The promulgation of the new Cybersecurity Framework Law in Chile is a significant leap when we talk about protecting digital assets, which also allows us to better protect other assets not always considered, such as the reputation of the company or, in the In the case of people, their personal data.
In order to comply with the new regulations we must know its most important points. As a summary, we highlight some of its central aspects:
1. The law creates an institutionality ANCI, National Cybersecurity Agency, which will be in charge of the principles and regulations that will govern the cybersecurity actions of the State Administration bodies and the relationship between them and individuals.
2. The law gives the ANCI the ability to manage incidents, establish the minimum requirements for prevention, containment, resolution and response to cybersecurity incidents that are generated.
3. The law gives the ANCI the power to establish DUTIES and SANCTIONS. Establish the powers and obligations of both State bodies and private institutions that have critical information infrastructure, establishing control mechanisms and a system of infractions and sanctions.
4. The Law establishes who will be subject to it, they are organized into 2 groups: the Obligated Subjects and the Operators of vital importance. It is very long to explain each definition in detail, which I hope to delve into in another column.
5. The law establishes fines ranging from 5,000 UTM to 40,000 UTM depending on the severity and other factors, among which one of the most important stands out, the obligation to report any cybersecurity attack or incident, within a maximum period of 3 hours after the incident occurred (or at least from becoming aware of it), failure to report an event will trigger fines.
The usefulness of informing is to generate an alert to the rest of those involved, so that in a timely manner they take precautions about what is happening and by working together we defend ourselves in a better way.
To understand the need for a law like this, it is essential to understand the scenario that we have experienced in Chile when we talk about cybersecurity attacks and the impact in recent times.
First, one must consider the impact that the increasing digitalization of different services has had, the speed with which it has occurred and the extent of its implementation in businesses across all industries. This has expanded the exposed surface exponentially, which gives greater scope to Cybercriminals.
Chile is in 4th place among Latin American countries most affected by cyberattacks during 2023 with 21 Ransomware incidents, surpassed only by Brazil, Mexico and Argentina. (source Entel Digital). The most representative attacks include Social engineering, Phishing, Malware and Ramsomware.
In 2023, Chile suffered more than 700,000 Cyberattacks, according to a study by Cyber Threat Activity, Trellix; Other analyzes speak of more than 2 million attacks, depending on how they are analyzed and what the sources are. However, focusing on what is important, the Financial/Banking sector represents almost 50% of such attacks, 20% occur in the public sector and the remaining 30% occur in the rest of the industries.
It is necessary to specify that an attack is NOT ALWAYS nor does it necessarily have the purpose of obtaining monetary rewards, even though they are the most frequent, it must be clear that attacks also have intentions of a different nature, such as affecting the reputation of a company, stopping a service, cause a system crash or simply boast of having the ability to execute an attack that is more symbolic than harmful.
Another important point to keep in mind, which is not always visible, is to consider that the “profits” are estimated at several tens of trillions of dollars annually, we could easily think that we are facing an entire Cybercrime industry.
Taking into account the situation and factors described above, it is necessary to have a regulatory framework that allows us to adopt a clear defense strategy, in which we all protect ourselves and act in a united and informed manner in order to minimize the risks as much as possible. disastrous risks.
Just as individual penguins use their plumage, body fat and a unique circulatory system, when they group together they naturally exhibit crowding behavior, which allows them to mitigate the effects of the cold.
We could attribute the same intention to the Cybersecurity Framework Law No. 21,663: working on our security and cooperating as a team to mitigate the effects of cybersecurity attacks. We all help protect ourselves. It is necessary to explain in detail how we are going to act together, but that will be the topic of another column.
It should be noted that in the region, Chile is positioned at the top of the list in establishing this type of milestones, without leaving aside that on this issue and comparing ourselves with other regions in the north of the globe, we are still behind, but we are moving ahead. firm, adopting the measures and technologies that will allow us to take the necessary actions.
From the point of view of the capacity we have in Chile regarding the implementation of solutions and experts in Cybersecurity, even though we are lacking a lot, we can say, without hesitation, that we have quickly adopted the latest trends in available technologies and continue to raise the quality and number of our engineers.
Without leaving aside the fact that the new law is a great advance, it is also necessary to emphasize that its implementation will require time and a lot of effort, overcoming the difficulties that will appear along the way of applying this regulation.
A final point is the task that calls us all: to help consciously promote the law and promote its adaptation in all types of companies, regardless of their size and scope. Only together can we better prevent, as well as the penguins in Antarctica.
By Sleman Alcantar J, Observer Commercial Manager.
