When talking about the state of cyber security in Latin American companies, it is important to have a comprehensive vision of the region. During the last few years, after the Covid-19 pandemic, many countries have been subject to breaches and cyber attacks. While it is true that the transition to a remote work environment somewhat facilitated this growth, since most companies were not technologically prepared, there are other factors that make Latin America a preferred target for hackers. But why Latin America? What factors influence the increase in cyber attacks? What can companies and the general public do to avoid becoming victims of malicious hackers?
According to a recent cyber security report by Fortinet, during the first half of 2022, there were 137 billion cyber attack attempts registered in Latin America. The main type of cyber attack was ransomware attempts, which aim to encrypt a company's information and prohibit system access until a ransom is paid. These attempts doubled compared to 2021. The report identifies Mexico as having the most cyber attacks in the region, followed by Brazil and Colombia. This increase is not only in numbers, but in sophistication. New variants of this malicious program have been created, as well as “ransomware as a service” (RaaS), where developers sell or distribute ransomware to third parties (usually on the dark web) in exchange for a percentage of the profits.
Likewise, the 2022 report from cyber security software company ESET named Peru, Mexico, Colombia, Argentina and Ecuador as the Latin American countries where the most malicious attacks were detected. The report established ransomware, as well as viruses and trojans downloaded from the internet, as a constant threat with more than 2 million detections per year. Phishing (i.e., fraudulent messages sent by email, SMS and, above all, through social networks and messaging apps such as WhatsApp), appears to be a stable infection route over time, with an average of around 10,000 detections per day. On the other hand, in a report published by the company Kaspersky, Brazil stands out as the market with the most malware attacks, with 1,554 attempts per minute, followed by Mexico (298 attempts per minute), Peru (123 attempts per minute), and Colombia and Ecuador with 84 each.
It can be said that 2022 was a critical year for information security for both public and private Latin American companies, not only due to the increase in the number of attacks, but also due to their level of sophistication. Likewise, unlike the United States and Europe (with its General Data Protection Regulation or GDPR), data protection laws in Latin America are established by country, and are mostly outdated and designed for reaction, not prevention. This, coupled with impunity and the lack of robust state agencies or bodies dedicated to cyber security, makes it easy for cybercriminals to carry out illegal activities without significant punishments, making Latin America a preferred target for cyber attackers.
Prevention is the first line of defense against cyber attacks, though this is not common practice across much of Latin America. The statistics for attempted cyber attacks reveal that, for the most part, small- and medium-sized companies lack security measures on their employees' mobile devices, and that is precisely where many cyber attacks begin.
Given this outlook, companies must take the topic of cyber security seriously, focusing on prevention through protection and reaction. Companies should not only invest in technological tools to monitor and control threats, but must also constantly train their employees on how not to fall victim to attacks by malicious actors that take advantage of users’ lack of knowledge to extract information that could be used to carry out cyber attacks.
It is not intended that small- or medium-sized enterprises allocate all their efforts to cyber protection, which is unrealistic since in many cases companies do not have sufficient time or resources. Therefore, it is recommended that companies use third parties focused on the provision of cyber security services, including consulting, implementation, integration, maintenance and managed services. These types of organizations are growing in Latin America and their help is highly valued due to their experience and professionalism. Likewise, the acquisition of insurance in case of cyber incidents can help prevent the bankruptcy of any company, as the cost of cybercrime is immensely high and difficult to determine with precision.
In conclusion, the cyber security landscape in Latin America is worrisome. The number of threats and attempted cyber attacks will continue to increase, keeping the pressure on organizations to increase their defenses. The advancement of technology and artificial intelligence with generative models like ChatGPT will increase the sophistication of attacks, making them more difficult to detect. Organizations cannot afford to let down their guard and relax their cyber security efforts. Latin America is being targeted by attackers, and in the absence of specialized legislations, small- and medium-sized companies must seek advice regarding the threats and risks to which they are exposed in order to know how to properly guide or direct their efforts in technology.