The global dislocation caused by the coronavirus pandemic has led to a substantial increase in attempted cyberattacks, raising concerns for financial institutions in Latin America, which have been among the most susceptible to such attacks.
Big banks in Latin America are already seeing a surge in phishing and other related attacks, according to the region’s banking association.
“Expect more attacks,” Ofer Israeli, CEO of Tel Aviv-based security firm Illusive Networks, said in an email response to the questions. Mmost IT departments are now “Tense and distracted” by the load of employees working from home, Israel said, “opens up new risks and the potential attack surface expands. … More remote employees means more risk of human error ”.
In addition, some banks have relaxed security standards to maintain business continuity. “We have seen banks authorize transfers by email,” Sebastian Stranieri, CEO of Argentina-based VU Security, told S&P Global Market Intelligence. “It comes with a lot of risk. Even after assuming that the person’s email is in fact the real one.”
The most recent threats stemming from the pandemic are adding pressure on banking security systems in Latin America, which have long been viewed as vulnerable. In 2018, hackers stole around $ 10 million after launching a malware attack that shut down much of Banco de Chile’s network. That same year, cybercriminals targeted Banco de México’s interbank payment system to siphon between 300 million and 400 million Mexican pesos, compromising at least five financial institutions.
“We are seeing more and more attacks coming from other regions and targeting Latin America first because of its unique vulnerabilities,” Israel said.
Earlier attacks, along with many others in recent years, have prompted Latin American banks to step up their defenses. Most have increased their technology and software purchases, expanded their cybersecurity teams, and deployed additional layers of security. However, these efforts have yet to be tested under the unique circumstances presented by the current pandemic, with increasing demand from remote employees and customers seeking digital services.
The banking industry “was sort of prepared for something like this, whether it was a pandemic or a technology incident,” said Ghassan Dreibi, director of cybersecurity operations at Cisco Brasil, in an interview. . “But he never imagined he would have to deal with this level of [remote-working] Needs.”
In Brazil, for example, the top five banks employ around 500,000 people, the majority of whom now work remotely. At Banco Santander (Brasil) SA, which employs 55,000 people, “virtually everyone” works remotely, a spokesperson said. Others, such as Itaú Unibanco Holding SA, Banco Bradesco SA and Banco do Brasil SA, are in similar situations.
“Times like these are ideal for those who want to commit bank fraud,” Banco Patagonia SA, a subsidiary of the state-controlled Banco do Brasil, said in a note. Most see their remote employees, who now need to access corporate information beyond the banks’ internal firewall protections and monitoring, as one of their biggest security threats.
“This is why prevention has become so relevant,” Daniel Juvinao, director of Felaban, told S&P Global Market Intelligence, noting that most institutions have promoted threat awareness among customers and staff. Félaban too has set up a collaborative site for Latin American banks to share their experiences of incidents.
“Sophisticated cybercriminals will target the most vulnerable bank or the one that offers the highest return on investment, regardless of the country in which it operates,” Juvinao said.