The cybersecurity landscape in Colombia: how to face and recover from a cyber attack

Share this post:

In today's digital world, cybersecurity has become a crucial concern. Cyberattacks can have devastating consequences for entities and processes in Colombia, and it is essential to understand how they affect our nation. This is essential now more than ever, understanding that the cybersecurity crisis is worsening at high speed.

Proof of this is what happened on September 13, when the National Government of Colombia confirmed that one of its main technology suppliers was the victim of a serious attack of the type Ransomware, affecting the services of 34 state entities including Ministries, Judicial Authorities, Superintendencies and NGOs, in addition to many other private sector companies. The consequences did not make us wait. Hundreds of sites and microsites associated with the affected organizations were suspended, affecting the consultation of data and the completion of various procedures by citizens, especially in sites as crucial as the Superior Council of the Judiciary, the National Health Superintendency or the Ministry of Health.

Although the amount of information affected by this breach is not known for certain, it is true that the news once again opens the debate on the urgent need to strengthen cybersecurity in Colombia. This also implies that private companies seriously evaluate their level of preparedness against an attack of this nature. Not only is it critical to evaluate, update and/or strengthen internal cybersecurity strategies, but it is essential to ensure that you have a solid and robust Disaster Recovery Plan that allows you to face the uncertainty generated by security breaches.


On Wednesday, September 13, it was confirmed that the American multinational company IFX Network, with more than 20 years of experience in providing technological services and digital platforms, was hit by ransomware the day immediately before, affecting the availability of public company services and private, from at least 4 countries, including Colombia. Although IFX assures that its clients' data was not directly affected, they did announce that the authors of the attack, a cybercriminal organization called "Ransonhouse", are demanding a payment in cryptocurrencies to return access to the information.

In Colombia, entities such as the Ministry of Health and Social Protection, the Superintendency of Industry and Commerce, the Superintendence of Health, the Colombian Red Cross, the Superior Council of the Judiciary, the National Center of Historical Memory, the Ministry of Culture, the National Library, Constructora Capital, the Comptroller General of the Republic, among others, were the main victims of the cyberattack. This caused the entities' websites, microsites, and consultation services to crash, preventing access to thousands of users who use the consultation portals. Furthermore, the paralysis of judicial processes and the impact on health services are some of the most delicate consequences that are being faced as a result of this gap.

To confront this cybersecurity crisis, the national government announced the implementation of a Unified Command Plan in the company of IFX Network, through which it seeks to further investigate the incident, the impact caused to the entities' data and affected companies, in addition to seeking the safe and, in the shortest possible time, restoration of state services.

What is ransomware?

This situation has led the National Government, led by some congressmen and political figures, to speak again about the urgent need to strengthen and implement cybersecurity measures in the country. In addition, some seek to revive the project for the creation of a National Cybersecurity Agency, with which prevention, mitigation and recovery policies against cyber attacks are designed and unified.

However, this should not be a sole and exclusive effort of the Colombian government. It is essential that mixed and private organizations take seriously the security of your data and computer systems. What is happening with these entities is a clear example that a cybersecurity breach can occur when it is least expected and the impact it may have on data and computer systems can have serious consequences for institutions.

The current cybersecurity situation is clear: it is not enough to just prevent, it is also necessary to design mitigation and recovery measures after a cyberattack. This becomes especially notable if we look at the figures: a study carried out by Fortinet, a company specializing in cybersecurity solutions, during the first half of 2023 identified, only in Colombia, 5 billion cyber attack attempts, 13 times more than the second half of 2022. At the Latin American level, Kaspersky, a renowned cybersecurity brand for endpoints, reported that during the last 12 months it has blocked around 1.15 million ransomware attack attempts, which is equivalent to 2 blocks per minutes.

Likewise, according to analyzes carried out by the Digital Recovery Group, the average cost of an information rescue is $1.54 million dollars, doubling the amount compared to 2022.

Cybercriminals are unforgiving, any company and any person is a potential victim. It is in your hands to prevent and recover from a breach.

It is a malicious program designed with the purpose of “hijacking” the victim's information and services through their encryption. Subsequently, the author of the attack demands a payment, usually in cryptocurrencies so as not to be tracked, to deliver the key that allows access to the data again.

