Contreras began his talk by stating that data is more valuable than oil and that this is why cybersecurity strategies are necessary in both the public and private sectors. He also emphasized that “incidents are increasing year after year and becoming increasingly sophisticated.”
“No government in Latin America is secure, and if just one link in the chain fails, significant assets could be lost,” he said, noting that cybersecurity policies must include everyone—otherwise, they are ineffective. “We must keep in mind that employees are the weakest link, but they are also the first line of defense.”
For his part, Subero noted that “we must assume that the attacker is intelligent and will bypass all preventive measures.” He recommended not blocking attackers right away, but rather waiting to see what they’re after and what they’re doing in order to know how to defend against them.
He also provided a brief overview of the different types of cyberattacks, highlighting phishing as the most common method and BEC (Business Email Compromise) attacks as the most successful.
BEC scams work by tricking an employee with access to financial accounts into transferring funds to an account they believe belongs to a customer or supplier, but the money ends up in the criminal organization’s bank account.
According to Contreras, there are still many challenges to be addressed in Latin America and the Caribbean; for example, 30 of the region’s 32 countries lack national cybersecurity awareness programs, 26 countries have not implemented national strategies, and 20 lack national command and control centers.
At the end of the conference, Contreras said that a legal framework must be enacted to enable the investigation and prosecution of cybercrime, but above all to protect citizens.