Alongside Private Companies, Agesic, Ceibal, and Antel Presented Key Challenges at a Cybersecurity Forum

The head of Agesic announced that the agency is working on several initiatives focused on education and training, including a potential public awareness campaign and a cybersecurity event in partnership with the Organization of American States (OAS). Additionally, representatives from Ceibal and Antel addressed other challenges within the same framework, such as transparency, budgets, and the increasing sophistication of attackers.

By Jeronimo Lopez

According to data from the Electronic Government and Information and Knowledge Society Agency (Agesic), Uruguay recorded a total of 14,264 cybersecurity incidents in 2024, of which only 0.48% were classified as "high" or "very high" severity. Compared to previous years, this figure represents an exponential increase that the agency attributes to improvements in detection tools, given that 4,968 incidents were recorded in 2023, 4,169 in 2022, and 3,948 in 2021. In this context, technology solutions company Isbel Connection convened a broad range of experts to present and exchange insights on the topic. The event took place on Wednesday at Magnolio Sala, and featured three panels in which a total of 12 guests participated. Among CEOs and CTOs from private companies such as Huawei, Itau, Nokia, and Isbel itself, there were representatives from government agencies including Daniel Mordecki, Executive Director of Agesic; Roberto Monzon, Security Strategy Manager at Antel; and Diego Russo, Chief Information Security Officer (CISO) of Ceibal.

During his participation, Mordecki stated that "information security problems are a cross-cutting reality that permeates all other types of crime" and, in this regard, criticized the practice of calling "criminals with no special technical skills or mystique" hackers. "Today, there is an entire vertical of crime that has migrated to the internet," he commented in reference to telephone scams conducted from prisons without any significant technical sophistication. To address the situation, the executive announced that Agesic plans to strengthen "awareness, training, and revive the Seguro te Conectas program," an outreach campaign created in 2014 with the goal of raising awareness about responsible internet use. Along the same lines, he recommended that "sometimes basic measures are sufficient" and that requiring a video call could prevent a scam or fraudulent transfer. He also commended Uruguay's international engagement on the topic and mentioned that they are planning to "organize a cybersecurity event with the OAS," following the joint delivery of an incident response course.

When consulted on the matter, Mordecki told CRONICAS that Agesic will provide training on two fronts. On one hand, to the general public through communication campaigns, where the possibility of launching a public awareness campaign is being considered, and through collaboration with the educational system to "introduce these topics" into the agenda. The other front involves "working with leaders so they understand that this issue concerns them, that they cannot delegate it to technical staff; rather, technical staff should provide them with information and tools, but strategic decisions are non-transferable."

The Perspective from Antel and Ceibal Monzon also stated that "Uruguay is the leading country in Latin America in the business of selling stolen credentials," and explained to CRONICAS the importance of transparency when receiving attacks. "Legally, you are required to report it, but moreover, failing to do so works against us because we cannot receive external assistance." "Sometimes secrecy is demanded, and that makes it impossible to leverage the experience of others to address a situation," he said. Regarding budgets, he noted in relation to human resources that "sometimes it is not just a matter of money, because even with unlimited funds there are not enough people to implement everything." He identified the greatest challenge as "deferred investment," which results in "a significant amount of infrastructure that has reached end of support or end of useful life." For his part, Diego Russo stated that at Ceibal they protect "the two most important assets: people and data," something that requires "an analysis of the information the organization manages" -- with the added complexity that this data is sensitive, as it belongs to hundreds of thousands of students who are attractive targets for attackers because they are "blank canvases with no background of any kind or credit history" -- in order to "know where to allocate resources, because the budget is not unlimited." "Ceibal makes technology available, and that must be accompanied by teaching the responsible and safe use of digital technologies," he commented.

Defense in Layers

Ana Karina Lucero, cybersecurity leader at the Uruguayan Chamber of Information Technology, addressed the desirable defense structure that organizations should consider. "In the first layer are the people who work on a day-to-day basis, who understand the operations and must be aware of the risks." In the second and third layers are "those who perform controls to ensure that security is carried out with order and oversight" and, finally, "the independent audit," respectively. Regarding talent development, Lucero expressed that initiatives are still lacking and that when education is considered, only two options emerge: "Either we train hackers in ethics, or we deepen secure development training for programmers."

"There must be a more cross-cutting foundational education at the career level so that the worker of the future arrives at the company with the proper groundwork," she stated.

Paysandu 926CP 11100MontevideoTel: +598 2902 1477

Av. Ana G. Mendez 1399, km 3PR 00926San JuanTel: +1 (787) 775-2100

Carmen C. Balaguer 10El Millon, DNSanto DomingoTel: +1 (809) 412-8672

Our Policies