Published on May 31st, 2022 📆 | 5068 Views ⚑
0Digital Crime Causes Firms to Look Abroad for Better Cybersecurity
https://www.ispeech.org/text.to.speech
Costa Rica is at a war. A cyber war. Such were the words of the countryâs newly elected president, Rodrigo Chaves, who faces a tough choice during his first month in office: pay a US$20 million ransom to a group of cybercriminals or endure the consequences of a ransomware attack that hit almost 30 government institutions at a federal, state and municipal level; consequences which might include, according to the culprits, the fall of the government itself.
Costa Rica isnât the first country to be critically hit by cybercrime, and trends indicate that it wonât be the last. The health services infrastructure of Ireland and Greenland were recently compromised. In november 2019, Mexican state-owned oil company Pemex reported a ransomware attack that forced it to shut down its computer systems. In May 2021, a ransomware attack against Colonial Pipeline cost the company millions in losses and caused fuel shortages all over the southeastern US.
A combination of rising criminal activity in the digital space and a shortage of specialized talent in the area of cybersecurity has put companiesâ and governmentsâ backs against the wall, forcing them to outsource the protection of their computer systems. Still, coming by a cybersecurity engineer in oneâs own country aintâ easy. Thus, some organizations are searching abroad for shielding.
âThere are two types of organizations: the ones that have been breached and the ones that donât know it yetââJorge HernĂĄndez
This development has given rise to cybersecurity as an exportable service. Firms such as TagSec Group (Mexico) and Netdata Networks (Colombia) are cashing big on the rising international demand. Netdataâs CEO, JosĂŠ Cabello, told Forbes that his company expects sales to double year-over-year in 2022 thanks to the export of cybersecurity solutions to the US, Chile, Costa Rica, Guatemala and El Salvador.
TagSecâs general director, Jorge HernĂĄndez, also expects 2022 to be a great year for business. The firm has successfully exported its services to South Korea, providing cibersecurity to industrial plants in the US, China and Mexico belonging to companies such as LG and Samsung.
How Many Engineers Do We Need?
The shortage of engineers specialized in cybersecurity remains the main driver behind the outsourcing and importation of the service by companies and governments.
In spite of an influx of about 700,000 cybersecurity professionals in 2021, the International Information System Security Certification Consortium (ISC2) still reported a workforce gap in the industry. About two-thirds of the organizations surveyed by the ISC2 expressed concern over cybersecurity staffing shortages, underlining how rapidly supply is being outpaced by demand.
âOne of the challenges for the industry on a global level is that there are not enough people with the specialized knowledge required to provide cyber-protection to organizations,â said Jorge HernĂĄndez. âThat goes for in-house operations in companies and for cybersecurity engineers in general; the shortage is worldwide. And weâll be needing lots and lots of specialized engineers to protect all of these organizations.â
Pressured by the unavailability of talent and the heavy burden of shielding every potential attack vector, organizations prefer to shop for protection outside instead of depending on an inhouse team.
âAssuming you have the budget and the resourcing for it, I think you sort of need that approach. The influx of threats, whether its phone lines being bombarded or servers being attacked or phishing coming in through email, I think you sort of need that full picture,â said Dennis Gotto director of IT Quality Assurance & Process Improvement at the Boston Childrenâs Hospital. âUnless youâre gonna hire an entire IT department of a 100 people that are dedicated to cybersecurity, youâre gonna probably have to rely on this vendors of automated cybersecurity solutions.â
For companies that feel vulnerable, casting their sights abroad is becoming a common trend, and thereâs a growing preference for Latin American talent due to time zone compatibility with North America, added Gotto.
âUnless youâre gonna hire an entire IT department of a 100 people that are dedicated to cybersecurity, youâre gonna probably have to rely on this vendors of automated cybersecurity solutionsââDennis Gotto
Talent is scarce in Latin Americaâs too, though. The cyber attack on Costa Rica and recent hits against other countriesâ critical infrastructure underlined the absence of robust digital barriers in the region, where experts point to the urgent need for the development of specialized cybcersucirity engineers.
âThereâs great cybersec in the area; the deficit can only be fixed with more opportunities, more options to grow and learn,â commented SalomĂłn Ocon, CEO at Costa Ricaâs GBT Techonolgies. âThereâs no time, though. In the meantime, outsourcing is an option. Cybersecurity is urgent in our region [Latin America and the Caribbean].â
Cybercrime is a Business, and Business is Good
Crime never sleeps, and cybercriminals seem to have been particularly active in the last couple years. Verizonâs latest report on cyber attacks shows that ransomware attacks in the US increased by 13% in a single year, a leap that surpasses that of the last 5 years combined.
The migration to remote work and the digital transformation thatâs underway for organizations all over the world multiplied the workload for firms like TagSec, said Jorge HernĂĄndez. Itâs open season for cybercriminals, who are getting craftier in their methods and more aggressive in their pursuits.
âThe cybercrime business grows day by day, and this is only the beginning. They [cybercriminals] are innovating more and more, because they have access to so many resources,â said HernĂĄndez. âWhat weâve seen in Mexico and other countries is that there are two types of organizations: the ones that have been breached and the ones that donât know it yet.â
Itâs no surprise then that some organizations are shopping offshore for cybersecurity. Then again, itâs not always that easy. Like it happens with the export of other digital services, regulations can make it difficult to pay for a service even outside of oneâs own locality.
âWeâre restricted to accounting practices within the province,â said Peter Holowka, VP of the Vancouver Chapter of Canadaâs CIO Association. âWeâre OK with hiring someone who might be in the same province, but outside of that province, the taxing gets a little more complicated. Unless we absolutely have to, weâre gonna hire internally.â
Governments are willing to catch up, nonetheless. The World Trade Organization (WTO) reported that its Joint Initiative on E-commerce found common ground earlier this year in their negotiatons on digital trade, which include provisions for cybersecurity. In December 2021, Singapore and the UK signed an agreement that focuses on cybersecurity and other matters pertaining to the trade of digital services.
Gloss