San Jose, Costa Rica – This is more piece of evidence that Ticos many times will steal anything. In one of 10 public institutions of Costa Rica an employee has stolen information or had access to data that should not have. The fact was not recorded in any bank or ministry, but in several autonomous or decentralized institutions and in at least one university.
This is one of the main conclusions of a report by Vice-Minister of Telecommunications, entitled State of IT security in the Costa Rican public sector , and is based on a survey answered by 74 institutions. Made almost a year ago, the results were published a few weeks ago.
Santiago Nunez, director of Digital Technology, Ministry of Science and Technology (Micit), said that can not be excluded that at least some cases of theft have been linked to employees who sold private databases.
However, Nunez, who works at the establishment of what will be the official body of government computer security (the Center for Security Incident Response IT, CSIRT-CR), said he was not aware of any specific complaint in this regard.
The Office requested three weeks ago the judiciary information on complaints relating to data theft in public entities, but they have not responded.
“In the Micit we are not aware of any cases, but if you are in research, report it could harm the investigation,” said the official of the ministry.
An unauthorized person accessing a database, could not only extract the information and sell it, but change it to benefit or harm a third party.
For example, a university could modify records of approved courses and to facilitate a person’s graduation.
With the survey also reveals that 12% of institutions have had stolen or lost backup systems, ie computers that can have a copy of all information. In this case have been affected the autonomous, assigned and ministries, but not banks or universities.
“Despite this, do not really know what impact it is having data theft,” he said Nunez.
The survey does not delve into the causes of this phenomenon. For Nunez, in the theft or unauthorized access of information may be influenced from the official’s personal interest, to a lack of clear definition of who may or may not have access to certain data.