The Cuban regime reported more than 2,600 cybersecurity incidents in 2023.

From January to September 2023, the state-owned company Empresa de Telecomunicaciones de Cuba (ETECSA) detected more than 2,600 cybersecurity incidents—a 70% of them involving individuals—, according to statements to CubaSí by Daniel Ramos Fernández, director of Digital Business of the Cuban monopoly.

The incidents were mainly associated with denial-of-service cyberattacks, the sending and receiving of unwanted emails, malicious traffic generated by harmful codes, service scans, and the exploitation of vulnerabilities that compromised websites and other computing elements.

“The incidents were associated with the occurrence of denial-of-service cyberattacks, the sending and receiving of unwanted emails, malicious traffic generated by harmful codes, service scans, and exploitation of vulnerabilities that have compromised websites and other computing elements,” explained Ramos Fernández.

70% of these crimes, related to individuals, included cyberbullying, identity theft, and scams through digital social networks and electronic payment channels.

Ramos Fernández emphasized the need to face these challenges with a culture of safe and responsible use of Information and Communication Technologies (ICT). “The main challenge for 2024 is the implementation of effective actions to create a culture of safe and responsible use of ICT among executives, specialists, and the population,” said the official.

In addition, internal problems in entities were identified, where violations of information security policies by IT security managers and users of these technologies prevail. Ramos Fernández detailed unsafe practices such as the use of weak passwords, visiting unsafe websites, and the lack of timely software and application updates.

Despite fostering censorship and disinformation on the internet, officials of the Cuban regime have ensured they are working to promote the responsible use of cyberspace.

In September 2023, the Communications Minister of the regime, Mayra Arevich Marín, pointed out the importance of bringing the population “a culture of risk perception and responsibility in the use of cyberspace,” during her participation in the program Mesa Redonda.

The official assured that the island’s authorities give “a high priority to this matter, due to the importance it has for the country to develop a secure internet, in which the population can also browse with less risk, and we can also protect children and young people.”

Arevich Marín, who for a decade served as the executive president of ETECSA, recalled that in Cuba there is the National Cybersecurity Group, led by the prime minister of the regime, Manuel Marrero, “which brings together various organizations and institutions to confront plans of subversion and destabilization mainly promoted from the United States, as part of its unconventional warfare against the Island.”

The Minister of Communications also stated that plans are underway to create a Cybersecurity career, “because one cannot have development of digital transformation without that discipline.”

Arevich Marín did not address in her speech the censorship imposed on free information on the island nor the slanders and fake news promoted from the internet and social networks by the so-called “cyberclarias,” which operate in the service of the Cuban regime.

In recent years, the American conglomerate Meta, parent company of Facebook, Instagram, and WhatsApp, has dismantled networks of fake accounts linked to the Cuban regime.

The cybersecurity protection of millions of Cubans depends on the management of state entities. Even today, there are evident security gaps such as official sites without security certificates, public platforms that did not include mechanisms for secure passwords from the beginning (such is the case with Nauta email) and state Android application installers without a platform that provides a warranty to confidently download them.

Sites that deserve maximum digital security, such as that of the Banco Popular de Ahorro (BPA), continue to operate without a valid security certificate. This places them in the sights of hackers, not only from Cuba but from around the world, as the domain in question can be visited from any location.

On the other hand, quite a few users have lost the balance of their bank cards due to poor management of payments in the applications EnZona and Transfermóvil, both Android software that allows paying services in MLC.