Financial Crime World

Cybercrime Spreads its Wings in Paraguay’s Finance Sector

=============================================

The rapid growth of technology has brought about numerous benefits, but it also poses significant risks. Cyber threats are on the rise, and Paraguay is no exception. The country’s finance sector, in particular, has been a frequent target of cyber attacks.

Common Types of Cyber Attacks in Paraguay

According to data from the National Plan on Cybersecurity, unauthorized access to accounts, systems, or data, malware, scanning, brute force attacks, denial of services, system compromise, spam, and scams are among the most common types of cyber attacks in Paraguay.

Efforts to Regulate Cybersecurity

In 2017, the Executive Branch drafted a National Plan on Cybersecurity to coordinate public policies and prevent cyber attacks. However, despite efforts to regulate cybersecurity, there is still no specific law governing the issue. The Ministry of Information and Communication Technologies is responsible for revising and updating the plan, but it remains a work in progress.

Vulnerability of Financial Entities

Financial entities have been particularly vulnerable to cyber attacks, with customers, employees, and assets at risk. To mitigate these risks, the Central Bank of Paraguay issued a “Security Manual for Financial Institutions” in 2021, which requires financial institutions to:

  • Create monitoring centers
  • Appoint security departments
  • Implement emergency plans
  • Conduct regular risk assessments

Reporting Cyber Incidents

Until 2021, there was no legal obligation to report cyber incidents, but this changed with the introduction of the Credit Data Law in 2020. The law requires data controllers to notify the regulatory agency of any data breach incident, although the notification process is still pending regulation.

Collaboration and Awareness

Despite the lack of legal obligations, the number of reported incidents by the private sector has increased yearly. Collaboration between the public and private sectors is crucial for creating awareness and promoting permanent education on new techniques and cyber threats.

Consequences of Cyber Attacks

Cyber attacks can also be reported in light of criminal claims filed based on the perpetration of activities falling under the category of cybercrime. The National Police and Prosecutor’s Office have created specific departments to investigate and prosecute infringements carried out in the digital sphere. In cases where local regulations are breached, applicable sanctions may include:

  • Limiting company activities
  • Paying fines up to $1,785,800 for Central Bank Law violations or approximately $650,000 for Credit Data Law violations
  • Suspending activities
  • Shutting down entirely

Importance of Cybersecurity Compliance

Companies are increasingly recognizing that compliance with local regulations is not enough. A company’s reputation can be severely impacted if it fails to adopt timely measures to prevent and respond to cyber attacks. Assessing cyber risk is key to a company’s reputation, particularly in the current era of environmental, social, and governance concerns.

Strategic Measures for Improved Security

In light of these challenges, Paraguayan companies are working to improve their security standards by adopting strategic measures such as:

  • Minimum password requirements
  • Privacy policies
  • Cybersecurity certifications

As cyber attacks become increasingly sophisticated, it is crucial for companies to stay ahead of the game and prioritize cybersecurity.