Mortal Fatality!

The International Telecommunication Union (ITU) published the
latest Global Cybersecurity
Index
(GCI), “a trusted reference that measures the commitment of
countries to cybersecurity at a global level”. The overall score has
increased. The United States got a perfect rating, and the overall
percentage of South America has decreased.

The first time ITU published the GCI was
in 2015 (with data from 2014).
At the beginning of this year, the fourth
report
with the 2020 data was published, whose closest comparison is the third
report
published in January 2019. The GCI analyzed 193 countries and data
collected by ITU granted by each of the organization’s members.

The 2021
report
notes a “median overall score growth since 2018” of 9.5%. However, in
Latin America, this was not the tendency, although there is a pair of
surprising cases. The most notorious one is Brazil, South America’s
leader. It rose from 70th place to the 18th worldwide, surpassing, on
the global scale, countries such as Belgium, Italy and Finland. However,
most Latin American countries worsened in the ranking. Such is the case
of Colombia, which went from 73rd place in 2019 to 81st one; Uruguay
went from being the best country in Latin America with the 51st place to
being the third one with the 64th place, below Mexico and Brazil.

How were these results obtained?

The primary input is a study covering 82 questions related to
cybersecurity commitments. All questions can be consulted at the end of
the report. Each of these questions can be classified into any of the
following categories: legal measures, technical measures, organizational
measures, capacity development measures, cooperative measures. The
questions were multiple choice (with two or three answer options) that
had to be supported with a document or a link where that information is
officially endorsed. Once all the data were collected, the questionnaire
was analyzed in two different validation stages. There, each provided
document (or ink) attached to the question was examined. The result was
then discriminated into five categories with 20 maximum points per
category so that the total sum was equal to 100.

The categories are as follows: – Legal measures. It examines how a
country deals legislatively with cybersecurity threats. If a country has
adequate legislation to respond to cyberattacks, it can undertake
relevant investigations and sanction impositions. – Technical
measures. If a country has expert institutions of a technical nature
responsible for cybersecurity, it would have a good rating here. Among
the technical aspects to be evaluated are the “accreditation schemes for
software applications and systems.” If a country does not demand minimum
standards from its institutions (public or private), it will have a low
rating in this criterion. – Organizational measures. If a country
manages to efficiently coordinate its institutions around the
development and implementation of cybersecurity strategies, then it will
score well in this criterion. Each country must have a national plan, a
governance model and supervisory bodies to verify the implementation of
cybersecurity standards. – Capacity development measurements. A high
ranking in this criterion shows that there are well-established
education programs in the country. In both the public and private
sectors, professionals are certified to face cybersecurity tasks in the
best way. This implies being aware of the technicalities behind
cybersecurity and the political and economic implications that flow from
it. – Cooperative measures It happens that cybersecurity problems
are no longer just a matter for a country but also depend on the
security of allied nations. In this regard, governments have a shared
responsibility. Being coordinated with other countries on security
issues is essential. This is the case, for example, in Europe, where
there are joint regulations thanks to the General Data Protection
Regulation.

America Results

The United States and Canada remain on the regional podium occupying
first and second place. The United States earned a perfect
rating in this report, obtaining first place globally and
replacing the United Kingdom. The worst-ranked countries are Haiti,
Dominica and Honduras. All three countries were also in the worst
positions in the last report. This time they worsened their overall
ratings. Haiti went from 164th in 2019 to 167th, Dominica from 172nd to
174th, and Honduras from 165th to 178th.

Brazil, Costa Rica and Suriname considerably improved their overall
positions by climbing 52, 39 and 36 places, respectively. In contrast,
Guatemala and Nicaragua decreased by 38 and 25 seats, respectively.
Countries that remained relatively stable were Cuba, which moved from
81st to 82nd place, Argentina, from 94th to 91st and Bolivia, from 135th
to 140th. Peru and Chile stood out slightly after increasing 11 and 17
places. However, in this report, the Latin America tendency was to
decrease its global score. Countries such as Colombia, Venezuela,
Panama, Ecuador and Paraguay decreased their overall scores. To be
exact, they dropped 8, 17, 6, 21 and 18 positions, respectively, on the
global scale.

Colombia’s profile

Colombia had been ranked 73rd in the world in 2019, a place occupied by
Zambia now Compared to the best countries in the region (i.e., Brazil
and Mexico) Colombia has two criteria far below: legal and
organizational measures. Brazil has a perfect score in the first, while
that’s the lowest score in Colombia. Contrary to Colombia, a score in
which almost all South American countries excel is in Legal Measures.
Latin American countries that are below Colombia has better ratings in
Legal Measures. Cuba (17.62), Paraguay (10.41), Peru (who has a perfect
score in that criterion), Argentina (12.15), Panama (10.41), Suriname
(11.13) and Guyana (13.12) surpass Colombia in this criterion (see
Figure 3). We must go down to Venezuela, 35 places below Colombia, to
find a lower score in Legal Measures (8.80).

Latin America has a relatively adequate legislative response to
cybersecurity threats. In other words, the legal systems of their
countries provide appropriate sanctions for cybercrimes. This also
incentivizes investigations by the relevant control bodies. In contrast,
the weakest criterion of Latin American countries is technical
measures, ironically, one of the best criteria in Colombia (17.58).
Countries well placed in the ranking, such as Chile (9.39) or Costa Rica
(9.14), have scored much lower than Colombia. And even the three best
countries in Latin America do not exceed the colombian score by far:
Brazil (18.73), Mexico (17.90) and Uruguay (18.27).

In conclusion, although the world is strengthening its cybersecurity
policies and getting more conscious to face such threats, the reverse
phenomenon seems to be occurring in Latin America. A more significant
effort is needed from Latin American nations to reach the global
widespread commitment. More outstanding engagement is required in
formalizing institutions whose mission is to ensure the nation’s
cybersecurity.

We hope you have enjoyed this post!
At Fluid Attacks, we look forward to hearing from you.
Contact us!

*** This is a Security Bloggers Network syndicated blog from Fluid Attacks RSS Feed authored by Felipe Zárate. Read the original post at: https://fluidattacks.com/blog/global-cybersecurity-index/