However, it is highly recommended that companies that are harmed by this type of attacks NO pay the money demanded by criminals for 2 fundamental reasons:

  • It will not guarantee that they will return your complete information.
  • It does not mean that the attackers will not repeat the attack in the future.

What measures to take?

Taking the case of IFX and the Colombian government as an example, it is key to have a solid and updated cybersecurity strategy designed, which is aligned with a Disaster Recovery Plan. This synergy facilitates better preparation for cyber incidents.

Below is a check list of the measures that each company must implement to face risk situations:


  • Train all users on cybersecurity, types and modalities of attacks and their consequences.
  • Implement cybersecurity solutions such as firewalls, endpoint protection, automated detection and response to reduce risks.
  • Keep software and firmware inventory up to date and install security patches.
  • Granularly control and minimize access to corporate networks and systems. Require two-factor authentication for critical services
  • Encrypt sensitive data.
  • Perform a full scan of computer devices and systems on a regular basis to detect potential vulnerabilities or risks.


  • Establish an incident response action plan, identifying possible risks and how to address them if they materialize.
  • Segment your network to decrease the chance of propagation.
  • Design a backup plan for your critical information, keeping them updated and stored on an external site preferably.


  • After the attack, check the integrity of your Backups and restore your data if it is secure enough.
  • Investigate what happened: origin, means, motives. This will allow measures to be taken to prevent it from happening again.
  • Communicate what happened to your stakeholders, not only for transparency but also to comply with legal data protection requirements.
  • Update and continue your user training plan.
  • Review your security policies, make any necessary adjustments, and evaluate their proper functioning.

However, it must be said that all these measures are insufficient if there is no commitment from all the actors involved in the operation of the company. Although IT teams are primarily responsible for ensuring that the cybersecurity strategy is functional and up-to-date, it is vital that the company's senior managers are aware of what is happening and, above all, facilitate the implementation of the necessary actions. investments in technological infrastructure, services and consulting that guarantee information security and business continuity. Consider aspects such as:

  • How would a cyber attack affect the continuity of our business and our reputation?
  • Are we complying with the cybersecurity regulations applicable in our sector?
  • Have we allocated enough budget and resources for cybersecurity?

It is essential to understand how cybersecurity is related to the strategic, financial and legal decisions of companies.

Likewise, collaborators must ensure that they are provided with complete information, means and tools to guarantee the integrity of the data, questioning:

  • Have we received cybersecurity training and do we know how to identify potential threats?
  • What is our responsibility as employees in the data protection and security of the company?
  • How can we contribute to creating, improving or strengthening a cybersecurity culture in the company?

With these perspectives, which go beyond the IT area, it is clear that the secret to addressing computer risks is not limited only to a DRP or a cybersecurity strategy, but is collaboration and teamwork where each one of the collaborators does their bit to protect the organization.

In today's digital world, cybersecurity has become a crucial concern that cannot be underestimated. Cyberattacks represent a constant threat to entities and processes in Colombia, and recent events, such as the ransomware attack on IFX Networks, which affected numerous state entities and private companies, are a wake-up call. The consequences of these attacks go beyond technological disruptions; They affect the lives of citizens and the operation of critical institutions.

This incident highlights the urgent need to strengthen cybersecurity in Colombia. The national government and private organizations must take serious and proactive measures to protect against increasingly sophisticated cyber threats. Collaboration between the public and private sectors is essential to address this growing cybersecurity crisis.

As highlighted, cybersecurity is not just about preventing attacks, but also about being prepared for mitigation and recovery after a cyberattack. Every company must have a solid and up-to-date cybersecurity strategy, as well as a robust Disaster Recovery Plan. Prevention, mitigation and recovery are equally important links in the cybersecurity chain.

The commitment of all the company's actors is essential. Senior managers must understand how a cyberattack can affect business continuity and the company's reputation, allocating appropriate resources for cybersecurity. Collaborators, for their part, must receive training and understand their responsibility in the data protection and security of the company.

In summary, Cybersecurity is not the sole responsibility of the IT team; It is a shared responsibility that encompasses all levels of the organization. Only through collaboration, investment in technology and constant awareness can digital assets be effectively protected and business continuity ensured in an increasingly digitalized and dangerous world.

Recommended Articles