Strategies for the new challenges of cybercrime
Season 5 Episode 08
Transcript
Juan José Ríos (Host): In recent years, the evolution of digital technologies has brought with it a significant increase in cyberattacks, affecting both end users and financial institutions.
According to Mastercard's most recent report, in 2023 alone, consumers in the United States reported losses of more than $10 billion due to fraud.
Welcome to Mundo Financiero Seguro, the podcast from Plus Technologies & Innovations.
My name is Juan José Ríos, and joining us today are:
- Carlos Leonardo, director of the National Computer Security Incident Response Team of the Dominican Republic.
- José Ruiz, Manager of Transactional Security and Digital Fraud Prevention at Plus TI.
Juan José Ríos: Carlos, what are the main challenges and threats facing users of financial institutions today?
Carlos Leonardo: Digitization and digital transformation have significantly increased users' exposure to cyber risks. Today, we use online financial services on a daily basis, often without remembering the last time we physically visited a bank branch.
Cybercriminals have two main motivations: financial gain and personal satisfaction. They take advantage of the increase in digital services and, above all, users' lack of knowledge.
One of the biggest challenges today is protecting users from themselves. We must understand that surfing the internet is like walking through a minefield: threats exist and are constantly evolving.
Juan José Ríos: Why are these threats so effective?
Carlos Leonardo: Because they exploit users' lack of knowledge and awareness. Many people do not perceive the risks in the digital environment in the same way they do in the physical world.
Attackers manipulate emotions such as urgency or pressure, using social engineering techniques. When ignorance is combined with emotional manipulation, it creates the perfect scenario for fraud.
Juan José Ríos: José, what are the latest methods used by cybercriminals?
José Ruiz: Most attacks exploit human vulnerabilities through social engineering: phishing and its variants, identity theft, ransomware, and extortion.
Today, these attacks have evolved. They incorporate artificial intelligence to generate more credible personalized messages, including impersonation through video or audio. We also see attacks such as:
- Corporate mail commitment.
- Investment or romance scams.
- Highly targeted and personalized schemes.
Although the techniques have become more sophisticated, the principle remains the same: manipulating the person into giving up information or performing a harmful action.
Juan José Ríos: Carlos, how is prevention managed at the national level?
Carlos Leonardo: In the Dominican Republic, cybersecurity has been adopted as public policy, placing citizens at the center of the strategy.
Our National Cybersecurity Strategy includes education, a culture of prevention, and public-private partnerships. The key is to raise awareness from the highest level down to the ordinary user.
Prevention begins with clear and consistent education.
Juan José Ríos: How should technological changes be communicated to users?
Carlos Leonardo: First, we must use language that is consistent and understandable at all levels.
It is essential:
- Avoid unnecessary technical jargon.
- Explain how the changes benefit the user.
- Communicate the risks of misuse.
- Use multiple communication channels.
A clear example is the evolution of authentication mechanisms: code cards, dynamic tokens, and multi-factor authentication. Each advance reduced fraud, but also required constant user education.
Juan José Ríos:
José, how can institutions reduce the risk associated with user vulnerability?
José Ruiz:
A comprehensive approach based on three pillars is required:
- Continuing education for employees and customers.
- Advanced technology for real-time detection.
- Collaboration between the public and private sectors.
It is essential to teach users to:
- Verify the authenticity of the contact.
- Do not act under pressure or urgency.
- Detect inconsistencies.
- Be wary of offers that seem too good to be true.
In addition, the technology allows large volumes of data to be analyzed and deviations from normal customer behavior to be identified.
Juan José Ríos:
How can we balance security and customer experience?
José Ruiz:
Security should not create unnecessary friction for legitimate customers.
Through risk-based authentication, biometrics, and continuous monitoring, we can generate friction only when there is doubt about the legitimacy of the transaction.
Security is also an added value, but it must be communicated properly so that the customer understands its purpose.
Juan José Ríos:
Carlos, what best practices have been implemented in the Dominican Republic?
Carlos Leonardo:
Since 2018, the financial sector has had specific information security regulations led by the Central Bank.
Best practices include:
- Multi-factor authentication.
- Data protection in transit and at rest.
- Real-time monitoring systems, including solutions such as Monitor Plus.
- Penetration testing and adversary emulation.
- Formal incident response teams.
Carlos Leonardo:
Some key lessons:
- Prevention is more economical than response.
- The human factor is always central.
- Security is not a product, it is an ongoing process.
- We must focus on resilience: no organization is immune to incidents.
Carlos Leonardo:
- Implement multi-factor authentication and biometrics.
- Real-time monitoring with AI and machine learning.
- Ongoing user education.
- Shared responsibility between institution and client.
José Ruiz:
- Implement predictive analytics and automation.
- Develop organizational and user resilience.
- Audit processes continuously.
- Integrate user-centered security.
- Evaluate and update strategies in response to new trends.
The ultimate goal is to protect data, preserve the customer experience, and ensure business continuity.
Juan José Ríos: Thank you very much to Carlos Leonardo and José Ruiz for sharing their perspectives and experiences.
The challenges posed by cybercrime are significant, but there are strategies and technologies that allow us to mitigate them. The first step is to stay informed and act proactively.
Thank you all for joining us on this episode of Mundo Financiero Seguro.
I'm Juan José Ríos.
Until next time.
