Perceived as a country with a soft cybersecurity posture, Mexico continues to be at the center of concerted attack efforts by cybercriminals. Without a federal cybersecurity legislative framework in place, companies have had the autonomy to establish or disregard cybersecurity controls, placing consumer data at risk. However, after the high-profile cybersecurity breach of Mexico’s Ministry of National Defense (SEDENA), the federal government may be motivated to establish a national cybersecurity framework in 2023.
The aggressive onslaught of cyberattacks in 2022 made Mexico the country with the highest rate of cyberattacks in the region, a result of a soft security posture that caught many domestic companies off guard incurring millions in losses. It was an onslaught that was felt horizontally across Mexico’s industries, generating business awareness and cementing cybersecurity as a core business investment into 2022. Urgency led to an accelerated adoption of cybersecurity solutions, which initiated the rapid growth of cybersecurity companies and encouraged many more to expand into the country to tap into its burgeoning market potential.
Now recognized as a core business investment, business leaders have inflated their security budgets looking to protect both sensitive data and safeguard their reputations from a breach. However, at the same time, companies have been concertedly directing funds at accelerating their digital transformation roadmaps which have also incrementally expanded companies' risk surfaces. In other words, CISOs are caught in a seemingly endless balancing act, attempting to drive their organizations digital innovation interests while also protecting against evolving cybersecurity attacks.
On the other hand, while companies have garnered cybersecurity maturity, cybercriminals have evolved, developing new strategies in response to new security protocols. Nonetheless, people remain the most vulnerable security points for organizations, prompting more creative social engineering campaigns, a strategy that allowed for the theft of PEMEX employee credentials leading to the extraction and leak of private citizen information and operational data in July. Months later the SEDENA would be breached, speculated to be the result of a system misconfiguration that officials were aware of and ignored for months, according to leaked documents by the hacking group Guacamaya. The fissure resulted in the extraction of 6TB of sensitive national security operations, fragment’s of the president's medical history and evidence of human rights violations. After including the successful breach of CFE, it had become resoundingly clear that the state needed to take a more proactive cybersecurity stance.
At a broader, private sector level, there were approximately 464 million cyberattack attempts a day throughout the first half of 2022 in Mexico, according to an IQSEC press release. This data greatly surpasses the number of registered cyberattacks for the same time frame in 2021. Moreover, projections fully anticipate total annual cyberattack events to eclipse 2021 numbers. This is representative of a global phenomenon with cyberattacks increasing 42 percent of all incidents in the first half of the year, according to Checkpoint 2022 Mid-Year Report.
The main culprits?
Ransomware, an encryption type of malware, has demonstrated its ability to take on nation-states including Costa Rica and Peru which were both attacked by ransomware group Conti and led to a combined leak of almost 700GB of data from government agencies.
Malware, mainly used for stealing information, data and credentials, is increasingly accessible to nontechnical criminals to launch cyberattacks through pay-to-play services, giving way to an additional revenue stream to cybercriminals.
Fileless Attacks, which unlike malware do not rely on signatures, makes the identification of threats obscure, thereby forcing companies to augment their detection capabilities.
Phishing, the easiest type of social engineering attacks, serves to provide cybercriminals with the easiest access into company networks, a vulnerability amplified by remote work models.
This hostile panorama has motivated nation-states and cybersecurity companies to engage in greater interoperability and intelligence sharing to push back on an invisible non-state actor wreaking havoc on the global economy. Mexico has already established a Bilateral Framework for Security, Public Health and Safe Communities with the US “in line with the two countries’ shared commitment to an open, interoperable, secure and reliable Internet and a stable cyberspace,” according to a joint press release. A commitment that likely foreshadows the impending legislation of Mexico's Cybersecurity Framework and the development of a national strategy: an overdue piece of public policy.
On the private side, greater vendor consolidation is expected, a trend that will benefit clients’ ability to leverage the security of all of their tools from one platform for a more robust and cost-effective security posture.