Awareness of cyber security in Latin American corporations is high, and there is an increasing recognition among top level executives of the threats posed following a number of high-profile attacks around the world this year, FJ Gould, sales manager for Brazil and the Southern Cone with RSA, the security division of storage vendor EMC (NYSE: EMC), told BNamericas.
"As regards the security maturity curve, I see our clients in a good state. They have very well educated users, they understand the dangers. They understand that people are the perimeter, that they have to protect themselves in stages," Gould said.
Lower-level employees were in a better position than ever before to show the importance of security in ways that CEOs, board members and non-technical executives can understand, he added.
High-profile attacks on Sony and Nintendo this year have made those types of executives sit up and take more notice of security issues, and they are requesting security updates first hand.
Typically banks and government agencies have understood and taken most measures to avoid security attacks. But hackers, fraudsters and other types of cybercriminals are increasingly looking for other types of information that is not necessarily financial, Gould said.
"The recipe for Coca-Cola could be more valuable than a lot of bank accounts around the world, as could be certain chemical mixtures or data of oil deposits or methods of extracting copper," the executive said.
Many of RSA's banking clients want the company to implement its two-factor authentication product SecurID for home banking, to provide the maximum protection possible for clients; these banks are marketing the product as a differentiator from competition.
TRYING TO CREATE AWARENESS
Besides selling security products, RSA was also the victim of one of the most high-profile security breaches at a company this year.
In mid-March, RSA was hit by a breach that compromised the SecurID product. The company described the breach as an "advanced persistent threat" (APT), implying that a group with vast resources had targeted RSA over a long period of time.
According to RSA, the attackers gleaned information from a group of RSA employees by searching social networking sites and then enticed them to open messages using phishing e-mails containing personal information.
Once in the system, the perpetrators were able to seek accounts with higher access privileges than the person originally duped and then could extract the SecurID credentials from the network.
RSA has downplayed the likelihood that the stolen information could be used to steal from a customer. However, in May, defense contractor Lockheed Martin's network was attacked by hackers who reportedly used duplicate SecurID electronic keys.
RSA has been touring different countries around the world, including Latin America, to engage in conversations that help create awareness about APTs.
"We want to lead the discussion. This type of attack is happening to many. There needs to be more information sharing to fight these types of threats," Gould said.