A Region Under Siege
Government institutions across Latin America and the Caribbean are confronting a relentless surge of cyber intrusions targeting critical public agencies — a trend that significantly outpaces attack volumes seen elsewhere in the world. High-profile incidents in March 2026 struck Colombia's national health regulator, Puerto Rico's transportation department, and Mexico's government infrastructure, collectively painting a troubling picture of a region struggling to defend its digital public services.
According to data from Check Point Software Technologies, organizations in Latin America endured approximately 3,050 cyberattacks per week in March, compared to just over 2,000 per week for the average global organization. Government agencies fared even worse, absorbing nearly 4,200 attacks per week — roughly a thousand more than the cross-industry average.
Angel Salazar, security engineering manager for the Latin American region at Check Point, attributes this elevated targeting to structural characteristics of government networks.
"Government networks usually have constant exposure: public services that must stay online, older systems that are hard to replace, and many users coming and going. All of this creates a continuous attack surface, not something occasional."
March's Breach Parade: Mexico, Colombia, and Puerto Rico
The month of March became a sustained cascade of security incidents across the region. Early in the month, a hacktivist group reportedly compromised at least nine government agencies in Mexico with assistance from major AI systems, potentially exposing more than 195 million identities and tax records.
Colombia's health oversight body, the Superintendencia Nacional de Salud (Supersalud), disclosed in a March 27 notification that it had faced more than 23 million cyberattacks and probes during the month. The agency issued the statement in response to allegations that its systems had been successfully breached.
Meanwhile, Puerto Rico's Department of Transportation was forced to halt the issuance of driver's licenses following a cyberattack. The agency subsequently told media that the attack was ultimately unsuccessful, though the disruption to public services was real and immediate.
Who Is Behind the Attacks?
The threat landscape in Latin America is not monolithic. While financially motivated criminals remain the dominant force, the region is also contending with nation-state espionage operations and politically driven hacktivism, both of which have grown considerably in sophistication and frequency.
Camilo Gutiérrez, field chief information security officer for ESET's Argentina Country Office, draws a clear distinction between the two risk categories:
"For the daily operation of a government organization in Latin America, the most probable risk is still criminal, but for strategic management, the state-related or hybrid activity is not something small anymore and should not be ignored."
Tom Hegel, a distinguished threat researcher at cybersecurity platform provider SentinelOne, notes that Latin America has transitioned from being a secondary target to one of the most heavily attacked regions globally. Government agencies, he says, are consistently near the top of the target list.
Phishing, Infostealers, and a Credential Crisis
A mature banking-Trojan ecosystem and a proliferation of information-stealing malware have made credential theft one of the defining cybersecurity problems for the region. Hegel describes the scale of the problem in stark terms:
"The region has a massive exposed credential problem. Billions of credentials are circulating through Telegram channels and Dark Web markets. Infostealers harvest them, initial-access brokers package and sell the access, and ransomware affiliates buy their way in."
Email remains the primary vector through which malicious content is delivered. Check Point's Salazar notes that approximately 82% of malicious files in the region arrive via email, compared to a 56% rate globally. Phishing continues to be the most common method attackers use to gain initial access.
Beyond email, attackers are also exploiting publicly exposed services that support government functions and are necessarily connected to the internet. Many of these services run on aging platforms that are difficult to secure and maintain.
Legacy Systems and a Shortage of Skilled Defenders
The difficulties facing Latin American governments are as much structural as they are technical. ESET's Gutiérrez points to a persistent reliance on legacy technology as a central vulnerability, with many local government agencies running outdated systems they struggle to keep patched and current.
Compounding the problem is a severe shortage of cybersecurity professionals. Gutiérrez references a World Bank report that identified a regional gap of approximately 350,000 cybersecurity professionals. The human capital deficit has direct operational consequences:
"This is not just something abstract. Less specialized people means less hardening, less monitoring, and slower response times."
Check Point's Salazar echoes this diagnosis, describing the public sector's challenge as "more structural than technical, with older systems, uneven patching, small security teams, and complex supplier relationships all increasing risk."
Recommendations for Government Defenders
Despite the daunting scope of the challenge, security experts outline a set of practical priorities for government agencies in the region. Salazar recommends a layered approach that begins with the most prevalent attack vector:
- Secure email first: Given that 82% of malicious files arrive via email, hardening email infrastructure should be the immediate starting point.
- Continuously scan the external attack surface: Regular sweeps of externally facing systems can surface previously unknown vulnerable assets and allow organizations to address them before attackers do.
- Reduce data exposure: Since government agencies are custodians of sensitive citizen data, minimizing data leakage and limiting unnecessary data exposure is critical.
Salazar frames the overall imperative clearly:
"Government agencies in the region must maintain real-time visibility into what is exposed, understand what can truly be exploited, and prioritize remediation of the risks attackers are most likely to target."
A Structural Problem Demanding Sustained Attention
The events of March 2026 are not isolated incidents but rather symptoms of deeper, systemic vulnerabilities baked into the region's public-sector digital infrastructure. With attack volumes far exceeding the global average, a massive credential exposure problem, and a workforce gap running into the hundreds of thousands, Latin American governments face a cybersecurity challenge that will require sustained investment, institutional commitment, and regional cooperation to meaningfully address. The gap between attackers — who are increasingly mature and well-resourced — and defenders continues to widen, and the consequences are being felt by ordinary citizens who depend on government services every day.
Source: Dark Reading