizens start taking responsibility for their own cyber security.
Source: The Cipher Brief