FORWARD

David Hoffman, Steed Family Professor, Duke University

Andy Kotz, Researcher, Duke University

Belisario Contreras, Coordinator, DigiAmericas Alliance

The LATAM CISO 2023 Cybersecurity Report provides insights from industry leaders regarding the level of cyber resilience among various organizations in the Latin American region. LATAM CISO is a multistakeholder and interdisciplinary network of cybersecurity professionals that aims to gather and coordinate input from members to shape the priorities ofcybersecurity in the Americas and strengthen their overall security posture. This report was created to identify gaps in security, as well as the needs andlimitations of organizations in Latin America that are preventing them from achieving a better stance against cyberattacks. The Latin American region suersmore than 1,600 cyberattacks a second, which is why it is imperative that organizations toughen their capabilities to protect themselves from this growing environment of cyberattacks and security risks. The report is intended to provide decision makers from both the public and private sectors with insights to help them understand their vulnerabilities and focus their efforts and resources on the areas within their country that need the most support. To this end, a survey was conducted among chief information security officers (CISOs) and other manager-level positions in 195 organizations from different sectors of all sizes. Among those surveyed, 21% work at a small organization(1–100 employees), 24% work at a medium organization (100–999 employees), and 56% work at a large organization (over 1,000 employees). The most heavily represented industries were financial services (24%), government (23%), and professional services (10%). Over 70% of respondents reported that the number of cyberattacks on their organization has increased from the previous year, demonstrating that despite increased cybersecurity efforts, the attacks are persisting. The report begins with an assessment of organizations’ budgets, types of attacks, number of attacks, risk assessment frequency, multi-factor authentication (MFA) deployment, security awareness trainings, and other factors that affect the cybersecurity capabilities of organizations. The report concludes with a set of recommendations that will contribute to improving cybersecurity and resilience in the Latin American region. The recommendations focus on each data collection category and suggest actions based on the indings. For example, the data collected demonstrate inadequate investment in regular security risk assessment. An increase in governmental campaigns to create cybersecurity frameworks requiring organizations to conduct risk assessments more frequently can enable the identification of vulnerabilities. This report will enable organizations to thoroughly examine their cybersecurity capabilities and understand the next steps needed to increase their resilience against attacks. Overall, the report found that while efforts are being made to fortify cyber capabilities, threats continue to persist. Consequently, organizations must continue to pay more attention to their vulnerabilities and how they can address them.

READ THE FULL REPORT HERE

EN ESPANOL

EM PORTUGUÊS

LATAM CISO & Duke University

Read Next

A Partial Win for AI Red-Teaming from the Copyright Office

The U.S. Copyright Office clarified legal rules for AI trustworthiness research and red-teaming under Section 1201 of the Digital Millennium Copyright Act and AI red-teamers have cause to celebrate, however, there is some not-so-great news too.

Building PQC and Crypto Resiliency Across the Public and Private Sectors

A webinar that featured industry leaders from AT&T, the National Institute of Standards and Technology (NIST), InfoSec Global, The White House, and Venable LLP, focused on cryptographic resilience and post-quantum transition.‍

Securing the Future of AI: What’s Next?

The intersection of AI and security is a hot topic but we find that people haven’t spent time to understand what is truly new about cybersecurity, and where organizations need to bolster defenses as AI use cases promulgate.