Guacamaya Case - EMCO: A Cultural Problem

Much has been said about the cyber attack suffered by the Joint Chiefs of Staff (EMCO) which has involved the Ministry of Defense, the State Defense Council, the Armed Forces, and other entities.

As days go by, we learn that the Guacamaya Group's attack was successful due to basic integrity lapses in IT, such as patching servers and applications according to the manufacturer's recommendations. The experts' conclusion is unanimous: the attackers did not require high technical sophistication to exploit this vulnerability. This implies that the attack achieved its purpose due to a lack of information security culture, a much deeper flaw than the simple inability of a technical area.

The concepts of a security culture in IT are not something new; it is systematized as a concept in international certifications such as ISO 27001 and SOC 2, and it has some basic elements:

Everyone belonging to the organization is called upon to protect information, in accordance with the organization's policies. Additionally, those who are involved in day-to-day work are the first line of defense as they have the best visibility regarding potential weaknesses and attacks. Responsibility goes beyond the role or position one holds; best practices in this area promote that all members of an organization can report security breaches, without fear of retaliation. Leadership within the organization. Those in charge of cybersecurity are called to be true leaders, champions of the culture, promoting and communicating it at all times. It is this leadership challenge that our authorities now face. The long-term view should be to generate a unique state policy that coordinates the cybersecurity of the State.