An evening panorama of Medellín, Colombia. Source: Flickr.
While the benefits and opportunities that technology and digitization have reaped for Colombia are undeniable—for example, for the innovation in commercial, productive, and scientific search, as well as making more agile several production and institutional processes, there are still very significant human elements that make its systems vulnerable to cybersecurity threats, espionage and breaches of information. These challenges translate into additional costs for adapting and creating essential infrastructure to mitigate potential risks. In terms of keeping Colombian public and private institutions safe from cyber criminals, the country is not in a great place. As the country’s dependence on technology grows, it is hampered by security challenges. As Colombia contemplates opening the 5G spectrum for auction in 2023, the country must address these security challenges or face greater challenges in the future.
In 2021, Colombia placed sixth globally with the most ransomware attacks, with over 11 million threats detected. This statistic shows the risks public and private institutions face and why implementing cybersecurity protocols must become a priority. Given the increase in cyber-attacks and cybercrimes, companies will likely increase their investment in cybersecurity infrastructure and their development and implementation programs. During that year, four Colombian state entities were hacked. Invima and DANE were victims of ransomware and recovered the operation of their servers through the help of the authorities and technical teams. Similarly, the military forces and the prosecutor’s office were victims of a leak by the Guacamaya group, a hacktivist organization with political motives in an ongoing campaign to discredit extractive-sector companies and the armed forces of several Latin American countries. In Colombia’s case, the leaked information corresponds to more than five terabytes of data (or about 38,000 files), with information on controversial cases, such as army and police wiretaps, Odebrecht, and Iván Márquez and Jesús Santrich, among others. As long as public opinion perceives interference by companies in politics, companies that want—even legally—to make contributions to electoral campaigns or political parties will be exposed to reputational risks.
Source: 2022 SonicWall Cyber Threat Report.
State entities at the national and local levels need to improve and implement protocols and public policy initiatives on cybersecurity. This is all the more important considering that many of the prosecutor’s in Latin America are not trained to address these crimes. Due to complexity of cybercrime and its continuous evolution, it is likely the law will continue to lag one step behind. The attacks on critical, confidential information suggest that no institution is safe and highlights the concerning cyber vulnerabilities in the country. Furthermore, attacks indicate that investments in cybersecurity are insufficient. If new cybersecurity protocols or the update of digital legislation or standard are not implemented, cybercrimes will likely continue to occur more frequently, affecting the entities in question and other actors related to them.
Decree 338 of 2022 represents the latest regulatory push to strengthen the government’s response to cybercrime. It allows public entities to prevent and manage risks of cyber incidents, improve digital security governance, and identify critical cyber infrastructures. It also formalizes the scope of the Cyber Incident Response Teams (like ColCERT and CSIRT), which are the government entities responsible for addressing national cybersecurity. Despite these advances, the country has a weak legal framework and little training in cybercrime management and investigation—compounded by insufficient institutional knowledge regarding incident reporting. This increases risks to those who share private information with the affected government entities, including risks of service unavailability, operational pauses, and financial losses.
The Road Ahead for Tech in Colombia
Increased hacks and attacks will make data protection a priority for companies. This means that demand for cybersecurity software will grow and with it demand for Colombian IT technicians, coders, and software engineers, that are, according to Procolombia, recognized internationally for their high human talent capacity and innovation. This sector is growing in Colombia, following a significant effort from the prior government to turn the country into the “Silicon Valley of Latin America,” which has meant additional foreign direct investment in the sector and greater technology related exports . The Trade Ministry registered software and IT services’ exports for USD 218.8 million in 2021—33 percent more than in 2020—with Uruguay, the United States, Panama, Mexico, and Costa Rica being its main buyers, suggesting growth over the last two years.
Despite some encouraging signs, Colombia continues to face a growing shortage of skilled digital workers. Currently, there is a deficit of 80,000 employees and, according to MinTic calculations, by 2025 the country will have a digital talent gap of between 68,000 and 112,000 software developers. It will be a challenge for both the government and private sector to train and promote personnel to meet the increasing demand for IT services in the short term. As a human capital-intensive industry, this is also an opportunity for job creation that the Petro administration cannot ignore.
Among the Petro Administration’s new tasks is to tender Colombia’s 5G networks in the first semester of 2023. The tender will be more than just a contract bidding, considering China and the U.S. are fiercely competing on the global stage for additional control of digital broadband. The U.S. will frown upon Colombia awarding the bid to Huawei or ZTE, both of whom have a presence in Colombia, and both of whom are sanctioned by U.S. and European authorities. If the Petro administration does not begin to get its digital ducks in a row, the U.S. or China could exploit the country’s existing digital vulnerabilities to their advantage.
In short, the tech sector has gained increasing importance in Colombia’s economy. However, our analysis suggests there are many opportunities for growth and development but also many challenges which will make it difficult for Colombia to take full advantage of all the sector’s benefits. The increasing potential of the IT and software industry, and cybersecurity demand becoming more and more prominent are just a few examples from which Colombia could benefit. Colombia will need to take a step further to mitigate or reduce its digital vulnerability. Thus, to have a safe virtual environment for citizens and companies, both the private and public sectors will need to strive to seek new legislative bills that address the high level of complexity of cybercrime and the risk of legal loopholes to prosecute cybercriminals.
Sergio Guzmán is the Director of Colombia Risk Analysis, a political risk consulting firm based in Bogotá. Follow him on Twitter @SergioGuzmanE and @ColombiaRisk.
Mariana Silva Moncayo was an intern at Colombia Risk Analysis and is a current undergraduate student at Universidad del Rosario. Follow her on Twitter @mariana_sm_.
This piece was adapted from Colombia Risk Analysis’ most recent sector report on the technology sector, read the full report at https://bit.ly/SectorRiskTechnology2022.