Among the many challenges that financial institutions face, cybersecurity is undoubtedly located. With the increase in attacks, it is essential that banks, fintech and other institutions in the sector Take proactive steps to mitigate these risks and protect both your customers and your own financial stability.

In accordance with Deloitte, more than 60% of Spanish companies have increased their cybersecurity budgets in 2022. By industry, banking is among those that allocate the most resources to cybersecurity  (more than 30 million euros). Sectors such as insurance are among those that receive the most attacks, while regarding the typology of cyberattacks, the top 3 of common threats continues to be led by ransomware, malware and phishing.

Currently, finance and banking companies in Latin America They face a large number of cyber risks. In accordance with estimates from Kaspersky, the region has become a major center of financial threats globally, with malware attacks and phishing as the main vectors.

It is worth noting that in general, Latin American online threats are directed more at mobile devices that to computers and among the main targets of fraudulent messages are financial topics such as theft of Internet/mobile banking credentials, use of financial services themes to steal passwords and search for payment details (credit card).

Seen by country, Brazil stands out as the market with the most attacks of malware, followed by Mexico and Peru, then Colombia and Ecuador and behind Argentina and Chile. However, the biggest threat in Latin America is phishing, that is, fraudulent messages sent by email, SMS and, above all, through social networks and messaging apps such as WhatsApp. Once again, Brazil is the most attacked country, followed by Ecuador, followed by Peru, Colombia, Chile, Panama, Guatemala, Paraguay and Mexico. In particular, the signs The most worrying concerns are around new ways of propagation and design of banking Trojans and greater sophistication in evasion techniques, such as the use of camouflage techniques and scanning for region-specific vulnerabilities. 

Since cyberattacks can lead to serious consequences for financial institutions (including loss of data, interruption of services, loss of customer trust and possible legal consequences) It is not only vital that they implement robust and secure systems, software and authentication measures, but also that they target the encryption of sensitive data and plan incident response strategies that can minimize risks.

Likewise, as the general picture indicates that the cost of cybercrime worldwide has never been as high as today, companies - and fundamentally financial ones - They see the need to redouble their cybersecurity efforts, which is why it is vital that they are aware of how the threat scenario evolves.

By 2024, predictions indicate that cybercriminal groups, in general, They will diversify their game objectives and tactics, focusing on more sophisticated and disruptive attacks, setting its sights on denial of service and extortion.

The social engineering, psychological strategy par excellence for banking and data theft scams, will be the main weapon that cybercriminals will develop to attack companies and to get them to take actions or share confidential information in digital environments.

The other big trend is that criminal groups will continue to focus on smart devices without sufficient protection and they will exploit security flaws in programs that many other programs depend on, to achieve massive impacts.

As banks, financial institutions and fintech companies expand the number of platforms, applications and technologies they depend on for their daily business operations, Cybercriminals have more unique opportunities to discover and exploit software vulnerabilities, which could lead to more “zero-day” ransomware attacks that, if hacked, would have a significant reputational impact on businesses.

AI, the great protagonist

From the industry they agree that without a doubt the most important novelty is that cybercriminals They are going to take advantage of advances in generative artificial intelligence (AI) to craft fraudulent text messages, videos and audio that are expected to be increasingly convincing by collecting online data and sending it to LLMs (Large Language Models) specialized for AI. The  “AI as a service” will allow them to find accessible tools to fulfill their purposes, including improving phishing strategies and impersonation of specific people. 

The other side of the coin is that AI and machine learning will be widely used to protect data in hybrid cloud environments, through hidden data identification, encryption and early breach detection. Also in the case of malware detection and blocking, through the analysis of file characteristics, network traffic, user behavior and other indicators of compromise.

While it is true that many organizations are increasing their security controls and adopting new technologies and processes to strengthen their defenses, Cybercriminals quickly find new ways to achieve their goals. 

In this sense, it becomes increasingly necessary balance security with user experience, through actions such as risk analysis when multiple login attempts are made, user verification through behavioral data, and the use of biometric data or multi-factor authentication. 

Ultimately, as threats become more eminent and dangerous, companies must have the cyber resilience at the core of their business strategies, to achieve this, it is necessary to allocate technical and economic resources to strengthen their cybersecurity systems, understand the need to prepare even more strategically for generative opportunities of AI and have real-time threat control panels, essential for planning, tracking and reacting to attacks.