Cybersecurity: How well are Latin American banks protected against cyber attacks?

Inter-American Dialogue's Latin America Advisor asked Marcela Cristina Blanco, associate attorney in Diaz Reus’ Bogota, Colombia office: How Well Do Latin American Banks Protect Against Cyber Attacks?

Latin America Advisor:

More than half of Latin American financial institutions have experienced some type of electronic breach of their secure information within the past 12 months, according to a recent study by Deloitte. Financial institutions in Colombia and Peru have had the largest quantity of such incidents, while Guatemala and Mexico have had the fewest. Why have Colombian and Peruvian financial firms experienced so many attacks? How adequate are Latin American banks’ safeguards against such incidents? What additional steps should financial institutions in the region take in order to protect their information and their customers’ assets?

Marcela Blanco:

Colombian financial firms have experienced electronic breaches because of the low level of cybersecurity awareness, which precipitates unsafe online habits, causing vulnerable Internet users to be defrauded. Also, cybercriminals have become smarter, better organized and more persistent. Common gaps in IT security policies for financial institutions include malware, access to sensitive data using non-approved computer systems and an avalanche of new third-party business applications being downloaded to users hardware and institutional servers. The exponential growth of mobile devices also drives security risks. Every new smart phone, tablet, or other mobile device opens a new window for a cyber attack.

Insufficient police training on advance attacks and difficulties in preserving and examining digital evidence are significant impediments to stopping cybercrime in Colombia. However, the country is taking steps to combat it. First, Colombia approved a cybersecurity and defense policy in 2011, becoming the first country in Latin America to adopt a national strategy to tackle cybercrime. To improve cybersecurity, Colombian financial institutions must now know the channels through which all of their information assets are accessed. It is no longer sufficient to secure the IT perimeter; it is necessary to secure the data wherever it travels and wherever it lives. Second, management responsibility and accountability are typically dispersed and fragmented in financial institutions. Now, they must clearly define cybersecurity governance structures, including specific oversight responsibilities. Third, financial institutions are expected to extend security to the device level as well the application layer. And, finally, financial institutions must check and double check users' identity and implement stronger identity-management methods.

Early detection, policing and tighter security on financial transactions and procedures will eliminate some of the risk, but not all. We have much yet to do in our efforts to fight cybercrime.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Diaz Jr. - Diaz Reus International Law Firm | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.