Government organizations across Latin America and the Caribbean are managing a heightened volume of security incidents targeting critical agencies at rates exceeding global averages. Recent events include unauthorized access attempts against a national health agency in Colombia, a security incident affecting Puerto Rico's transportation department, and threat actors utilizing AI systems to target Mexico's government infrastructure.
In March, organizations in Latin America recorded an average of 3,050 security incidents per week, compared to a global average of just over 2,000, according to data from Check Point Software Technologies. Government agencies face even higher exposure, recording nearly 4,200 incidents weekly—approximately 1,000 more than the cross-industry average, notes Angel Salazar, security engineering manager for the Latin American region at Check Point.
Salazar explains that government networks typically experience constant exposure due to public services that must remain online, legacy systems that are difficult to replace, and high user turnover. Together, these factors create a continuous external digital footprint.
March saw several high-profile security disclosures in the region. Early in the month, unauthorized groups compromised at least nine government agencies in Mexico using major AI systems, potentially accessing more than 195 million identities and tax records. Colombia's health ministry, the Superintendencia Nacional de Salud (Supersalud), reported managing more than 23 million unauthorized probes during the month in a March 27 notification addressing system security. Last week, Puerto Rico's Department of Transportation temporarily halted driver's license issuance following a security incident that was ultimately contained, according to statements the agency provided to the media.
While financially motivated groups drive the majority of these incidents, nation-state espionage and politically motivated activity present growing risks, according to Camilo Gutiérrez, field chief information security officer for ESET's Argentina Country Office.
Gutiérrez observes that while the most probable risk for daily government operations remains financial, state-related or hybrid activity has grown into a strategic concern that requires dedicated attention.
Phishing and credential exposure
Latin America has transitioned into one of the most heavily targeted regions globally, with government agencies consistently remaining a primary focus, says Tom Hegel, a distinguished threat researcher at SentinelOne.
The region faces a mature banking-Trojan ecosystem and a rise in information stealers, which harvest credentials to support initial-access broker services.
"The region has a massive exposed credential problem," Hegel explains. "Billions of credentials are circulating through Telegram channels and dark web markets. Infostealers harvest them, initial-access brokers package and sell the access, and ransomware affiliates buy their way in."
Email serves as the primary delivery channel for unauthorized activity. According to Salazar, approximately 82% of unsafe files arrive via email in Latin America, compared to a 56% rate globally. Threat actors generally follow familiar paths, with phishing remaining the primary method for gaining initial access. Additionally, unauthorized parties actively look for exposed public-facing services connected to the internet, many of which rely on older platforms.
Structural challenges and paths to remediation
Securing legacy technology remains a complex challenge for many government organizations, often complicating patch management. Threat actors frequently scan for unpatched software, while local agencies work to maintain older systems, Gutiérrez explains.
Additionally, Latin American institutions face a shortage of skilled cybersecurity professionals and the operational capabilities required to maintain IT infrastructure. Gutiérrez points to a World Bank report indicating a regional shortfall of about 350,000 cybersecurity professionals. Less specialized personnel directly translates to reduced system hardening, gaps in monitoring, and slower response times.
Salazar notes that the public sector's challenges are often structural, involving older systems, uneven patching processes, small security teams, and complex supplier relationships.
To strengthen their defensive posture, organizations should begin by securing email environments, the most common entry point. Following this, continuous monitoring of the external digital footprint helps teams identify previously unknown vulnerable assets. Because government agencies act as custodians of citizen data, prioritizing efforts to reduce data exposure and minimize leakage is essential.
Salazar emphasizes that government agencies must maintain real-time visibility into their exposed infrastructure, accurately assess operational risks, and prioritize the remediation of vulnerabilities most likely to be targeted.
About the author
Robert Lemos is a veteran technology journalist with over 20 years of experience and a former research engineer. He has written for numerous publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five journalism awards, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. He analyzes industry trends using Python and R, with recent reports focusing on the cybersecurity workforce shortage and annual vulnerability trends.