The Global Ransomware Report 2023 revealed that 84% of organizations, businesses, and government agencies experienced "one or more cybersecurity intrusions" in the past 12 months. Among them, those located in Latin America and the Caribbean registered an average of three gaps in the last year.
The data is not surprising locally: Argentina suffered a Ransomware cyberattack a week ago where the cybercriminal group Lockbit encrypted the data of a company called Bizland, which manages the system of discounts in pharmacies for social and prepaid works, which left users without systems.
But the case was one more brick in a wall that has more height every day: from the case of the Senate of the Nation at the beginning of last year, through large companies such as OSDE, Artear or Ingenio Ledesma, the list of organizations extorted by this malware (virus) that encrypts data to ask for money in exchange grows more and more.
In this context, the Fortinet study is a survey that investigates around 30 countries around the world. The publication places great emphasis on the cybersecurity skills shortages affecting organizations around the world.
These vacant positions lead, according to the numbers, to which 68% of organizations faced "additional" cybersecurity risks: from data breaches, phishing and internal data thefts to ransomware cases, the publication's main concern.
In this sense, Fortiguard Labs, the threat lab, detected that security intrusions are increasing: "84% of organizations experienced one or more cybersecurity intrusions in the last 12 months, compared to 80% last year."
"More organizations were impacted financially due to breaches: nearly 50% of organizations suffered breaches costing more than $1 million in the past 12 months, representing a 38% increase compared to last year's report," they add.
But without a doubt the biggest concern that companies and governments have is the "skills gap", that is, the lack of personnel: "94% of boards in companies in Latin America and the Caribbean advocate hiring more IT [Information Technology] security personnel, which emphasizes the demand for cybersecurity talent", Explain.
"Cybersecurity continues to be a priority for boards of directors and there is an executive demand to increase IT security staff. In addition, technology-focused certifications are highly valued by employers, as they serve to validate skills.
In addition, there is a strong emphasis on how difficult it is for organizations to hire experts in the field, especially to appoint leaders who know how to handle cybersecurity, information security and design an architecture that is prepared to prevent and handle computer attacks.
In this sense, few organizations have a key position: that of CISO, Chief Information Security Officer.
The CISO, a key but almost non-existent role
"If I had to explain what a CISO is, I would say that he is by definition the highest executive in terms of information security," Jaime Chanagá, Fortinet's CISO for Latam and the Caribbean, explains to Clarín.
Galicia, one of the companies that in Argentina have CISO. Photo Lucia Merle
"However, this role has evolved over the last 20 years and has gone from beingjust technical figures to also being business leaders: someone who speaks the language of the business they are part of and who supports initiatives through information security, driving and protecting and providing more risk mitigation and resilience to the business," Adds.
In Argentina there are large organizations such as Banco Galicia or Santander, which have a designated CISO but, for example, at the state level, this position does not exist (as it does exist in the United States, for example).
"All Latin American governments at this time are aware of the gravity of what is happening in this cyber weapons cold war. If we look at the headlines that have occurred in recent years, we can see that many governments have been attacked throughout Latin America," he recalls.
Latin America is very little advanced in this regard, but it is not the only region that is lagging behind. "In Latin America, less than 1% of public and private sector organizations have an appointed CISO. But even the 'Fortune 500' companies, that is, the 500 largest companies in the world in terms of revenue, only half have this position, "says the specialist.
As you can see, it does not necessarily have to do with lack of resources: "Many times it is due to lack of awareness at all levels of the organization."
In this context, the report concludes with a worrying fact: "65% of organizations expect the number of cyberattacks to increase in the next 12 months, which further aggravates the need to fill crucial positions to help strengthen security postures," he says.
A world that will increasingly need CISOs, but also the efforts of the computer security community to raise awareness among users.
Global Ransomware Report 2023
Derek Manky, Head of Threat Analysis, Fortinet FortiGuard Labs. Photo Fortinet
About the Global Ransomware Report 2023: "The survey was conducted among 569 cybersecurity leaders distributed in 31 countries around the world including: Brazil, Mexico, Colombia, Canada, United States, United Kingdom, France, India, and Japan, among others," explains Fortinet.
Respondents belong "to a wide range of industries such as manufacturing (29%), technology (19%), transportation (12%) and healthcare (11%)."
It can be read in full at this link.
See also