In cybersecurity issues, Mexico is below countries such as Kenya, Sri Lanka, Brazil, Panama, Chile or Nigeria. According to 2022, Mexico’s cyber security index is 37.66 points out of 100, which places the country in position 84 out of 160 worldwide. These figures should alarm both government agencies and companies.
Ransomware, malware with which cybercriminals hijack data through file encryption that is released by paying a ransom, has become one of the cyber attacks that most affects Mexicans.
The study “The State of Ransomware 2022”, by Sophos, indicated that of 200 organizations in Mexico, 74% were victims of ransomware, paying an average of 482,446 dollars. Only in 2021, this type of attack
Cybersecurity experts say that, far from these cyberattacks disappearing, they are on the rise and both government agencies and private companies in Mexico have to protect themselves.
Cyber attacks on government agencies
In May of this year, the Conti Ransomware cybercriminal group attacked 14 government agencies in Costa Rica, including the Ministry of Finance, affecting customs, tax, and multiple financial systems.
This coup caused Rodrigo Chávez, the newly inaugurated president of the country, to announce a State of National Emergency, becoming the first country to declare this state due to a cyber attack.
Grupo Conti, including the Mexican Institute of Social Security, the Ministry of Finance and Public Credit, Petróleos Mexicanos and the Bank of Mexico. And although this group has already been dissolved, it does not mean that the cyberattack attempts will stop.
José Ramírez, commercial director for the cybersecurity services company Stellar Cyber, mentioned that the main motivation to carry out these government attacks is monetary and “in Mexico our hands are very tied (…) We are among the first three countries most attacked in world level and the first in LATAM”.
Omar Alcalá, director of cybersecurity for Mexico and LATAM at Tenable, added that although the monetary interest is there, there are also other attractive topics, “because it is not only a data hijacking, but it can also go against third parties (…) It is not just kidnapping information, but doing a double extortion so that they can monetize more”.
Mexico already has precedents in attacks on its public dependencies. Last year, Avaddon, the hacker group of Russian origin, among which budgets, financial reports and outsourcing practices were found for not having received the payment they demanded.
Another of the most emblematic cyberattacks that Mexico suffered was in 2019, in which hackers requested 565 bitcoins, or 4.9 million dollars, to free the affected computers of the oil company.
Other attacks include that of the National Insurance and Finance Commission, in 2020, .
Lack of budget in education, technology and cybersecurity
According to Ramírez, part of the problem is the lack of budget that has been invested in technology and development, both in infrastructure and in education.
revealed that, in 2018, only 0.41% of GDP was allocated to Science and Technology, with an investment of 60,219 million pesos.
And for the years after. In 2019 the amount allocated for this item was 53,424 million pesos, a year later it was 51,054 million and for 2021 it was 49,963 million.
These amounts barely represent 0.2% of GDP, a proportion that is far from complying with the precept set forth in article 119 of the General Law of Education, of allocating 1% of GDP for spending on higher education and scientific and humanistic research.
These figures are alarming considering that, in Mexico, there is one in science, technology, engineering and mathematics careers; same that increasingly become more necessary to meet the technological needs of the country.
On the other hand, this is especially alarming considering that, according to Alcalá, investments in cybersecurity have to be constant. “Cybersecurity efforts and strategies have to be constantly renewed, because what works today may not work tomorrow.”
