Latin America. Digitalization in Latin America continues to promote financial inclusion through the development of fintechs and the adoption of technologies such as artificial intelligence and blockchain. However, entities in the sector face an increasingly fluctuating regulatory environment, which poses challenges in terms of compliance and security.
According to Oswaldo Palacios, cybersecurity specialist for Akamai Latin America, "this challenge is intensified in some countries in the region due to limited visibility on infrastructure, applications and digital assets, which compromises information security."
A study conducted by Forrester and commissioned by Akamai indicates that more than one-third of financial institutions are not confident in their ability to quickly detect and respond to vulnerabilities. In addition, 25% lack an accurate view of their current and future regulatory environment, while 50% struggle to communicate correctly to their compliance teams and auditors.
Regional regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR), have increased demands when it comes to data protection and security systems. "This regulatory pressure requires a two-pronged approach: regulatory compliance and cybersecurity. Only in this way will institutions be able to improve their operational resilience, have greater visibility of their digital assets and effectively mitigate risks," says Palacios.
The study also reveals that 88% of financial institutions have faced at least one significant cyber incident in the last 18 months, and 60% have incurred remediation costs arising from non-compliance.
In this scenario, Palacios stresses the importance of implementing RegTech solutions that promote compliance with various regulations in different jurisdictions. In addition, it underlines the relevance of API security, which allows "identifying, monitoring and auditing the behavior of APIs in real time", which provides visibility to detect risks and comply with regulatory frameworks.
Another strategy mentioned is micro-segmentation, which isolates critical applications and workloads within the network. "In addition to facilitating compliance with PCI and other standards, this technique provides detailed visibility at the process level, allows the creation of adaptive policies and ensures a robust security posture, ready for any audit," concludes Palacios.
