In the world every 17 seconds there is an alert of Cybercrime. However, it takes companies approximately 200 days to detect that they have been attacked. 2022 It has been a year of great challenges for cybersecurity since cybercriminals have shown that they are a threat to all sectors and a challenge for governments and users. 

The news about attacks and cyber threats to people and public and private entities are a constant. The most recent in Colombia was that of EPS Sanitas, but also that of Invite and the National Health Superintendency. 

At the international level, since the beginning of the year, there has been talk of cyberattacks in the conflict between Russia and Ukraine. The most recent, which grabbed the headlines, was the cyberactivism of the Guacamaya group that hacked the Mexican government and accessed millions of data and confidential information from that country's Secretary of Security. 

According to the survey Cyber ​​Threat Mindset Survey made by SonicWall, this year there have been more than 4 billion malware attempts worldwide, while ransomware attempts in 2022 have increased compared to previous years. 

It seems that cybercriminals are ahead of the rest of the world in attack methods, so the issue is no longer just government and big enterprises but of the users in general. Most attacks occur due to lack of education and prevention in the use of equipment and technological tools.

October was cybersecurity month, and World Cybersecurity Day is celebrated every November 30, a propitious moment to talk about the subject and see the current panorama regarding the threats that this 2022 leaves behind, but also the prevention measures that allow us to move forward.

Cybersecurity landscape in 2022

app gate, a company that offers cybersecurity solutions for people, devices and systems, presented its Fraud Beat 2022 report, a compilation of the most relevant figures from the global cybersecurity industry, its impact and strategies to combat fraud.

“We help organizations through technology and solutions such as zero trust, looking for the industry to protect itself and invest in cybersecurity and we can with security strategies help companies protect themselves against human error. Because no matter how much knowledge you have, we are human and you can be deceived, That is why we seek to help that user who does not know how to protect himself and exposes his own resources and those of his organization”, points out David Lopez Agudelo, Vice President of Sales for Latin America at Appgate. 

The report Fraud Beat 2022 revealed that the methods most used by cybercriminals and the objectives for which they attack organizations of all types and sizes: 

  • Phishing: These attacks account for more than 80% of reported social engineering incidents. The method requires little technical knowledge but has a massive reach and cash of which thousands of users continue to be victims, due to increasingly sophisticated and realistic strategies. In Latin America, it is estimated that more than 80.000 people are the target of identity theft scams, exposing personal and corporate information.
  • Stolen credentials: This type of information continues to be one of the main search objectives of cybercriminals, since in 100% of cases financial gain is obtained.
  • Ransomware: Data hijacking is one of the cyberattacks that generates the most impact on organizations. In 20% of cases they start with compromised credentials and it is practically impossible to recover from this type of situation. 

Currently these incidents can lead to large losses of money averaging $4.62 million per incident. In Latin America, the average number of data leaks was $2.56 million dollars, 52% more compared to 2020. 

  • Mobile Attacks: Devices such as cell phones or tablets have occupied an essential place in people's lives, which is why criminals have also focused on the use of mobile applications, text messages and QR codes of fraudulent origin to carry out cyber attacks. 

41% of mobile service companies have noticed an increase in incidents on these types of channels, and 23% reported an increase in the number of fake accounts posing as customers. 

Phishing, a common crime in Colombia  

El Phishing It became the main crimes during the pandemic for working from home, and in Colombia it is a modality that has been growing.“This is a huge problem, at some point it was thought that phishing was going to disappear but we are far from that. According to the Anti Phishing Group, the number of phishing attacks has tripled since the beginning of 2020.says David Lopez. 

According to Major Adrián Vega, from the Colombian Cybersecurity Capacities Center 'C4' of the National Police, since 2011 Colombia has been working on the identification, collection of evidence and prevention of this type of threat. According to C4, phishing attacks can occur every second and in a massive way. 

