Tuesday 20 November, 2018

Latin America and its place in global cybersecurity

When it comes to cybersecurity trends, many of the widespread problems are similar across different parts of the world.

From Canada to Japan, cybersecurity discussion circles around similar challenges, and Latin America & the Caribbean are no exception from this reality. But, as in almost every situation, there are particularities unique to each context. FortiGuard Labs’ threat intelligence reveals some tendencies companies in Latin America and the Caribbean should take into account to prevent massive cyberattacks in their businesses, including adaptation strategies and technologies.

The Need for Updated Security Infrastructure

The first pattern revealed in the region’s statistics has to do with the active lives of threats known as malware. The persistence of cyberthreats in Latin America & the Caribbean substantiates the urgent need to implement advanced technological solutions, considering the significant activity of threats that have been present in the market for years. One example is Shellshock, a piece of malware that remains a considerable threat in the region despite being several years old. This showcases how computer infrastructure is often left outdated or unpatched, leaving it vulnerable even to older attacks.

Another lesser known but still pervasive threat in Latin America & the Caribbean is website attacks. In fact, current attacks are made using Muieblackcat, a Ukrainian tool designed to detect vulnerabilities. This tool, based on the PHP programming language, scans for vulnerable websites and is used to launch attacks on specific targets.

 It’s important to note that there are a lot of PHP attacks happening in the region, meaning there are many servers using this technology. These sites, in addition to being infected, can also infect visitors. While service providers and IT professionals must think twice before using PHP code and ensure they are fully updated, customers should also seek to obtain the proper security settings to protect themselves as well.

The technological delay or lack of system updates and security patches translates into a greater vulnerability, not only to new threats, but also to older attacks that continue to take advantage of these gaps.

Android and Mobile Devices

The threat to mobile devices is real. If you look in the Latin American and Caribbean region, three of the ten most widespread malware attacks detected are on Android mobile devices. This was not the case a year ago, or even 10 months ago, but in January of this year, mobile technology accounted for more than half of malware detections in the Caribbean. We are witnessing a rapid change in the cybersecurity threat landscape, and this is a trend that will not disappear. We first began discussing these threats seven years ago, and they will soon overtake other priorities.

Of the total mobile malware detected in Latin America and the Caribbean during the first quarter of 2017, 28 percent is malware for Android devices, showing a quicker growth than other regions when compared to its previous number (20 percent)in the last quarter of 2016.

 A Shortage of Cybersecurity Professionals

A global problem is the lack of computer security professionals and specialists. In the United States alone, there are around 200,000 job vacancies for cybersecurity professionals. This is a very high number and an even bigger global problem,one also evident in Latin America and the Caribbean.

Companies find it difficult to maintain an IT department large enough to secure their systems, networks and customers when faced with a significant gap between industry professionals and the lack of necessary skills. The lack of training in this complicated sector has serious repercussions that can cost a business itscredibility. That is why today, more than ever, we must support and enable training programmes to properly instruct and specialize potential professionals in the region.

It is not surprising to find Latin America & the Caribbean still has a long way to go in terms of cybersecurity preparedness, especially when compared with other regions of the world. However, companies and organizations can start shielding themselves from these threats by upgrading their systems, further investing in their IT departments and implementing new technology solutions that provide broad, powerful and automated visibility and management.

The fundamental strategy all executives should follow to address cybersecurity threats begins with knowing the enemy—detection is necessary for prevention. By implementing advanced technology solutions, companies can know what threats are on their networks and devices in advance, allowing them to act proactively to ensure sensitive and customer data are not corrupted or affected by these attacks. Otherwise, companies become open targets, just waiting to be the next victim of cybercriminals.

 This article was written by By Derek Manky, global security strategist at Fortinet.

Comments