A. M. 
Courtesy
ESET presents the 12 most relevant cybersecurity data of Latin American companies revealed in its ESET Security Report 2024.
ESET, a leading company in proactive threat detection, presents the results of the ESET Security Report 2024, its annual report that provides a regional perspective on the current state of cybersecurity in Latin America, exposing the main threats, the most common weaknesses and the measures needed to strengthen cybersecurity in organizations.
The ESET Security Report (ESR) is prepared on the basis of surveys conducted among professionals in the IT sector or linked to security, and complemented with data extracted from its own telemetry.
Some of the most relevant data in this edition highlights that 30% of Latin American organizations suffered at least one security incident in 2023, and that 1 in 5 companies could have been attacked without knowing it due to the lack of adequate technology to detect them. In addition, it is highlighted that 23% of companies suffered ransomware attack attempts in the last two years.
The most common threats detected
Of the detections registered by ESET in 2023 in Latin America, the most active malicious codes correspond to exploits for the CVE-2017-11882 (45%) and CVE-2012-0143 (36%) vulnerabilities in Microsoft Office, which already have patches available. Eighty-one percent of the attacks exploited these older vulnerabilities in Office.
“Over the last year we have seen several malspam campaigns using exploits targeting these two vulnerabilities. These campaigns were recorded on a sustained basis and in many cases propagated multi-purpose malware, such as Remote Access Trojans (RATs). The report also shows that there are detections for more recent vulnerabilities, both in Windows and Linux systems”, comments Camilo Gutiérrez Amaya, head of the ESET Latin America Research Lab.
Regarding ransomware, in 2023 this threat continued to be very active globally and in the region. Accordingly, the ESR showed that 23% of companies were the target of at least one ransomware attack attempt in the last two years and 96% said they were concerned about this threat. Finally, 86% of the companies surveyed would not be willing to negotiate a ransom payment.
What are companies doing to protect themselves?
Faced with this threat landscape, while 28% of the organizations surveyed considered cybersecurity a top concern, 62% consider their budget allocated to this area to be insufficient. With respect to ransomware, although 86% of companies would not be willing to negotiate the payment of a ransom, only 23% have insurance against all cyber risks.
In terms of the most widely implemented technologies, the following stand out: the use of firewalls by 88% of organizations, backup solutions (85%) and the adoption of VPNs (80%). As for anti-malware solutions, these technologies have an above-average adoption rate, with 64% of companies having this technology. On the other hand, 50% of companies claim to have a second authentication factor, which is an effective alternative to counteract the danger of using weak passwords (the cause of many of the intrusions into systems through brute force attacks).
Finally, with regard to education and awareness-raising actions, 77% consider themselves to be prepared to work remotely and securely. But, only 27% of employees consider that they receive regular training on security issues.
“The cybersecurity landscape in Latin America demands immediate attention from companies in all sectors. Attacks are becoming increasingly sophisticated, threats are diversifying, and gaps in protection are becoming more common. We hope that this report will contribute to improving awareness of the importance of cybersecurity for companies in the region” concludes Gutiérrez Amaya of ESET Latin America.
