The GCA Cybersecurity Toolkit for Small Business is available in English, French, Spanish, and Portuguese. Implementation of its free tools substantially mitigates cyber risk, which is a prerequisite for regional digitization programs to meet their objectives.
On October 16, Internet Society Uruguay organized a virtual conversation with several Latin American experts on the protection of MSMEs (micro, small, and medium-sized enterprises), within the framework of the International Cybersecurity Awareness Month.
Cybersecurity, digitization and growth
Cybersecurity, a key element of digitalization, plays an increasingly central role in sustaining business health, economic growth, and job creation. SMEs and MSMEs, which account for 11.1% and 88.4% of all companies in Latin America, respectively, cannot be left on the sidelines.
Investing in cybersecurity —also for MSMEs— is crucial, both for its economic impact, with direct, positive effects on productivity, and for its reputational impact that translates into greater confidence among citizens, consumers, entrepreneurs, and even investors.
But this requires external resources and the necessary internal awareness within organizations.
Alejandro Patiño, from the Economic Commission for Latin America and the Caribbean (ECLAC), presented these dimensions, and noted that “there is a lot of opportunity to improve SME digitization programs, including the cybersecurity component”.
Businesses, as central social actors, must assume the role of mobilizing national economies. However, the cyber risks they face —ever-changing and creative, and sometimes highly damaging, as is the case with identity theft— make this task difficult.
From standards to a culture of cybersecurity
“In the case of larger companies, the challenge is twofold,” warned Carina Birarda, an expert advisor to organizations such as the United Nations Internet Governance Forum and the European Union’s ENISA, “since they must preserve their own peace of mind and offer their environments the peace of mind of having adequate standards for the security of third parties, such as suppliers and collaborating companies.”
The role of these standards or reference frameworks —soon to be a requirement also for some European SMEs, in the context of the NIS2 directive— was the focus of part of the debate, but also highlighted was the need to create an adequate cybersecurity culture, something that Guillermo Pereyra, from LACNIC’s CSIRT, and Mauro D. Ríos, secretary general of Internet Society Uruguay and moderator of the session, both spoke about.
In this regard, Laura Margolis, president of Internet Society Uruguay and director and business developer at Intersys Network, pointed out: “70% of our hosting clients still ask us to use easy-to-remember passwords such as ‘1234’, which is of no use in the face of credential theft: we need to work on training”.
A toolkit that hits the nail on the head
Alejandro Fernandez-Cernuda, Director of Engagement for the Global Cyber Alliance’s Internet Integrity program, closed the session with a presentation of the GCA Cybersecurity Toolkit for Small Business, sponsored by Mastercard, which provides free and effective tools to reduce cyber risk. The tools are carefully selected and organized to make it easy to find and implement cybersecurity controls to help small businesses defend themselves against cyber threats.
“Our toolkit hits the nail on the head of everything we’ve talked about so far,” he referenced. “It follows several of the most widely accepted standards in the SMB cybersecurity industry, including the Center for Internet Security Controls, and helps create a culture of cybersecurity by empowering its users, who are often initiated in the field thanks to our toolkits.”
The SME toolkit, available in six languages (including most of the official ones in Latin America such as Spanish and Portuguese), has a wide global presence, with visits from virtually every country and territory in the world. It has also proven to be a powerful ally in SME digitization and education programs, as demonstrated by its inclusion under the Mastercard Academy 2.0 Program making cybersecurity accessible for small businesses across Indonesia, and other projects about to be launched in 13 countries and territories in Asia.
Prevent rather than React
During the round of questions, the dreaded ransomware quickly came up, and the experts present recommended drawing up business continuity plans, adopting prevention and cyber hygiene measures, exploring resources such as the NoMoreRansom project and, above all, turning to the authorities in the event of an attack.
Precisely on the issue of prevention and cyber hygiene, a recent analysis by Tidal Cyber and the Global Cyber Alliance has shown that the implementation of the measures contained in the cybersecurity toolkit can prevent “up to 86% of [ransomware] techniques that allow initial access to the network or compromise the confidentiality, integrity or availability of data” of organizations.
About ISOC Uruguay Chapter
The Internet Society Uruguay Chapter is a non-profit civil association that evokes and promotes the values and interests of the Internet Society International.
The Global Cyber Alliance is an international nonprofit organization dedicated to making the Internet a safer place by reducing cyber risk. We build communities to deploy tools, services, and programs that provide cybersecurity at global scale.