During the first half of 2023, more than 770 million attempted cyber attacks against Costa Rica were reported. The Ministry of Science, Innovation, Technology and Telecommunications (Micitt) reports an increase of 66% compared to the previous year.This is equal to 2,900 attempted attacks per minute against companies, public institutions, citizens, essential services and others within the national territory.
The existence of criminal groups that operate through the Internet and through technological tools puts the country, and the entire world, at a latent risk.It is estimated that when a cyber attack occurs, each minute represents losses of $1.5 million. This is without counting the moral damages, security, health and stability of the victims, cities and countries.During the first half of 2023, 23,000 cyber attacks were carried out in Costa Rica.
Investment allow us to execute a new strategy
Last Monday, November 13, the Government presented the National Cybersecurity Strategy, which was built in conjunction with the Organization of American States (OAS).
In an interview, the Minister of Micitt, Paula Bogantes, pointed out that the announced actions can be carried out for two reasons.First, because there are currently resources coming from two donations from the United States: one for $25 million and another for $9.8 million. In addition, it also has the contribution of the European Union (EU), through the Government of Spain, which represents 2 million euros.According to Bogantes, the sum of these donations becomes the largest investment that Costa Rica has made in cybersecurity.
The second reason is that part of the execution of the proposed strategy does not depend on the resources of the Micitt. Starting in 2024, Ministries and other State institutions must budget for at least one person who is an expert in cybersecurity within their payroll and for the maintenance of protection systems.
The strategy presented this past Monday includes 5 pillars:
- Optimize public investment and improve coordination between Government, industry, academia, society and the international community
- Adapt the Costa Rican legal framework considering evolving cyber threats
- Strengthen the protection of the technological infrastructure of institutions and national cyber resilience
- Educate and train to strengthen the capabilities of the cybersecurity ecosystem
- Build public-private alliances and exercise cyber diplomacy for a more secure, prosperous and open international order
The minister explained that in an initial phase they will subcontract a service from a center specialized in threat detection and defense of institutions. At the same time, the country would develop its own center that will come into operation in later years.
To meet this objective, a restructuring of the Micitt will be launched, through which a national cybersecurity coordination body will be consolidated. The plan is to formalize the creation of the National Cybersecurity Directorate by the beginning of 2024, where the 17 people they also intend to hire would work.Initial coverage will be 18 ministries and five essential services.
Not so optimal conditions
“What I do tell you is that there are some ministries that are in not so optimal conditions,” commented the minister.Due to this, ministries and at least 5 other public institutions must consider within their annual budget an additional item for cybersecurity, related to the updating and purchase of the software necessary for protection.These budgets would begin to be executed from 2025.
The minister said that they have also spoken with the Institute for Municipal Development and Consulting (IFAM) about the need for municipalities to also invest in this area, so that they do not represent a danger to the rest of the participants in the ecosystem.“Several municipalities are in non-optimal situations,” he added.
On the other hand, she said that they work with the National Apprenticeships Institute (INA) and with the BRETE strategy of the Ministry of Labor and Social Security (MTTS) to increase the available personnel with knowledge in cybersecurity.
Although recognizing that the country has reacted positively to this new market niche, she believes that there is still opportunity to grow both internally and, much more, on a global scale.