Attacks via banking trojans and social engineering techniques represent two of the most serious IT security threats currently plaguing Latin America, the global director of Slovakian antivirus and security software developer Eset's cyber threat analysis center, Paul Laudanski, told BNamericas.
The number of overall malware recorded in Latin America increased 50% last year, the executive said, citing internal Eset figures.
Social engineering is not new, but the prevalence of banking trojans targeting end-users has raised eyebrows among Eset's Latin American IT security team.
"The banking trojans seem to be a specialty, and have more of a focus here in Latin America," Laudanski said. "For banks, regardless of their size, the feedback that I've gotten from them is that it's an open field. Anyone has been game."
Banking institutions have beefed up institutional tools, but despite some advances in consumer awareness, end-users are still leaving the back-door open for such attacks.
Argentina, Chile and Costa Rica were recently placed on the "priority watch list" in the International Intellectual Property Alliance's 2011 report, and Laudanski said hackers are increasingly preying on end-users seeking pirated software.
"A lot of these target consumers, and may approach them from a social engineering perspective," he said. "Additionally, commercial software [purchased by consumers] may often be pirated. Extra problems come along with that... because they may be infected with malware."
On a positive note, Laudanski pointed out that Latin America has largely been spared from government-focused attacks that have recently hit countries such as France and South Korea.
CLOUD COMPUTING SECURITY "EXECUTION"
Cloud computing providers and their prospects have been grappling with information security issues for months, and the debate shows no sign of slowing down.
Data centers, end-user devices and the ICT infrastructure in between must be able to rebuff IT security attacks for cloud to work, but Laudanski noted that the correct strategy also includes "the security execution by the user."
"History has shown us that we can take the precautions and put things in place, but the weakest link will always be the person," he said. "There are ways to get through to the user who has access to a secure client, which can then get out onto the cloud. If that person is compromised - knowingly or unknowingly - then that can introduce a breach."
Data privacy and country sovereignty must also be weighed by firms interesting in putting their information in the cloud.
"You have to take a look at the data that belongs to a country, versus which country may have access to that data based on where it is located," said Laudanski, adding that he "didn't know" to what extent those questions are being addressed in Latin America.