Latin American and Caribbean Cybersecurity Trends and Government Responses

In a connected world, a trade-off exists between enjoying the convenience that information technology (IT) offers and minimizing the opportunities its use presents to cybercriminals. Cybercriminals can, for instance, spread sophisticated threats by exploiting popular mobile devices and cloud applications to infiltrate high-value targets. They have made cyberspace a means to victimize the public.

Throughout 2012, global trends in illicit cyber activity showed how previously unknown threats evolved to become mainstream and a danger to all types of Internet users. Tools like the Blackhole Exploit Kit, automatic transfer systems (ATSs), and ransomware surged in use, employing better social engineering strategies, evasion techniques, and scare tactics.1 The all-too-familiar story of new technology hijacked for nefarious aims reemerged in 2012, as the growth of mobile threats ballooned at a much faster pace than those affecting normal computers.2 Pieces of Android malware rose from a thousand to more than 350,000 in the span of just one year.

Cyber incidents demonstrated the importance of staying up-to-date on global cybercrime trends, especially concerning the use of mobile and personal computing devices. Consequently, IT security specialists and cyberthreat analysts must render global averages into organization-, industry-, or region-specific statistics to determine how best to protect the sensitive information they keep. Failure to produce tailored threat analyses will skew critical data, keeping countries and businesses from designing and implementing effective cybersecurity policies and technical capabilities, thereby keeping citizens vulnerable.

Knowledge of the cyberthreat landscape and government responses in Latin America and the Caribbean is incomplete. Much of what is known about the region’s cyberthreat landscape is based on uninformed news reports and innuendo. Some sources show that banking malware was the region’s top cybercrime problem in 2011 while others judge that the biggest issue was multipurpose malware that compromised routers on a scale larger in Latin America than in any other part of the world.3 These divergent views show that more specific data is needed to accurately diagnose the threat to our citizens.

In collaboration with Trend Micro Incorporated, the Organization of American States (OAS) and its Secretariat for Multidimensional Security (SMS) would like to share this report to illustrate the cybersecurity and cybercrime trends in Latin America and the Caribbean. Information presented has been gathered through both quantitative and qualitative methods, drawing data from a survey of OAS member-state governments, as well as an in-depth analysis of global threat intelligence from honeypots and client-provided data collected by Trend Micro. Unless otherwise noted, graphs and tables use data that was collected by Trend Micro. The analysis and conclusions of this report only cover countries that responded to the OAS survey.