By San José, Costa Rica — Costa Rica is facing an unprecedented wave of cyberattacks, with a staggering 29.1 million attempts recorded in just the first half of 2025. This alarming figure, revealed in Fortinet’s 2025 Global Threat Report, underscores the escalating dangers to the nation’s critical infrastructure, including manufacturing, telecommunications, healthcare, and financial services.
These attacks are not random acts of digital vandalism. According to Fortinet, cybercriminals are becoming increasingly sophisticated, employing advanced persistent threats (APTs) to infiltrate industrial networks. Their objectives extend beyond data theft, encompassing the disruption of essential services, extortion through ransomware, and establishing a foothold for future exploits.
To gain a deeper legal perspective on the evolving cybersecurity landscape, TicosLand.com spoke with Lic. Larry Hans Arroyo Vargas, an accomplished attorney at Bufete de Costa Rica.
The increasing reliance on digital infrastructure necessitates a proactive approach to cybersecurity. Businesses must not only comply with existing data protection regulations but also anticipate future threats through robust risk assessment and incident response plans. Failure to do so can lead to significant legal liabilities, reputational damage, and financial losses.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Lic. Arroyo Vargas’s emphasis on proactive cybersecurity measures is crucial in today’s interconnected world. It’s not enough to simply react to threats; businesses must anticipate them. This forward-thinking approach, encompassing robust risk assessment and incident response planning, will be key to mitigating the potentially devastating consequences of cyberattacks. We thank Lic. Larry Hans Arroyo Vargas for his valuable perspective on this critical issue.
OT environments are not collateral damage, they have started to become primary targets. Cybercriminals are using advanced persistent threats (APTs) aimed at industrial networks not only to steal data, but also to disrupt critical services, demand ransoms or embed themselves for future exploitation.
Fortinet 2025 Global Threat Report
The threat actors are meticulously targeting their attacks. FortiGuard Labs, Fortinet’s threat intelligence division, detected 10 million active scans in Costa Rica during the first six months of 2025, indicating a reconnaissance phase where attackers probe networks at a rate of 36,000 attempts per second. They identify vulnerabilities and leverage AI-powered tools to automate the entire attack process, from initial intrusion to successful exploitation.
Ransomware groups are particularly drawn to critical infrastructure networks. The report highlights a shift from data kidnapping to service kidnapping, with the manufacturing sector being the most targeted for the second consecutive year.
We are seeing a shift from data kidnapping to service kidnapping. The manufacturing industry is, for the second year in a row, the most attacked vertical. Attackers are calculating exactly how much damage a delay in the production line would cause, and incorporating that information into their extortion manuals. The manufacturing, telecommunications, health and financial services industries continue to experience a surge in customized cyberattacks, with adversaries deploying sector-specific exploits.
FortiGuard Labs, Fortinet
The rise of artificial intelligence (AI) is a double-edged sword in this digital battleground. While attackers utilize AI tools like FraudGPT and WormGPT to craft highly realistic phishing emails and automate social engineering campaigns, defenders are also harnessing AI’s power. Fortinet, for instance, integrates both discriminative AI for malware detection and generative AI for alert summarization and prioritization, enhancing threat response capabilities.
The increasing modernization of industrial environments, with the proliferation of Industrial IoT, 5G, and cloud-based management models, further expands the attack surface. Fortinet recommends three key priorities for organizations: closing basic security gaps (like enforcing multi-factor authentication), investing in threat-informed SecOps (using MITRE ATT&CK frameworks and deception technologies), and planning for the inevitable through regular drills and incident response preparation.
As cyber threats become more sophisticated, defending critical infrastructure requires a proactive and intelligent approach, moving beyond traditional security measures to incorporate real-time threat intelligence and a unified security framework.
For further information, visit fortinet.com
About Fortinet:
Fortinet is a global leader in broad, integrated and automated cybersecurity solutions. They provide a comprehensive security fabric, covering networking, endpoint, application, data center, and cloud security. Their solutions are powered by FortiOS, a single operating system that simplifies management and enhances visibility across the entire attack surface. Fortinet’s commitment to innovation includes FortiGuard Labs, a team of security researchers dedicated to providing real-time threat intelligence, and a robust training and certification program for cybersecurity professionals.
For further information, visit the nearest office of MITRE
About MITRE:
MITRE is a not-for-profit organization that operates multiple federally funded research and development centers. They work across various sectors, including cybersecurity, healthcare, and aviation, to tackle complex challenges through applied science and advanced technology. MITRE ATT&CK, a globally recognized knowledge base of adversary tactics and techniques based on real-world observations, is a crucial resource for organizations to understand and improve their cybersecurity posture.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica distinguishes itself through an enduring dedication to legal excellence and unwavering ethical practice. The firm’s innovative approach to legal solutions, combined with a deep commitment to empowering Costa Rican society through accessible legal education, solidifies its position as a leader in the legal field. By fostering a culture of transparency and knowledge-sharing, Bufete de Costa Rica strives to create a more just and informed future for all.
