Mexico is failing to address cybersecurity vulnerabilities

Technological infrastructure in Mexico has soared in the past two decades. Earlier this year, the Wilson Center reported that only 5% of Mexicans (about 5 million people) had Internet access in 2000, but that number now stands at 48% (about 62 million people).

This increase in Internet access has greatly benefitted Mexican businesses. It has the thirteenth largest economy in the world, and is reportedly on pace to challenge the top five countries by 2050. However, this growth comes with greater exposure to cyber threats and a responsibility to put in place measures to mitigate the risk – something Mexico has failed to do.

Cybersecurity laws are poorly enforced

Mexico faced approximately 10 million cyber attacks in 2014, which are the most recent figures the Wilson Center has access to. The lack of accurate reporting is itself part of the problem.

Internet usage in Mexico (Wilson Center)

Mexican law states that data controllers must immediately notify data subjects when a breach occurs, but this requirement is poorly enforced and very few organizations comply. Many organizations have expressed their concern that, because so few breaches are reported, choosing to buck the trend will damage their reputation and create the impression that they are less secure than their competitors.

Stricter breach notification requirements will shed more light on the state of cybersecurity in Mexico and encourage organizations to address the issue. However, the Wilson Center also lists other serious problems: “Mexico does not have a national governance roadmap for security in cyberspace. Its main vulnerabilities are a lack of a cyber security culture, [poor] system configuration, outdated […] technology, and application problems.”

Becoming more cyber secure

The Wilson Center believes that the Mexican government and private firms need to work together to improve the country’s cybersecurity defenses. Public and private authorities both need to increase their cybersecurity budgets, and they should commit to jointly funded initiatives improving infrastructure.

However, organizations need to remember that cybersecurity is ultimately their own responsibility. To help manage their cybersecurity obligations, organizations should implement an information security management system (ISMS).

An ISMS is a framework of policies and procedures that includes all the organizational and technical controls necessary to protect an organization’s information assets.

If you want to learn more, you should read Implementing an ISMS – The nine-step approach.

This free green paper explains the importance of an ISMS, and why it should be compliant with ISO 27001.

Alternatively, you might be interested in our ISO27001 Certified ISMS Lead Implementer Training Course.

In this three-day course, you’ll learn how to implement an ISMS from the experts. It’s ideal for directors and managers involved in ensuring compliance with the New York Department of Financial Services’ Cybersecurity Requirements or similar regulations, as well as anyone in information security management.

Find out more about ISO27001 Certified ISMS Lead Implementer Training Course >>