Latin America begins to acknowledge the serious threats of cybercrime

As Mexico takes a stand against cyber threats, what about the rest of LatAm?

In February, Microsoft announced the opening of a new cybersecurity support centre in Mexico that would service the Mexican and wider Latin American region.

The Cybersecurity Engagement Center will help Microsoft’s clients with “protection from attacks and security risks, as well as ways to detect them and find solutions,” says Jorge Silva, general manager of Microsoft Mexico. This client base will include private sector companies as well as governments and police forces. As part of the announcement, Microsoft revealed that it had signed a deal with Mexico’s federal police to provide cybersecurity training.

Mexico appears to be just the first step but a spokesperson for Microsoft declined to comment on the specifics of the training it will be providing to police forces or if it will be working with other law enforcement agencies in the region.

The development of the centre is a crucial step though in improving the country’s cyber defences as well as defences around all of Latin America.

According to a February report from the Wilson Center’s Mexican Institute, Mexico experiences the second highest number of cyberattacks in Latin America, second to Brazil.  The country’s growing GDP makes it an ideal target, it said, as business and consumer activity improves. Figures from late 2016 showed that the rate of personal data theft in Mexico was growing.

On the infrastructure and government side of things, Mexico was found by the Wilson report to have outdated systems and poor configuration that left itself vulnerable. But this isn’t unique to Mexico as a 2015 Trend Micro study showed that most of the vulnerabilities discovered in systems in Brazil and Chile were in a similar state.


Time to act

Mexico has been criticised in the past for having a lack of plan in place for dealing with cyber threats.

In 2007, Mexico was invited to sign the Budapest Convention on Cybercrime, the world’s first international treaty addressing cybercrime, drawn up by the Council of Europe. A number of non-European countries have been invited to do so since it was inaugurated in 2001.

Ten years on, Mexico has yet to sign or ratify the agreement. Reasons for this include Mexico’s legislative process being unable to adhere to the provisions. Other Latin American nations that have yet to sign the Convention include Argentina, Chile, Colombia, Paraguay, and Peru.

In that time however Mexico has made some efforts to better understand cybersecurity and how it may be addressed.

In 2010, it established its own computer emergency response team, CERT-MX, to monitor the security of critical infrastructure and federal government systems through collaboration among politicians, academics, and the federal police.

In 2014 the government hosted a workshop with other nations called Cybercrime Legislation in Latin America. However Mexico has yet to enact any specific cybercrime laws since then.


Little uniformity

Across the Latin American region, there is something of a patchwork of laws concerning cybersecurity.

Brazil being the region’s largest economy makes it one of the chief targets for attacks and scams. During the preparations for the 2014 World Cup and 2016 Olympics, the country had to bolster its defences if it wanted to make the grade.

Despite such a massive economy and population, and the business environment that comes with that, Brazil does not have any legal obligations on companies to disclose a data breach when it happens.

Cybercrime laws in Brazil have been difficult to formulate, mostly stemming from concerns over mass surveillance and overreaching privacy infringements at the hands of law enforcement. Brazil’s most known, or infamous, law that governs the internet is Marco Civil. It’s a piece of legislation that’s been under much scrutiny for years. In its original form, it regulates the amount of data a company can gather on users, and on paper, protects the ideas of net neutrality.

Changes to the law have been proposed in the past as a way to combat cybercrime but critics have called these proposals a Trojan horse for introducing greater surveillance mechanisms.

The landscape is mixed in neighbouring countries. Uruguay, much like Mexico, has its own computer emergency response team, founded in 2008, and in 2009 its government passed a decree that stated all agencies needed to implement a cybersecurity plan. In February, Uruguay’s national police was one of a handful of police forces that participated in a cybercrime program which took place in Japan and was coordinate by Interpol.

The Chilean government meanwhile knows first-hand the threat of cybercrime. In February 2016, hacktivists targeted a department within the Ministry of Social Development and leaked personal data of more than 300,000 citizens relating to state benefits.

The government is currently mulling new data protection legislation, which has been lacking in the country. A 1999 law remains in place and has not been adapted to the times. Under the proposed rules, which would update rather than replace this law, companies in Chile would face much stricter data protection compliances when handling customer data.

The government departed for its summer break in February so the law has been stalled for now and will likely be early next year before it comes into effect. The new rules are also seen as a way to boost and improve confidence in Chile’s ICT sector overall.

While none of these strides are particularly dramatic, Latin America is beginning to acknowledge the serious threats of cybercrime and that the threats are global rather than focused on developed markets.


Also read:
Should Brazil’s Marco Civil internet law be left alone?
Is South America prepared for cyberattacks?