Advanced cybersecurity controls at softwareONE Ecuador: strengthening corporate protection
DOI:
https://doi.org/10.51247/pdlc.v7i3.777Keywords:
advanced controls, corporate cybersecurity, data protection, phishing, ransomwareAbstract
The accelerated digital transformation process has exponentially increased organizations' exposure to highly sophisticated cyber threats. This article analyzes the current state of corporate cybersecurity at SoftwareONE Ecuador and identifies the main security gaps in the technology services sector in the country, where the average cybersecurity maturity of companies falls below 60%. Using a descriptive-analytical approach and specialized secondary sources, it proposes the implementation of advanced cybersecurity controls aligned with ISO/IEC 27001:2022 and NIST Cybersecurity Framework 2.0 standards, with emphasis on reducing vulnerabilities associated with phishing, ransomware and unauthorized credential access. Expected results include a significant reduction in vulnerabilities in the local technological infrastructure, strengthening of confidentiality, integrity and availability principles, and proactive compliance with Ecuador's Personal Data Protection Law. This work constitutes a methodological contribution applicable to subsidiaries of multinational companies with emerging operations in Ecuador
Downloads
References
Adebola , F., Ifeoluwa , W., Bunmi , S., & Viqaruddin , M. (08 de septiembre de 2024). Security compliance and its implication for cybersecurity. Obtenido de World Journal of Advanced Research and Reviews, 2024, 24(01), 2105-2121: https://wjarr.com/content/security-compliance-and-its-implication-cybersecurity
Almeida, F., Oliveira, J., & Cruz, J. (2024). Earlier decision on detection of ransomware identification: A comprehensive systematic literature review. Information, 15(8), 484. . Obtenido de mdpi.com: https://doi.org/10.3390/info15080484
Bezborodko, A. (2024). Cybersecurity threatscape for Latin America and the Caribbean: 2023–2024. Obtenido de global.ptsecurity.com: https://global.ptsecurity.com/en/research/analytics/cybersecurity-threatscape-for-latin-america-and-the-caribbean-2023-2024/#Navigation-1
Datta, P., Goyal, V., Shah, C., & Ghosh, A. (2025). A systematic review of voluntary cybersecurity standards and frameworks. International Journal of Information Security. . Obtenido de link.springer.com: https://link.springer.com/article/10.1007/s10207-025-01121-0
Foro Económico Mundial. (2023). Global Cybersecurity Outlook 2023. Obtenido de weforum.org: https://www.weforum.org/publications/global-cybersecurity-outlook-2023/
GMS Lexis. (28 de agosto de 2024). Ecuador enfrenta aumento de ciberataques mientras la inversión en ciberseguridad crece. Obtenido de lexis.com.ec: https://www.lexis.com.ec/noticias/ecuador-enfrenta-aumento-de-ciberataques-mientras-la-inversion-en-ciberseguridad-crece
González, C. (2023). Claves para el cumplimiento de la Ley de Protección de Datos en una empresa. Russell Bedford Ecuador. Obtenido de russellbedford.com.ec: https://russellbedford.com.ec/aplicacion-de-la-ley-de-proteccion-de-datos-en-una-empresa-ecuador/
International Organization for Standardization . (2022). ISO/IEC 27001:2022: Information security, cybersecurity and privacy protection – Information security management systems – Requirements. ISO. . Obtenido de iso.org: https://www.iso.org/standard/27001
IT ahora. (04 de junio de 2024). Presentación 5to. Informe Estado Actual de la Ciberseguridad Ecuador 2024: Sector privado. Obtenido de itahora.com: https://itahora.com/2024/06/04/presentacion-5to-informe-estado-actual-de-la-ciberseguridad-ecuador-2024-sector-privado/
ITU. (2022). Global Cybersecurity Index 2020. Obtenido de International Telecommunication Union: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
Luidold, S., & Jungbauer, A. (2024). Cybersecurity policy framework requirements for the establishment of highly interoperable and interconnected health data spaces. . Obtenido de Frontiers in Medicine: https://doi.org/10.3389/fmed.2024.1379852
Marican, M. N., Razak, S. A., Selamat, A., & Othman, S. H. (2023). Cyber security maturity assessment framework for technology startups: A systematic literature review. IEEE Access, 11, 5442–5452. . Obtenido de ieeexplore.ieee.org: https://doi.org/10.1109/ACCESS.2022.3229766
NIST. (2024). The NIST Cybersecurity Framework (CSF) 2.0 (NIST CSWP 29). U.S. Department of Commerce. . Obtenido de nvlpubs.nist.gov: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
Positive Technologies. (2024). Cybersecurity threatscape for Latin America and the Caribbean: 2023–2024. Obtenido de global.ptsecurity.com: https://global.ptsecurity.com/en/research/analytics/cybersecurity-threatscape-for-latin-america-and-the-caribbean-2023-2024/
Saphirtek. (2024). Ciberataques en Ecuador: alarmante aumento en 2024. . Obtenido de aphirtek.com: https://www.saphirtek.com/blogs/ciberataques-en-ecuador-alarmante-aumento-en-2024
Sarkar, A. D., Eroglu, B., & Baykal, N. (2023). Counterattacking cyber threats: A framework for the future of cybersecurity. . Obtenido de Sustainability, 15(18), 13369.: https://doi.org/10.3390/su151813369
Urgilés, C., & Ron Egas, M. (2023). Análisis de riesgos y amenazas de ciberseguridad en el Estado ecuatoriano. . Obtenido de Pro Sciences: Revista de Producción, Ciencias e Investigación, 7(49). : https://journalprosciences.com/index.php/ps/article/download/676/721/1791
World Bank Group. (2023). World Development Report 2023: Migrants, Refugees, and Societies — Digital Economy and Cybersecurity. The World Bank. Obtenido de The World Bank: https://www.worldbank.org/en/publication/wdr2023
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Henry Nelson Revelo-Quiñónez

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.








