10 Answers to Your Cybersecurity Questions
1 – What is the purpose of LACNIC CSIRT, LACNIC’s Information Security Incident Response Team?
LACNIC CSIRT provides members with a point of trust for reporting security incidents and a safe and anonymous brokering environment for sharing information related to reported incidents. It also promotes the proper use of best practices in security.
2 – How can my organization report an incident to LACNIC CSIRT?
Our members can report incidents directly through the LACNIC CSIRT website: https://csirt.lacnic.net/en/incident-report
3 – What are the most common types of attacks and ongoing alerts?
Phishing (the theft of sensitive information) remains the most reported type of incident in Latin America and the Caribbean. An increase in malware (malicious software) has also been noted, with a growth of ransomware attacks (information hijacking).
Most security alerts are triggered by new vulnerabilities and/or by server and service configuration errors. An example of these are open nameservers (open resolvers) which can be used to carry out various forms of attack.
4 – Our computer security incident statistics:
5 – Did the number of IT incidents increase during the pandemic?
They did. The pandemic was an unprecedented event that helped cybercriminals implement criminal techniques to exploit the extraordinary conditions resulting from the increased use of the Internet. It also demanded new actions from computer security incident response teams.
6 – Can LACNIC help if I am involved in an attack or computer security incident caused by a third party?
If your resources are involved in a cyberattack, you can request collaboration through LACNIC CSIRT on how to mitigate security incidents. It is important to highlight that our cybersecurity team will not actively intervene in the operations of the systems of its constituency but will have a role in the coordination and brokering between the parties involved.
7 – How can I tell if I am undergoing a cybersecurity incident or cyberattack?
Managing the security risks of your organization’s information assets and critical systems is essential to implement proper protection measures. In addition, traffic should be permanently monitored, and logged events should be correlated.
8 – What courses and training activities does LACNIC CSIRT offer to help improve the security of my organization?
LACNIC CSIRT promotes a culture that considers the proper use of Information Technology, best practices, and training. Through the Amparo workshops, it offers members of its community training on how to create their own computer security incident response teams (CERT/CSIRT) and other topics related to security incident management.
Through its Campus, LACNIC also offers training on cybersecurity prevention, as well as security awareness webinars.
9 – What can I do to get involved in security?
If your organization has a CSIRT, we invite you to join the list of regional CSIRTs available at: https://csirt.lacnic.net/en/nuevo-csirt-de-la-region
We also invite you to participate in the CSIRT meetings that take place during our events and to apply to join the lac-csirts mailing list.
10 – What sort of help can the MiLACNIC platform offer in terms of cybersecurity?
The MiLACNIC Security Module provides information on computer security events involving your resources. This information is very important and useful, as it allows you to fix any problems in your systems and thus avoid potential attacks.
MiLACNIC Security Module video: https://youtu.be/D4jFFMMDDjM