New guidelines issued after warning about increased cybercrime

As the adoption of new technologies that allow greater connectivity across the world continues to rise, so does the threat of exploitation.

One region to be hit by a wave of recent cybersecurity incidents is South America, as cybercrime and data breaches affect companies big and small.

Last year, Latin American social networking site Taringa suffered a huge data breach when nearly all 28 million users’ accounts were compromised.

A database breach exposed usernames, hashed passwords, and email addresses linked to profiles on the social media site.

And the threat of cybercrime across South America continues to rise, too.

In 2016, the number of ransomware cases across the continent grew by 131%, according to the Eset Latin America Security Report.

And a Trend Micro report stated that in 2015, one in three Brazilian companies fell victim to some form of cybercrime.

With the threat of cybercrime only expected to grow over the coming years, governments across South America are doubling down on their efforts to protect the data and security of their citizens.

By 2022, countries in South America are expected to spend a combined $170bn on protecting against cyber-attacks.

Uruguay is the latest country to adopt a set of guidelines for public and private companies, advising them on how to implement the best cybersecurity practices.

The Cybersecurity Framework was recently introduced by government digital institution Agesic.

It comes as Uruguay prepares to adjust its data protection laws in line with the introduction of GDPR later this month.

The Daily Swig spoke to Fabiana Santellan of Agesic to find out more.

What is the main focus of the cybersecurity framework?

Fabiana Santellan: The Cybersecurity Framework provides a homogenous approach to reduce the risk associated with cyber threats that may compromise information security.

It has been developed with support from academia and the private sector and is aligned with international best practices, and contextualized in harmony with current regulations and the best practices suggested by Agesic.

The cybersecurity framework defined by NIST has been taken as reference to ensure that responses to cyber threats, risk management and information security management are in accordance with international standards.

The Cybersecurity Framework can help an organization plan its cybersecurity risk management strategy and develop it over time based on its activity, size, and other distinctive features and specific elements.

It is not a static document, but will be modified according to technological changes, the evolution of threats and changes in risk management techniques.

Will the framework include new regulations which businesses and the government are expected to follow?

FS: The Cybersecurity Framework is a tool that is made available to public and private organizations to improve their levels of cybersecurity.

Government institutions are already obliged to report incidents of cybersecurity.

Private institutions do not have specific regulations, however the personal data protection regulations, which will be approved soon, will force them to report said incidents.

Was the framework developed in reaction to any specific cybersecurity incidents?

FS: Uruguay's goal is that by 2020, all the procedures of the public administration will be carried out digitally.

Therefore, the Cybersecurity Framework was created to generate confidence in the use of technology as [it becomes] a fundamental part of the evolution of digital government, which demands a secure platform to support it.

It was also formed to unify all existing resources in terms of good practices and cybersecurity regulations.