Financial Crime World

Cybersecurity Threats to Financial Crimes in Paraguay: A Growing Concern

Introduction

In today’s digital age, technology is advancing at an unprecedented rate, making it increasingly difficult for governments and financial institutions to set regulatory frameworks that minimize exposure and ensure citizens’ cybersecurity. This article highlights the growing concern of cyber threats in Paraguay and the need for preventive measures and mechanisms for reporting, investigating, and prosecuting cyber attacks.

Common Cyber Threats in Paraguay

The most frequent cyber threats in Paraguay include:

  • Unauthorized access to accounts, systems or data
  • Malware
  • Scanning
  • Brute force attacks
  • Denial of services
  • System compromise
  • Spam
  • Scams

These threats expose citizens and financial institutions to a variety of illicit activities.

Regulatory Frameworks

In 2017, the Executive Branch drafted a National Plan on Cybersecurity with the aim of coordinating public policies in this area. However, despite its implementation, there is still no specific cybersecurity law in Paraguay.

The Ministry of Information and Communication Technologies (MITIC) is responsible for revising and updating the plan and operates the national computer emergency response team, CERT-PY.

Financial Institutions’ Response

Financial entities are frequent targets of cyber attacks, exposing their customers, employees, and assets to a variety of illicit activities. To mitigate these risks, the Central Bank of Paraguay issued a Security Manual for Financial Institutions in 2021. The manual requires financial entities to:

  • Create a monitoring center
  • Appoint a security department independent of the IT department
  • Implement an emergency plan
  • Perform risk assessments

Private Sector’s Obligations

The private sector had no legal obligation to report cyber incidents until last year’s Credit Data Law was enacted. However, the law omitted to set a notification process or minimum requirements for it to be considered valid and sufficient.

Despite this, the number of incidents reported to CERT-PY by the private sector is increasing yearly.

Collaboration between Public and Private Sectors

Collaboration between the public and private sectors is key to creating awareness and drawing emphasis on permanent education in new techniques and cyber threats. Cyber incidents may also be reported in light of criminal claims filed based on the perpetration of activities falling under the category of cybercrime.

Sanctions for Non-Compliance

In case of an infringement of local regulation, the applicable sanctions would depend on the nature of the infringement. Regulatory agencies may order the company or organization to:

  • Limit its scope of activity
  • Pay fines
  • Suspend its activities
  • Close down entirely

Importance of Compliance

Companies are beginning to understand that compliance with local regulations is not enough. A company’s name, image, and value can be severely affected if it does not adopt timely measures to impede or revert an attack.

Assessing cyber risk is key to a company’s reputation, particularly now cybersecurity has become an environmental, social, and governance issue.

Minimizing the Effects of Cyber Attacks

Attacks are inevitable, and minimizing their effects depends entirely on the capacity of a company to adopt good practices and adequate policies, besides complying with the legal framework. Companies of all sizes are aiming to improve their security standards by adopting strategic measures, some simple and others more sophisticated.

Several Paraguayan companies have embarked on the process of obtaining cybersecurity certifications.

By understanding the common cyber threats in Paraguay and the importance of compliance, financial institutions and the private sector can work together to create a safer digital environment.