Cybersecurity lessons from Latin America's battle against ransomware threats

Latin American nations are intensifying their efforts to combat the growing threat of ransomware attacks, showcasing a defensive stance and a proactive approach to enhancing cyber resilience and innovation and protecting vital infrastructure.

Cyber incidents in countries like Costa Rica and Colombia have triggered a robust response across the region. Although these nations are in the early stages of establishing comprehensive cybersecurity policies, new research offers an optimistic outlook.

The Cyber Readiness in Latin American Public Sectors: Lessons from the Frontline report, jointly produced by the Digi Americas Alliance and its LATAM CISO Network in collaboration with Duke University, highlights the development of advanced cybersecurity measures in the region.

It evaluates the efficacy of national policies and incident response strategies based on real-life cases from Colombia, Costa Rica, Chile and Panama, and includes insights from interviews with key stakeholders and data from surveys.

The report provides significant insight into how Latin American leaders proactively address these challenges. They are adopting risk management frameworks (RMFs) and leveraging public cloud technologies to strengthen their cyber defences.

In the face of escalating ransomware risks and the need for greater data security, government officials acknowledge the critical importance of strengthening cybersecurity across public and private sectors.

Although there are still gaps in cyber readiness and response, there is a significant push towards building a cyber-resilient culture from the ground up. The US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 is highlighted as a versatile tool that can be adapted to meet local needs.

Survey results from the report reveal strong support for risk management frameworks, with 94% of respondents agreeing that RMFs can enhance organizational resilience to cyber threats. Nearly three-quarters (72%) have integrated an RMF into their cybersecurity strategy, while those who have not cited resource constraints as the main barrier.

The adoption of cloud-based services is also on the rise in Latin America, driven by the need for improved security. According to the survey, 78% of respondents are using or planning to implement cloud-based cybersecurity infrastructure, recognizing it as a critical factor in strengthening their digital defences.

The LATAM CISO Report 2024 provides comparative insights from Colombia, Costa Rica, Chile and Panama, highlighting similarities and differences in cyber responses.

One key trend is a reactive approach, where countries strengthen their defences after experiencing attacks. Costa Rica's case prompted the country's declaration of a state of emergency and the development of a new national cyber strategy. In the case of Colombia, two bills were introduced to the Colombian legislature to create a technical and specialized digital security authority.

Another significant trend is the strength of international collaboration, with Latin American nations actively engaging in global dialogues and partnerships to strengthen cybersecurity measures.

Costa Rica, for instance, signed memorandums of understanding with several countries, including Israel, Japan and the United States, the latter of which has announced plans to provide $25 million in assistance to establish a cybersecurity operations centre by 2026.

Colombia has also pursued international collaborations to address cyber risks effectively, with this collective effort underscoring the importance of global cooperation in the fight against cyber threats.

An important aspect of the report is its focus on workforce development and education. Insights from interviewees in Colombia, Costa Rica, Chile, and Panama underscore the necessity to expand cybersecurity training programmes and foster cyber awareness across the public and private sectors.

The report recognizes that investing in talent and culture around cybersecurity is a foundational step that can drive maturity, resilience and risk reduction over time, benefiting organizations and citizens alike.

It recommends establishing comprehensive training programmes and educational initiatives to address these concerns and build a robust cybersecurity workforce. By enhancing human capital, Latin American nations can better detect, contain and recover from cyber incidents, reducing risks and improving overall cyber resilience.

This aligns with the World Economic Forum’s Strategic Cybersecurity Talent Framework 2024, which resonates with this need and emphasizes the importance of aligning cybersecurity education and training with global industry needs.

The Digi Americas Alliance and Duke University also provided key recommendations for Latin American governments to strengthen their cybersecurity measures:

By following these guidelines, Latin American countries can strengthen their cyber defences and contribute to a more secure and resilient global cybersecurity environment. In facing the ever-growing cyber threats, the focus is on solidarity and collective defence against malicious actors aiming to compromise digital security.