Data Protection Policies Based on Collaborative Security

Q: Mexico’s legal infrastructure for cybersecurity and data protection still has significant gaps. What areas of opportunity are pragmatically achievable in the short term?

A: Data protection is solid in the country but closing the gaps in cybersecurity infrastructure in the short term is too big a challenge, primarily because it largely depends on governmental leadership. This is an area of opportunity because the strategies and actions to address it are not even on the table. For instance, we just learned of a cyberattacked company that was scammed for MX$16 million (US$760,810) and a domestic worker who was scammed for MX$10,000 (US$475), which is well above her monthly earnings. These incidents demonstrate how everyone is vulnerable to cyberattacks and the country is not taking action to prevent it. If a decision was made today to propel the security of data and cybersecurity in general, it would still take a long time for its effects to materialize.

Unfortunately, there is nothing we can do right now to improve national cybersecurity. But by analyzing the previously mentioned cyberattacks, we have determined that the security gaps lay in a person’s lack of understanding or knowledge of cyberthreats. This demonstrates that leaders need to possess better knowledge of the management of cyberthreats, which is also the case for the country’s three political branches.

Q: What is missing from Mexico’s strategic national cybersecurity plan?

A: The National Cybersecurity Strategy came into force four years ago. In the current administration, only SEMAR outlined a strategy for its cyberspace, which was far from being a national strategy. For a strategy to work, it is necessary to include civil society, academia and the private sector but the current administration is already late on integrating these actors and in creating the strategy alone. What is missing is an updated National Cybersecurity Strategy but there are no signs of one being developed, which is a matter of a lack of political will. In the meantime, industry, academia and civil society should begin to develop a strategy to speed up the process and put their needs on the table.

CONSEJOSI is working with academia, the private sector and civil associations to identify the challenges and opportunities in cybersecurity. We want to become an international council and our first step is the manifesto we developed with these actors, which was introduced in late November and outlines a proposal for a National Cybersecurity Strategy for 2024.

Our doors are always open to those who want to join our efforts. They will join a community that is expert in cybersecurity, with large networking opportunities and access to specialized industry knowledge.

Q: What differentiates your proposals and work from other associations in the sector?

A: CONSEJOSI is a nonprofit, civil association. We collaborate with companies through collaborative security mechanisms for their supply chains and industries. Unlike consultancy services that help companies build a cybersecurity strategy, we help businesses coordinate with each other to boost their security following the principles of collaborative security. This works as a collaborative surveillance system operated by each company to strengthen their cybersecurity practices.

Q: What are your research efforts focused on and what gaps in cybersecurity should companies and regulators address first?

A: We focus on producing information and knowledge to contribute to legislative and regulatory processes, the design of public policies for data protection and national cybersecurity. We are working on a principles document to help legislate cybersecurity. We are also mapping actors and actions to elevate cybersecurity at a national level. Through these efforts, we can identify who can act to improve cybersecurity in the country and how.

Q: How can inclusion boost companies’ results in terms of security and what is your strategy to get more women involved in the field?

A: The global cybersecurity industry needs to double its workforce as those available now are insufficient to cover the present and future needs of the industry. Women are underrepresented in the sector and their presence can increase by four or five times. CONSEJOSI is promoting this industry in Mexican universities as a career.