Latin America makes excellent target for cybercriminals

Cybercrime targets are diversifying. Once it was internet users in Europe and North America that appeared to bear the brunt of a lot of cybercrime. They were, after all, the more advanced users with the latest services like online banking, e-commerce, and social media, all creating a treasure trove waiting to be exploited. But things in Latin America have changed drastically in this time.

A UN report recently noted that developing countries are becoming increasingly online with broadband and mobile penetration higher than ever but the lacklustre quality of these services was exacerbating the digital divide between these countries and the developed world. At the same time, a 2016 study from the Inter-American Development Bank on the state of cybersecurity in Latin America laid out in no uncertain terms that the region was ill-equipped to deal with cyberattacks.

What do lacklustre services like those in the Latin American region mean when it comes to cybersecurity?

“For most security software companies, Latin America is an important but not critical market. Success is determined typically by the US first and EMEA second, with a couple notable exceptions,” explains Dimitri Sirota, CEO of data protection firm BigID. “While there are several reasons, one factor is, of course, that the pain is greatest in US, Europe and increasingly places like China: big corporations, large populations, heavy regulation, big tort liability.”

With an obvious divide in terms of internet and cybersecurity services, it potentially leaves the region and its consumers open to breach. “The world, for good or bad, is getting smaller. That is certainly true in the cyber world as well,” says Sirota, and we’ve seen more and more examples of this.

Taringa, a Latin American social networking site popular in Spanish speaking countries, announced it was breached by hackers in September 2017 with 28 million accounts reportedly compromised.

Security firm Palo Alto Networks has found specific malware campaigns targeting Brazilian internet users. The country is also one of the most infected countries for banking Trojans, according to another security evaluation.

The WannaCry ransomware outbreak in May of this year wreaked havoc on hospitals, businesses, and organisations around the world. Brazil was heavily hit and its government has since pushed ahead with a new contract with Microsoft to update its systems while Russian cybersecurity firm Kaspersky Lab has also been investing more money into Brazil, which it now sees as a key market.

Microsoft has committed more resources to the region by opening a Cybersecurity Engagement Center in Mexico, which will advise businesses and law enforcement alike on security best practice and preparedness. It will consult with the company’s US centre in a bid to eventually bridge these security gaps felt throughout the region.

“From what I have directly observed, organisations in Latin America want to do the right thing and shore up their cyber defences like their counterparts in Europe and North America,” adds Stephen Gates, chief research intelligence analyst at Zenedge.

However, implementing security solutions brings a lot of cost with it, especially in Latin America. In some cases, getting their hands on hardware incurs higher shipping and tariff costs than that of the hardware itself.

“By the time import tariffs, taxes, fees, etc. are applied to the imported cybersecurity technology, it’s almost double the cost of what organisations pay elsewhere. For example, doing a proof-of-concept can prove costly,” Gates says.

There needs to be a loosening of restrictions says Morey Haber, vice president of technology at BeyondTrust: “If I ship a virtual appliance, there are no duties. Therefore, changes need to occur in the economic need level and the ability for these countries to accept technology available from elsewhere in the world.”

Gates adds: “This is the perfect opportunity for Latin American organisations to take advantage of cloud security offerings that operate elsewhere. In this case, there is no hardware, thus there are no import tariffs etc., since organisations are purchasing a service, not a piece of hardware.”

There are still areas that Latin America is excelling at though, according to a number of security pros. James Stickland, CEO of biometric security company Veridium, suggests that Latin America could teach the rest of the world about biometrics.

“I would suggest that Latin America is the most advanced, mature, and accepting of biometrics in the world, and it’s being used effectively by enterprises and governments,” says Stickland. Biometric authentication has been deployed in ATMs in Brazil for example and the verification method is common for issuing documents in several jurisdictions in South America.

“The region has had its challenge with money laundering in banking and this is an assertive way to truly validate who you are and ensure all transactions and movements of finances can be measured for the benefit of the countries,” says Stickland.

However, if Latin America wants to avoid large scale attacks like those seen at Taringa, it will, like North America and Europe, need to shore up its defences with standards and regulations that force companies, organisations, and governments to take action or pay the price, much like GDPR in Europe.