Digital security is as relevant as physical security, since it not only puts sensitive information of people and organizations at risk, but it is also an issue that can put the country at economic risk, according to the group (ICS)2 .
that, exposed up to 6 TB of information, emails and sensitive information were found that even involve the president of Mexico, Andrés Manuel López Obrador. Given this, during the morning of September 30, the executive indicated that there were no cybersecurity experts in the country.
Are there really no cybersecurity experts in Mexico?
Until 2021, in the country there were about 200,000 people who are dedicated to cybersecurity. However, 400,000 are missing to help protect businesses and users, according to a survey conducted by (ISC)2 , an international non-profit organization that offers cybersecurity training and certification programs.
This translates into a greater risk of vulnerability, both for government organizations and companies. According to the study The State of Ransomware 2022 , carried out by Sophos, 74% of the 200 professionals from different organizations surveyed in Mexico admitted having been victims of this cybercrime during 2021. The following countries in the region are Chile (65% ) and Colombia (63%).
These figures become important when considering that, currently, there is a latent threat that has tested the response capacity of Costa Rica, where the Ministry of Finance, Labor and Social Security, the Fund for Social Development and Family Allowances and more were attacked. Recently, the systems of the Costa Rican Social Security Fund (CCSS) were affected. Similarly, in Peru, the Ministry of Economy and Finance and the General Intelligence Directorate were violated.
And the most recent case is what has happened with Sedena, by the group of , who have not only focused their cyberattacks on Mexican institutions, but also have a history of other attacks, .
What can be done in the face of these cyberattacks?
“If we talk about protection measures, those that are made up of programs, rules and technological monitoring are among the best known and most adopted. These help prevent or detect complex attacks, which do not necessarily require human interaction, such as exploiting a vulnerability or a distributed denial of service (or DDoS)”, points out in its report ESET Security Report, the company based in Slovakia.
That is why part of the protection strategies they propose is prevention, but also the constant updating of cybersecurity teams.
“Even with the best preventive and detective controls, the restoration of the company’s operations is necessary, knowing that the cybercrime market is growing every second. Policies such as those dedicated to incident response, as well as Backup technologies, are key to business continuity after an attack”, says ESET.
