As emerging markets race to join the digital revolution they are fast becoming a fruitful feeding ground for cybercriminals, who are preying on their security weaknesses and using them to launch attacks on the rest of the world.
The United Nations (UN) recently reported that shockingly only 38 percent of countries have a published cybersecurity strategy, highlighting a huge chasm between countries in terms of awareness, understanding, knowledge and the ability to deploy cybersecurity capabilities and programs "to ensure a safe and appropriate use of technology as an enabler for economic development".
The increasing use of mobile technology, the internet, online banking, ecommerce and social media have marked out developing countries such as Brazil, India, Zambia, Vietnam and Namibia as targets for cybercriminals who are singling out everyone from consumers to government and commercial organizations as a potential hit.
Due to increased cybersecurity and data privacy laws throughout developed countries, hackers are using emerging markets to test attacks and later launch them on wealthier countries with advanced defense strategies as it is much easier to protect their anonymity. The Wannacry ransomware attack, which caused more than 45,000 infected machines globally, was felt strongly in India which accounted for 5% of all infected machines, according to Kaspersky Labs. Hackers have also been known to test spear phishing attacks in French and English speaking African companies to iron out any flaws before launching the malware on advanced nations.
A recent report by the Inter-American Development Bank (IDB) and the Organization of American States (OAS), for example, highlighted the fact that four out of five countries in the Latin America and Caribbean regions have “potentially devastating” vulnerabilities. Two out of three countries do not have a command and control center for cybersecurity, for example, and the majority of prosecutors lack the capacity to punish cybercrimes.
While some countries such as Colombia, Jamaica, Panama and Trinidad are working to put cybersecurity strategies in place, although at varying degrees of maturity, others such as Costa Rica, Dominica and Paraguay are only just beginning the process.
Opening the doors to cybercriminals
The risks have grown as emerging markets have rushed to join the digital revolution, often without regard for security or viewing it as an afterthought. Latin America and the Caribbean region is now the fourth largest mobile market in the world and half its population have internet access. These risks will multiply with the advent of IoT, warns the IDB and OAS, if action isn’t taken now.
Consider El Salvador. It has a 30% internet penetration which is growing. However there are no awareness campaigns regarding the threats of cyberattacks, phishing and hacking and general public awareness is low. The private sector, however, has been quick to recognize its importance and is providing training for employees.
Barbados on the other hand has a much higher internet use rate, so you think would be switched on to cybersecurity. But you would be wrong. Around 75% of Barbados’s population is now connected to the internet, but cybersecurity stakeholders are still very worried that a large number of users are unaware of the risks and vulnerabilities.
Size of attacks increasing
Lack of security best practice awareness, user education and slow government enforcement of security policies are leaving these countries exposed. Earlier this year for example, Kaspersky Labs told of a large Brazilian bank which had its entire internet footprint taken over by cybercriminals. The name of the bank wasn’t released, but Kapersky Labs said it was a warning to organizations to consider the security of their Domain Name System (DNS).
Chain reaction attacks have also been seen in developing countries. Last year a Bangladesh bank saw hackers get away with $80 million by finding a weakness in its computer system that undermined the international money transfer system Swift. Software firm Symantec said it has evidence that the same malware was used to attack a bank in the Philippines and the Tien Phong bank in Vietnam. A fourth bank, Banco Del Austro in Ecuador was also reported to have been hit.
Hackers are increasingly operating from developing countries, taking advantage of weak or non-existent security strategies and ultra-cheap for-hire hacking skills on the dark web – which has become of global concern. And it isn’t going to stop anytime soon, unless nations pull together.
The UN, along with other stakeholders, is advocating more co-operation between the developed and the developing world to help train local cybersecurity experts and assist with cybersecurity strategies. Only time will tell if such collaboration will work – and as security experts acknowledge, time is at a premium.
Find out more about how Orange Business Services’ end-to-end security solution can protect your digital transformation across the globe here.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.