When Costa Rica was hit by a massive ransomware attack in April 2022, paralyzing exports and exposing gigabytes of sensitive information online, it was a warning sign for the entire region. Latin America and the Caribbean is the world’s least-prepared area for cyberattacks, according to an index compiled by an arm of the United Nations.
This is partly the result of a positive trend: Much of life moved online following the pandemic, and Latin America and the Caribbean has seen considerable innovation in areas like fintech and e-commerce. But that transformation has not been matched by efforts and investments to keep digital systems safe, writes AQ’s managing editor Cecilia Tornaghi, in our cover story. “Latin America’s entrepreneurial and innovative spirit does not come with a concern for security,” Louise Marie Hurel, founder of the Latin American Cybersecurity Research Network, told us.
Experts say having a plan is key, and so is education. According to an IBM study, 95% of all cyberbreaches start from human error. A phishing expedition that gets one single person to click on a funny video or too-good-to-be-true offer is all that’s needed to install malware that spreads within a system. And try they will: By one account, Latin American and Caribbean companies suffer 1,600 cyberattacks per second. Many times, a breach will stay undetected until the ransomware begins, or data appears for sale on the dark web, as happened to Argentina’s entire population, or residents of Medellín after a public services company, EPM, was hacked.
While cybersecurity is a global problem, in Latin America lagging legislation and a lack of awareness often leaves the issue solely in the hands of tech experts. But IT teams cannot solve problems when investments aren’t made. Digital security is a structural problem that needs to be tackled from the C-suites and presidential palaces. In short, leadership is needed.