“We see that in Colombia since 2009 there has been an ascending trend line, we observe that the annual average of reporting this type of crime increases by 45%. If 2022 is compared with last year, we see an increase of 20%, we have brought more than 53.000 complaints to date ”


Prosecuting this type of crime is not easy, especially when it involves financial impersonation. The digital crimes They are already typified by the Penal Code. However, the Colombian justice system still does not have a clear operation route to protect victims of crimes associated with identity theft and impersonation in the financial sector.

From the Digital Evidence Laboratory, and in accordance with the Colombian judicial system, the evidence is collected to obtain information and facilitate the role of the investigator who takes on each case. 

In terms of prevention, work is being carried out with users, as there is evidence that the attacks occur with the help of the user due to ignorance and lack of digital hygiene. In addition, work is done on national articulation and international cooperation. 

Guacamaya, dangerous cyberactivism for companies and governments

After the notorious case of massive hacking carried out to the Ministry of National Defense (Sedena) in Mexico by the Guacamaya hacker group, which managed to leak about 6 terabytes of confidential information, cyberactivism entered the list of threats.

Although the Guacamaya describes itself as an activist and defender of the environment, a report by the Global Research and Analysis Team of Kaspersky, a cybersecurity company, reveals that the group it has become a threat to governments and companies in Latin America. 

According to Kaspersky, Guacamaya takes advantage of vulnerabilities in email servers to obtain confidential information, expose its victims in the press, and create reputational crises. This group has threatened to attack other governments in the region such as Chile, Brazil, Ecuador, Mexico, Peru and Colombia.

To protect themselves, organizations must update their servers. Kaspersky's threat intelligence report shows that the vulnerabilities exploited by Guacamaya in its attacks were identified as early as February 2021 and then fixed in September of that same year. 

However, the group's malicious activities intensified in 2022, indicating that organizations are not applying security patches to their systems, which would have allowed them to avoid the incidents reported this year. In the case of Guacamaya, the malware is used to steal (exfiltrate) sensitive data.

“We have to understand the context and the reality. Digitally we are overwhelmed, both users and public and private organizations regardless of size, that means that there are already and there will be many more attacks. The attacks are not more sophisticated -although there are- but they are more massive”


Colombia works on education and prevention

Faced with this threat, the question is whether Colombia is prepared for a similar attack. In the current context and taking advantage of the month of cybersecurity, the Council of American Companies (CEA) -articulating center that accompanies and supports the American business community present in Colombia- held a series of talks and training sessions with public and private entities to educate and prevent attacks. 

In the panel around cybersecurity, experts on the subject from affiliated companies such as Oracle e IBM, as well as representatives of COLCERT from the Ministry of Information Technology and Communications, the C4 of the National Police and the Cybersecurity & Infrastructure Security Agency (CISA). 

“We have a very robust security committee and since 1985 we have been the OSAC (Overseas Security Advisory Council) chapter in Colombia, a public-private alliance between the 2 countries created by the United States Department of State. What we do is collaborate with all the security committees of US companies established in Colombia and we exchange information there. We are connected with the authorities, the police, the armed forces, they receive information from us and we from them." points out Ricardo Triana, director of the CEA. 

Faced with the threat that Colombia may have in the face of hacking by groups such as Guacamaya, or those that happened to entities such as the Superintendency of Health or Invima, The Colombian Cyber ​​Emergency Response Group (COLCERT) of the ICT Ministry is providing regulatory support to achieve greater prevention and investment through public-private partnerships. 

“We are generating efforts from the different actors and responsibilities in various government agencies. From awareness, generating campaigns with officials to end users. We have worked to develop capacities internally in government entities in risk identification and above all in the implementation of the Security Management System”,


For the ICT Ministry, its digital government public policy seeks to strengthen work from digital education, in which officials and the general public are trained on how to protect the data and information of the entities. This education is also focusing on the youngest, so that from an early stage they have knowledge and awareness of threats.

“We must have awareness work, so that public officials are aware of the threats. A lot of regulations are required from the government that allows the sharing of judicial information. Investment is needed, although the technology goes further if it is not used by companies and governments, nothing is done. Children must be educated, they must be aware that they are a vehicle to reach information, we must educate and guide them”, points out Ricardo Triana.

Main Photo: Canva